Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Information > Google Earth self install - Google Updater

Reply
Thread Tools

Google Earth self install - Google Updater

 
 
James D Andrews
Guest
Posts: n/a
 
      11-19-2011
So Google Earth installed itself out of the blue again last night. The
last time it did, I uninstalled all Google products using Revo.

So, a search showed I missed a file in my Temp directory with Google
Updater in it, and a couple empty folders, and it has a prefetch from
when it loaded last night.

I found nothing as far as running applications/running
processes/Startup items related to it, but apparently there are related
registry items from previous installs that I'm unsure of.

Questions:

1. Can I (and should I even bother) to delete the Prefetch item?
2. Are there specific registry items I can target to delete?

I know there are several related to GoogleUpdate &
GoogleUpdateProcessLauncher listed in the registry, but I'm not
comfortable editing the registry without some handholding (wisely).

3. Can the built-in Google searchbar in Firefox 8 be involved in this
Google conspiracy?

4. Is there a freeware Firewall program that would allow me to block
this from recurring in the future?

Personally, I consider any program that installs itself without my
control to be malware, although that's really a loosely defined term.

--
-There are some who call me...
Jim


"You got to be careful if you don't know where you're going, because
you might not get there."
- Yogi Berra


 
Reply With Quote
 
 
 
 
Paul
Guest
Posts: n/a
 
      11-19-2011
James D Andrews wrote:
> So Google Earth installed itself out of the blue again last night. The
> last time it did, I uninstalled all Google products using Revo.
>
> So, a search showed I missed a file in my Temp directory with Google
> Updater in it, and a couple empty folders, and it has a prefetch from
> when it loaded last night.
>
> I found nothing as far as running applications/running processes/Startup
> items related to it, but apparently there are related registry items
> from previous installs that I'm unsure of.
>
> Questions:
>
> 1. Can I (and should I even bother) to delete the Prefetch item?
> 2. Are there specific registry items I can target to delete?
>
> I know there are several related to GoogleUpdate &
> GoogleUpdateProcessLauncher listed in the registry, but I'm not
> comfortable editing the registry without some handholding (wisely).
>
> 3. Can the built-in Google searchbar in Firefox 8 be involved in this
> Google conspiracy?
>
> 4. Is there a freeware Firewall program that would allow me to block
> this from recurring in the future?
>
> Personally, I consider any program that installs itself without my
> control to be malware, although that's really a loosely defined term.
>


If you download Sysinternals Autoruns program, that provides a
convenient way to turn off activities like that.

http://technet.microsoft.com/en-us/s...rnals/bb963902

It's not guaranteed to stop everything, or, display every possible
mechanism for code to run on a computer. For example, if you had a
rootkit running on the computer, it's not going to "present an item
to turn off TDSS". It only handles the simple-minded stuff, and gives
you boxes to tick, to stop things (so no registry to edit). If the same
item shows up tomorrow (two identical items, one ticked, one not ticked),
then you'd have some idea that a new one was installed, after Autoruns
took care of the original one. And then, you'd have to figure out how
you got "reinfected".

Paul
 
Reply With Quote
 
 
 
 
James D Andrews
Guest
Posts: n/a
 
      11-20-2011
Paul was thinking very hard and all he could come up with was:
> James D Andrews wrote:
>> So Google Earth installed itself out of the blue again last night. The
>> last time it did, I uninstalled all Google products using Revo.
>>
>> So, a search showed I missed a file in my Temp directory with Google
>> Updater in it, and a couple empty folders, and it has a prefetch from when
>> it loaded last night.
>>
>> I found nothing as far as running applications/running processes/Startup
>> items related to it, but apparently there are related registry items from
>> previous installs that I'm unsure of.
>>
>> Questions:
>>
>> 1. Can I (and should I even bother) to delete the Prefetch item?
>> 2. Are there specific registry items I can target to delete?
>>
>> I know there are several related to GoogleUpdate &
>> GoogleUpdateProcessLauncher listed in the registry, but I'm not comfortable
>> editing the registry without some handholding (wisely).
>>
>> 3. Can the built-in Google searchbar in Firefox 8 be involved in this
>> Google conspiracy?
>>
>> 4. Is there a freeware Firewall program that would allow me to block this
>> from recurring in the future?
>>
>> Personally, I consider any program that installs itself without my control
>> to be malware, although that's really a loosely defined term.
>>

>
> If you download Sysinternals Autoruns program, that provides a
> convenient way to turn off activities like that.
>
> http://technet.microsoft.com/en-us/s...rnals/bb963902
>
> It's not guaranteed to stop everything, or, display every possible
> mechanism for code to run on a computer. For example, if you had a
> rootkit running on the computer, it's not going to "present an item
> to turn off TDSS". It only handles the simple-minded stuff, and gives
> you boxes to tick, to stop things (so no registry to edit). If the same
> item shows up tomorrow (two identical items, one ticked, one not ticked),
> then you'd have some idea that a new one was installed, after Autoruns
> took care of the original one. And then, you'd have to figure out how
> you got "reinfected".
>
> Paul


Definitely a good idea, Paul. I should have tried it when I had
Windows System Control Center open for Process Explorer before.

