Copy link to clipboard
Copied
I use Comodo Internet Security and while updating my Flash player, the process gtbcheck.exe was flagged by the Behaviour Blocker/auto-sandbox as suspicious or unknown and was isolated. The updating appears to have worked but I wonder what this process is.
I believe the gtb stands for Google Tool Bar. The gtbcheck runs during updating or installing Adobe Flash and checks for the presence of the toolbar. If you have not deselected the option to install the Chrome Browser and the toolbar, they will be installed if not already present. Is this accurate?
I always deselect the option myself since I don't want Chrome or the toolbar.
I would recommend that you ask the antivirus vendor for clarification. It is fairly common for AV vendors to erroneously blacklist legitimate files, particularly immediately after a release; however, they're going to be the best source of information on how and why they've identified a file as problematic, and how to differentiate a legitimate file from a bogus one.
Our distribution process is tightly controlled, and it is incredibly unlikely that anything that we published is malware.
Copy link to clipboard
Copied
Yes it is a check to see if you have Google Toolbar (a nasty piece of software - I never use it myself).
Bookmark these links:
Flash Player for ActiveX (Internet Explorer)
Flash Player Plug-in (All other browsers)
They will always have the latest Flash Player builds and NO bundled software. Whenever you see an "update" notice, download the installer from the link(s) and run it (them) offline to update. MUCH safer and hassle free.
Copy link to clipboard
Copied
Malwarebytes identifies the file as a trojan agent, located at C:\Users\Jon\AppData\Local\Adobe\gtbcheck.exe. It downloaded 4 months ago, but hasn't been identified in numerous scans since then.
gccheck.exe is a file that checks for Google Chrome and is located in the same directory. It is not identified as a trojan.
Copy link to clipboard
Copied
I run Norton and Malwarebytes every night and this file came up in the same place as jonricho but mine has the date of 8-14-14. Both programs are calling it a trojan or trojanagent. Why is it just now being detected, and are there other associated files that I need to look for or should I just let these anti malware programs find them in their own time? BTW, this is not the first time my AV/AM software have flagged something that has been in my drive for awhile. What's up with that?
Thanks,
Roberta
Copy link to clipboard
Copied
Must be happening due to updates in MWB and Norton. I quarantined gbtcheck.exe and added .old to gccheck.exe with no ill effects.
Copy link to clipboard
Copied
I would recommend that you ask the antivirus vendor for clarification. It is fairly common for AV vendors to erroneously blacklist legitimate files, particularly immediately after a release; however, they're going to be the best source of information on how and why they've identified a file as problematic, and how to differentiate a legitimate file from a bogus one.
Our distribution process is tightly controlled, and it is incredibly unlikely that anything that we published is malware.
Copy link to clipboard
Copied
I agree that it is not really malware. Rather it appears to undertake a one time check on whether you have Google Toolbar installed. At least in my case, it did not try to persuade me to install the toolbar. Similarly with gccheck. I guess MWB made a mistake this time (after ignoring it for four months).