Batch 18:02 21 Jan 2009

I have 2 PCs (both very similar set-ups - XP-Pro SP3, Avast AV, SpyBot S&D [incl. Tea Timer], Zone Alarm [7.0.483.000] and I use Ad-Aware, PrevxCSI, Sophos Anti-Rootkit and SpyAudit).

Now, recently, ZA on both PCs has reported a file in C:\Documents and Settings\Batch\Local Settings\Temp\Google Toolbar wanting Internet access. One one pc the file was gtb3.tmp.exe and on the other it was gtb77.tmp.exe.

In both cases the request for Internet access came on opening up IE7 (which has Google Toolbar V4 installed) and so I suspect that it might just be something to do with Google Toolbar (and indeed the .EXEs claim to be part of Google Toolbar if one views their properties).

Having googled (ha! ha!) for gtb77.tmp.exe and gtb3.tmp.exe I can't find anything really definitive. There are some claims that gtb3.tmp.exe might be malware, but could also be genuine part of Google Toolbar.

Has anyone here seen or heard of anything similar or know anything about it?

  john bunyan 18:10 21 Jan 2009

Today, my Comodo firewall found one such request, and said it was safe. Then another request for access mentioned another, but I forget the exact wording, something like the one you mention but I think there were 2 exe bits. I blocked it and Niether Superantispyware, nor AVG 8 have flagged anything. Like you I am curious.

  john bunyan 18:18 21 Jan 2009

Looked in folders and saw 3 similar files : gtb1E.tmp.exe, gtb12.temp.exe, gtb2.temp.exe. I wonder why there are 3 of them and how safe they are?

  MAJ 18:24 21 Jan 2009

I would delete anything with a double extension.

  Batch 18:40 21 Jan 2009

Yeah, I forgot to mention that I blocked it and like you, Maj, I'm always wary of "double" extensions. I know that in practice they are not a prob. these days, but I'm old school (having been brought up on DEC PDP's and MS-DOS and an extension is an extension is an extension as far as I'm concerned).

It actually disappears of its own accord (presumably after I close IE7 - but I haven't tracked it that closely).

  Batch 08:56 22 Jan 2009

Out of interest I tried installing Google Toolbar V5 (if you want to install this without Google Updater and all the other crap they want to through at you, try downloading just the V5 toolbar installer click here ).

Even after installing V5, ZA reported gtb16.tmp.exe wanting Internet access. I let it run this time as I was about to restore to the previous Acronis system image anyhow. There wasn't any immediate side effects, so still none the wiser as to whether it is really part of Google Toolbar or not.

  Batch 08:57 22 Jan 2009

Forgot to add - didn't like Google Toolbar V5. As we know, Google tries to take over and this is certainly no exception. I'll stick with V4 thank-you very much.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

The Evil Within 2 review-in-progress

Adobe shows still-in-development tools, including automatically colourising black-and-white photos

iPhone X news: Release date, price, new features & specs

Comment transformer un iPhone en borne Wi-Fi ?