I made sure to check for it to show all. Unfortunately, I couldn't
find anything related to the Google Updater. I'll have to remember to
look here next time it happens.

Thanks for the guidance.

--
-There are some who call me...
Jim


It's a dangerous business, going out your door. You step onto the road,
and if you don't keep your feet, there's no knowing where you might be
swept off to.
-Samwise Gamgee quoting Bilbo Baggins, edited


 
Reply With Quote
 
Paul
Guest
Posts: n/a
 
      11-20-2011
James D Andrews wrote:

>
> Definitely a good idea, Paul. I should have tried it when I had Windows
> System Control Center open for Process Explorer before.
>
> I made sure to check for it to show all. Unfortunately, I couldn't find
> anything related to the Google Updater. I'll have to remember to look
> here next time it happens.
>
> Thanks for the guidance.
>


I found some info here. Hiding in an "svchost" trick.

http://www.techtalkz.com/windows-hel...rs-beware.html

Paul
 
Reply With Quote
 
James D Andrews
Guest
Posts: n/a
 
      11-20-2011
Paul embroidered on the monitor :
> James D Andrews wrote:
>
>>
>> Definitely a good idea, Paul. I should have tried it when I had Windows
>> System Control Center open for Process Explorer before.
>>
>> I made sure to check for it to show all. Unfortunately, I couldn't find
>> anything related to the Google Updater. I'll have to remember to look here
>> next time it happens.
>>
>> Thanks for the guidance.
>>

>
> I found some info here. Hiding in an "svchost" trick.
>
> http://www.techtalkz.com/windows-hel...rs-beware.html
>
> Paul


Thanks Paul

I find no .msi file, or any other file for that matter, in the files
that could be related.

I'm finding nothing under Services that jumps out.

CLIP FROM REF: "You have to do
a manual removal of the scheduled tasks and the service startup call."

So how would I go about that? There are half a dozen listed svchost
processes, so I'm kind of in the dark here.

Thanks again for all your help

--
-There are some who call me...
Jim


"Do, or do not. There is no 'try'."
- Yoda ('The Empire Strikes Back')


 
Reply With Quote
 
Paul
Guest
Posts: n/a
 
      11-21-2011
James D Andrews wrote:

>>
>> I found some info here. Hiding in an "svchost" trick.
>>
>> http://www.techtalkz.com/windows-hel...rs-beware.html
>>
>>
>> Paul

>
> Thanks Paul
>
> I find no .msi file, or any other file for that matter, in the files
> that could be related.
>
> I'm finding nothing under Services that jumps out.
>
> CLIP FROM REF: "You have to do
> a manual removal of the scheduled tasks and the service startup call."
>
> So how would I go about that? There are half a dozen listed svchost
> processes, so I'm kind of in the dark here.
>
> Thanks again for all your help
>


Scheduled Tasks control panel. This article actually shows the
thing in question.

http://techpp.com/2008/11/03/how-to-...ogleupdateexe/

"You must find GoogleupdateTaskUser.exe in the scheduled task list"

As for the Service entry, I can find this on a malware cleanup site.

O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

I'm no expert on this stuff, but if I was attempting to do this manually,
first I'd stop the service, then try to delete it.

Start>Control Panel>Administrative Tools>Services>Google Updater Service> Double click > Disabled

There is a picture of the Google Updater Service entry here.
This is where you'd change Automatic to Disabled.

http://port16.com/blog/2007/09/29/re...ommand-prompt/

Once you back out of there (having clicked "Stop" and selected "Disabled"),
as that article mentions, you could try

sc delete gusvc

from a command prompt window, and the theory is, that would cause
the service to no longer appear in the Services list.

Now, you'd have to ask yourself, if that thing was around, would it
need C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
in order to work ? Or did it make a copy somewhere. I don't know the answer
to that.

I would think, if GoogleUpdaterService.exe exists, then the service could
start each time the machine starts. (That's based on the entry in Services
set to Automatic or whatever.)

