What does gtbcheck.exe do?

Report · Oct 09, 2013

I use Comodo Internet Security and while updating my Flash player, the process gtbcheck.exe was flagged by the Behaviour Blocker/auto-sandbox as suspicious or unknown and was isolated. The updating appears to have worked but I wonder what this process is.

I believe the gtb stands for Google Tool Bar. The gtbcheck runs during updating or installing Adobe Flash and checks for the presence of the toolbar. If you have not deselected the option to install the Chrome Browser and the toolbar, they will be installed if not already present. Is this accurate?

I always deselect the option myself since I don't want Chrome or the toolbar.

Report · Oct 09, 2013

Yes it is a check to see if you have Google Toolbar (a nasty piece of software - I never use it myself).

Bookmark these links:

Flash Player for ActiveX (Internet Explorer)

Flash Player Plug-in (All other browsers)

They will always have the latest Flash Player builds and NO bundled software. Whenever you see an "update" notice, download the installer from the link(s) and run it (them) offline to update. MUCH safer and hassle free.

Report · Nov 20, 2014

Malwarebytes identifies the file as a trojan agent, located at C:\Users\Jon\AppData\Local\Adobe\gtbcheck.exe. It downloaded 4 months ago, but hasn't been identified in numerous scans since then.

gccheck.exe is a file that checks for Google Chrome and is located in the same directory. It is not identified as a trojan.

Report · Nov 21, 2014

I run Norton and Malwarebytes every night and this file came up in the same place as jonricho but mine has the date of 8-14-14. Both programs are calling it a trojan or trojanagent. Why is it just now being detected, and are there other associated files that I need to look for or should I just let these anti malware programs find them in their own time? BTW, this is not the first time my AV/AM software have flagged something that has been in my drive for awhile. What's up with that?

Thanks,

Roberta

Report · Nov 21, 2014

Must be happening due to updates in MWB and Norton. I quarantined gbtcheck.exe and added .old to gccheck.exe with no ill effects.

Report · Nov 26, 2014

I would recommend that you ask the antivirus vendor for clarification. It is fairly common for AV vendors to erroneously blacklist legitimate files, particularly immediately after a release; however, they're going to be the best source of information on how and why they've identified a file as problematic, and how to differentiate a legitimate file from a bogus one.

Our distribution process is tightly controlled, and it is incredibly unlikely that anything that we published is malware.

Report · Nov 27, 2014

I agree that it is not really malware. Rather it appears to undertake a one time check on whether you have Google Toolbar installed. At least in my case, it did not try to persuade me to install the toolbar. Similarly with gccheck. I guess MWB made a mistake this time (after ignoring it for four months).

Adobe Community

What does gtbcheck.exe do?

1 Correct answer