PUP.GoforFiles
Posted: January 29, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 7,170 |
|---|---|
| Threat Level: | 1/10 |
| Infected PCs: | 114,543 |
| First Seen: | January 29, 2014 |
|---|---|
| Last Seen: | February 21, 2025 |
| OS(es) Affected: | Windows |
PUP.GoforFiles is a Potentially Unwanted Program with file-finding search features. Although PUP.GoforFiles's features appear to be in working condition, malware researchers also have found numerous issues with PUP.GoforFiles's website, Goforfiles.com, and even some invasive functions in PUP.GoforFiles that are reminiscent of the threat-downloading attacks of some Trojans. While you may find some use finding files with PUP.GoforFiles, PUP.GoforFiles should be treated as a potentially hostile program until further information is available, and, for safety's sake, uninstalling PUP.GoforFiles should be done with the same procedures you'd use to remove a Trojan.
When Going for Files Gets You More Than You Wanted
PUP.GoforFiles, a potential variant of YourFileDownloader, is a 'search engine' that specializes in finding files for download. This part of its feature set is, as far as malware experts can determine, functional, but PUP.GoforFiles also has several other functions that force its current classification as a Potentially Unwanted Program. PUP.GoforFiles often installs additional software, including adware (programs that generate browser advertisements) and browser hijackers (programs that redirect you to unwanted sites). PUP.GoforFiles updates itself automatically, which is a fairly substantial security issue. Finally, PUP.GoforFiles exploits the Windows Task Scheduler to allow itself to start automatically with Windows.
Because its software-installing features are both invasive and unnecessarily broad, some PC security companies have gone so far as to categorize PUP.GoforFiles as a Trojan downloader. PUP.GoforFiles may be detected by common aliases, including Tool.DownLoader.52, Win32/YourFileDownloader.B, Win32:Adware-AHK [PUP] and Skodna.Generic_c.CR. So far, malware researchers haven't identified any incidents of PUP.GoforFiles installing confirmed threats onto vulnerable computers, but PUP.GoforFiles's mere presence should be treated as a security concern.
Letting PUP.GoforFiles Go Off into the Horizon
It is very easy to understand that installing software that a good third of all the major anti-virus companies rate as a threat is a bad idea. However, there are no indications of this seedy history on the PUP.GoforFiles program's website, which does its level best to convince you that its software is useful. If anything, PUP.GoforFiles exemplifies how research into the software you choose to install continues to be critical and can't be replaced by believing what a site's marketing says about its product features.
PUP.GoforFiles does give its users uninstallation instruction on its site. However, considering its penchant for installing additional PUPs, malware researchers find deleting PUP.GoforFiles most reliable with third-party solutions, rather than hoping that PUP.GoforFiles will remove everything that PUP.GoforFiles installed. Unfortunately, a majority of PC security products have yet to develop database entries for PUP.GoforFiles, which can best be detected by making sure that all anti-malware products are as updated as possible.
Aliases
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Program Files\GoForFilesUpdater\GoForFilesUpdater.exe
File name: GoForFilesUpdater.exeSize: 278.09 KB (278096 bytes)
MD5: 13a317e9a45e2e5a864d120d8a2058e0
Detection count: 6,385
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files\GoForFilesUpdater\GoForFilesUpdater.exe
Group: Malware file
Last Updated: October 14, 2021
C:\Users\<username>\AppData\Local\Temp\uninstall20374619.exe
File name: uninstall20374619.exeSize: 901.71 KB (901712 bytes)
MD5: 20362d635a0de200a963bd634153312d
Detection count: 3,387
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\uninstall20374619.exe
Group: Malware file
Last Updated: March 1, 2024
C:\Users\<username>\AppData\Local\Temp\uninstall537829.exe
File name: uninstall537829.exeSize: 903.76 KB (903760 bytes)
MD5: defd411295765cb39285d2dd5b264f78
Detection count: 2,665
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\uninstall537829.exe
Group: Malware file
Last Updated: October 5, 2022
C:\Users\<username>\AppData\Local\Temp\uninstall307649072.exe
File name: uninstall307649072.exeSize: 2.26 MB (2269776 bytes)
MD5: 13d0eeb75077ff4b5f8b1feaea47d7a6
Detection count: 574
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\uninstall307649072.exe
Group: Malware file
Last Updated: May 11, 2022
C:\Users\<username>\AppData\Local\Temp\uninstall21258864.exe
File name: uninstall21258864.exeSize: 888.91 KB (888912 bytes)
MD5: 2e03fa66681f79fae60bfb160c19b006
Detection count: 169
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\uninstall21258864.exe
Group: Malware file
Last Updated: November 5, 2021
C:\Users\<username>\AppData\Local\Temp\uninstall1763372.exe
File name: uninstall1763372.exeSize: 906.83 KB (906832 bytes)
MD5: 62b6907aae6c24948a59c118ccbd9312
Detection count: 159
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\uninstall1763372.exe
Group: Malware file
Last Updated: April 6, 2021
%PROGRAMFILES%\GoforFiles\uninstall.exe
File name: uninstall.exeSize: 6.61 MB (6614160 bytes)
MD5: 716830e654c6fbe49e26e46316e9bcf2
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\GoforFiles
Group: Malware file
Last Updated: January 29, 2014
%TEMP%\GoForFiles6wY0w9dvx6.exe
File name: GoForFiles6wY0w9dvx6.exeSize: 3.93 MB (3936544 bytes)
MD5: 6b125ea6b8da17cf5b73331c8331c2ce
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: November 28, 2014
%TEMP%\GoForFilesOXEjJ1pGg9.exe
File name: GoForFilesOXEjJ1pGg9.exeSize: 4.28 MB (4283248 bytes)
MD5: 2699c9800e92397014775c9a95075609
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 19, 2015
More files
Registry Modifications
File name without pathGoforFiles.lnkRegexp file mask%TEMP%\GoForFiles[RANDOM CHARACTERS].exe%WinDir%\System32\Tasks\GoForFiles Installer Starter%WinDir%\System32\Tasks\GoforFilesUpdate%WinDir%\System32\Tasks\Update Service GoForFiles%WinDir%\Tasks\GoforFilesUpdate.jobHKEY..\..\..\..{RegistryKeys}SOFTWARE\GoforFilesSOFTWARE\Microsoft\Tracing\GFFUpdater_RASAPI32SOFTWARE\Microsoft\Tracing\GFFUpdater_RASMANCSSOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCSSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoForFiles Installer StarterSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdateSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service GoForFilesSOFTWARE\Wow6432Node\GoforFilesHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}GoforFilesGoforFilesUpdaterUpdate Service GoForFiles
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.