LoneWolf

Infection or FP ?

9 posts in this topic

Infection or FP ?

Malwarebytes' Anti-Malware 1.31

Database version: 1497

Windows 5.1.2600 Service Pack 1

12/13/2008 6:39:25 PM

mbam-log-2008-12-13 (18-39-20).txt

Scan type: Quick Scan

Objects scanned: 58739

Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> No action taken. [4134524130346988668370154069808879130170702225196926697026226618247118672320246

82317702567252169182424]

HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> No action taken. [4134524130346988668370154069808879130170702225196926697026226618247118672320246

82317702567252169182424]

HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> No action taken. [4134524130346988668370154069808879130170702225196926697026226618247118672320246

82317702567252169182424]

HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> No action taken. [4134524130346988668370154069808879130170702225196926697026226618247118672320246

82317702567252169182424]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> No action taken. [4134524130346988668370154069808879130170702225196926697026226618247118672320246

82317702567252169182424]

Share this post


Link to post
Share on other sites

Nope, these are not false positives. The registry entries are tied to the found files. You should allow MBAM to remove them.

Share this post


Link to post
Share on other sites

Seems there are conflicting reports on this one .

I Will delist it but would like to have a copy of the file zipped and uploaded here so i can see for myself .

Share this post


Link to post
Share on other sites
Seems there are conflicting reports on this one .

I Will delist it but would like to have a copy of the file zipped and uploaded here so i can see for myself .

Thanks for checking.

GTDownDE_87.zip

GTDownDE_87.zip

Share this post


Link to post
Share on other sites
Seems there are conflicting reports on this one .

So, should I remove this or leave it alone.

Thank you for your help.

Share this post


Link to post
Share on other sites

I cant find anything malicious about this file , safe to keep .

Share this post


Link to post
Share on other sites
I cant find anything malicious about this file , safe to keep .

I'm not 100% certain, but when I right click on this file in my Windows\System 32 folder, properties show copyright of Gteko, Inc. After quite a bit of researching via Google, I learned that Gteko, Inc. designs support software and is connected to the Dell Support (you know, the familiar orange/green symbol that is, or used to be if disabled, in your systray) software/hardware maintenance module pre-installed by Dell. I keep Dell Support disabled on my pc as I don't find it very useful and finally disabled it in my StartUp. I occasionally invoke it manually to let it run a hardware maintenance check on my system.

Over the past 4 years, I have had several AS scanners hit on various Gteko files and declare my pc to be infected with Adware.GDown (including said GTDownDE_87.ocx, spotted most recently by MBAM on my pc as well). And who knows Dell has been accused of pre-installing crapware on new pc's haven't they? :D If some is tracking in nature (like their difficult to remove MyWay crapware), it might explain why AS and AV scanners occasionally hit on Gteko files. There are lots of Gteko Inc files in my Dell Support folder in progam files. Dunno. All I know is is don't have any bizarre pc behavior and believe my pc is "clean as a whistle". I think this file is Dell Support related and do not intend to purge them from my system until which time I decide to uninstall Dell Support totally via Add/Remove Programs.

There's my 2 cents worth on this file.

Share this post


Link to post
Share on other sites
I think this file is Dell Support related and do not intend to purge them from my system until which time I decide to uninstall Dell Support totally via Add/Remove Programs.

I also failed to mention that Microsoft acquired Gteko, Inc. in 2006.

Share this post


Link to post
Share on other sites

Well, I wanted to post back the results of a little experiment I ran after a reg backup. I uninstalled Dell Support in Safe Mode via Add/Remove (since I never use it). Promptly did a regedit Find on keywords Dell Support and Gteko and no instances were found. Booted back into Normal Mode, checked Program Files and the Dell folder (where Dell Supported lived) is now empty. Said file GTDown_87.ocx is also no longer sitting in Windows\System 32 folder. So I think we have the answer to what is GTDown_87.ocx. It appears to definitely be a part of Dell Support software module. Now as to whether it is really tracking adware.......Who knows? I'm sure Dell would insist it is not.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.