The removal from Scheduled Tasks, should have less issues with it, than
fooling around with Services. And in Services, maybe "Disabled" is enough,
without having to bother with sc delete gusvc.

If you do a half-assed job of removal, I expect a side effect would be
a new error entry in Event Viewer, each time you start the computer. That
might be one consequence (if, say, you deleted GoogleUpdaterService.exe
rather than work through Services).

Just a guess,
Paul
 
Reply With Quote
 
James D Andrews
Guest
Posts: n/a
 
      11-22-2011
Paul snuck on to your hard drive to scribble:
> James D Andrews wrote:
>
>>>
>>> I found some info here. Hiding in an "svchost" trick.
>>>
>>> http://www.techtalkz.com/windows-hel...rs-beware.html
>>>
>>>
>>> Paul

>>
>> Thanks Paul
>>
>> I find no .msi file, or any other file for that matter, in the files that
>> could be related.
>>
>> I'm finding nothing under Services that jumps out.
>>
>> CLIP FROM REF: "You have to do
>> a manual removal of the scheduled tasks and the service startup call."
>>
>> So how would I go about that? There are half a dozen listed svchost
>> processes, so I'm kind of in the dark here.
>>
>> Thanks again for all your help
>>

>
> Scheduled Tasks control panel. This article actually shows the
> thing in question.
>
> http://techpp.com/2008/11/03/how-to-...ogleupdateexe/
>
> "You must find GoogleupdateTaskUser.exe in the scheduled task list"
>
> As for the Service entry, I can find this on a malware cleanup site.
>
> O23 - Service: Google Updater Service (gusvc) - Google -
>
> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
>
> I'm no expert on this stuff, but if I was attempting to do this manually,
> first I'd stop the service, then try to delete it.
>
> Start>Control Panel>Administrative Tools>Services>Google Updater Service>
> Double click > Disabled
>
> There is a picture of the Google Updater Service entry here.
> This is where you'd change Automatic to Disabled.
>
> http://port16.com/blog/2007/09/29/re...ommand-prompt/
>
> Once you back out of there (having clicked "Stop" and selected "Disabled"),
> as that article mentions, you could try
>
> sc delete gusvc
>
> from a command prompt window, and the theory is, that would cause
> the service to no longer appear in the Services list.
>
> Now, you'd have to ask yourself, if that thing was around, would it
> need C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> in order to work ? Or did it make a copy somewhere. I don't know the answer
> to that.
>
> I would think, if GoogleUpdaterService.exe exists, then the service could
> start each time the machine starts. (That's based on the entry in Services
> set to Automatic or whatever.)
>
> The removal from Scheduled Tasks, should have less issues with it, than
> fooling around with Services. And in Services, maybe "Disabled" is enough,
> without having to bother with sc delete gusvc.
>
> If you do a half-assed job of removal, I expect a side effect would be
> a new error entry in Event Viewer, each time you start the computer. That
> might be one consequence (if, say, you deleted GoogleUpdaterService.exe
> rather than work through Services).
>
> Just a guess,
> Paul



I'm guessing that somewhere over the past few days I did said
half-assed job of removal.

Google Updater doesn't show up in Services at all, so maybe service
stopped? So I look to Event Viewer.

As you noted, Event Viewer shows gupdate tried starting and stopped
numerous times. I viewed subsequent entries and it appears that I
successfully uninstalled both Google Earth and Google Update Helper.

There are no new entries in the past couple of days, so I'm guessing
the problem is gone for now.

I really have to remember to use the Event Viewer more often.

Thanks for your help Paul. Hopefully the problem is resolved.

--
-There are some who call me...
Jim


"You got to be careful if you don't know where you're going, because
you might not get there."
- Yogi Berra


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MS Virtual Earth (the 3d image/mapping program equiv. to Google Earth). For Anyone Using. Robert11 Computer Support 1 11-16-2006 10:29 PM
__autoinit__ (Was: Proposal: reducing self.x=x; self.y=y;self.z=z boilerplate code) falcon Python 0 07-31-2005 05:41 PM
Re: __autoinit__ (Was: Proposal: reducing self.x=x; self.y=y;self.z=z boilerplate code) Ralf W. Grosse-Kunstleve Python 2 07-12-2005 03:20 AM
Proposal: reducing self.x=x; self.y=y; self.z=z boilerplate code Ralf W. Grosse-Kunstleve Python 16 07-11-2005 09:28 PM
__autoinit__ (Was: Proposal: reducing self.x=x; self.y=y;self.z=z boilerplate code) Ralf W. Grosse-Kunstleve Python 18 07-11-2005 04:01 PM



Advertisments