gpedt.msc 1.0

I've been checking installed programs on our club computer 
(unfortunately open to possible abuse) and there is something called 
"gpedt.msc 1.0" in Programs and Features. The missing i and similarity 
to gpedit.msc is very suspicious.

If I try to uninstall it asks me whether I really want to uninstall 
gpedit.msc - this time with the i. Even more suspicious.

Googling was no real help. There's something on a site threatexpert.com 
(which I know nothing about) with very little indication of what the 
"analysis" means.

Anyone come across this?

-- 
Russell
5
Russell
11/12/2013 10:44:12 AM
grc.security.software 15003 articles. 0 followers. Follow

3 Replies
10430 Views

Similar Articles

[PageSpeed] 45

I suggest you keep an Image of your club computer, and just get in the 
habbit of re-imaging it daily.  As long as you are sure the image is clean, 
there should be no issue.

"Russell Gadd" <invalid@invalid.invalid> wrote in message 
news:l5t0pt$120r$1@news.grc.com...
> I've been checking installed programs on our club computer (unfortunately 
> open to possible abuse) and there is something called "gpedt.msc 1.0" in 
> Programs and Features. The missing i and similarity to gpedit.msc is very 
> suspicious.
>
> If I try to uninstall it asks me whether I really want to uninstall 
> gpedit.msc - this time with the i. Even more suspicious.
>
> Googling was no real help. There's something on a site threatexpert.com 
> (which I know nothing about) with very little indication of what the 
> "analysis" means.
>
> Anyone come across this?
>
> -- 
> Russell 


-1
Renee
11/12/2013 3:09:41 PM
On Tue, 12 Nov 2013 10:44:12 +0000, Russell Gadd
<invalid@invalid.invalid> wrote in grc.security.software:

>I've been checking installed programs on our club computer 
>(unfortunately open to possible abuse) and there is something called 
>"gpedt.msc 1.0" in Programs and Features. The missing i and similarity 
>to gpedit.msc is very suspicious.
>
>If I try to uninstall it asks me whether I really want to uninstall 
>gpedit.msc - this time with the i. Even more suspicious.
[snip]

What comes up when you search through the registry for that string
("gpedt.msc 1.0")?

-- 
Michael Bednarek, Brisbane                         "ONWARD"
-1
Michael
11/13/2013 5:06:04 AM
On 13/11/13 05:06, Michael Bednarek wrote:
> ...
>
> What comes up when you search through the registry for that string
> ("gpedt.msc 1.0")?
>

I searched for gpedt.msc and got one hit:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1 

with various items of data, including a link to a Vistax64 forum member 
page
http://www.vistax64.com/member.php?u=151549
The username is niemiro. His name is Richard which also appears as the 
name of the software author in "Programs and Features". His status on 
this forum is "banned".

However there is also a link to a site http://ilikefree.co which is just 
a series of guides to popular freeware "for moms and dads". Its possible 
he may be the author of that site.

I have decided to uninstall when I next get to the club and see what 
happens. I have taken an image of the system.

-- 
Russell
0
Russell
11/13/2013 11:40:39 AM
Reply:

Similar Artilces:

Firefox 1.5.0.9, Firefox 2.0.0.1 and Thunderbird 1.5.0.9 Security & Stability Updates
As part of Mozilla Corporation�s ongoing stability and security update process, Firefox 1.5.0.9, Firefox 2.0.0.1 and Thunderbird 1.5.0.9 are now available for Windows, Mac, and Linux for free download from getfirefox.com (http://www.getfirefox.com) & getthunderbird.com (http://www.getthunderbird.com). We strongly recommend that all Firefox users upgrade to this latest release. This update is available immediately in 41 languages including Spanish, Japanese, Arabic, Hungarian and more. Note: Firefox 1.5.0.x will be maintained with security and stability updates until Apr...

Firefox 1.5.0.9, Firefox 2.0.0.1 and Thunderbird 1.5.0.9 Security & Stability Updates
As part of Mozilla Corporation�s ongoing stability and security update process, Firefox 1.5.0.9, Firefox 2.0.0.1 and Thunderbird 1.5.0.9 are now available for Windows, Mac, and Linux for free download from getfirefox.com (http://www.getfirefox.com) & getthunderbird.com (http://www.getthunderbird.com). We strongly recommend that all Firefox users upgrade to this latest release. This update is available immediately in 41 languages including Spanish, Japanese, Arabic, Hungarian and more. Note: Firefox 1.5.0.x will be maintained with security and stability updates until Apr...

SSL Security on the SeaMonkey 1.0.x and Firefox 1.0.x and 1.5.x
Sir: You really need to know that SSL 2 has been broken for most uses. In your Edit -> Preferences -> Privacy & Security -> SSL tab look to see if SSL 2 is enabled and disable it. Then look at the EDIT CIPHERS for SSL 3 and TSL and uncheck all the 40-bit and 56-bit cyphers. This includes the extra Ciphers tab. This change has already been done for the trunk, but you need to manually make the change in your current browser. Only re-enable SSL 2 if your bank requires it, but I'd be complaining to them. -- Bill Thanks a Million! HI William Thanks for ...

not ok 83 # - 0130 - LATIN CAPITAL LETTER I WITH DOT ABOVE - 0069 - I
ive been getting these lately, I thought it might be my setup, but I figured Id better let you decide that for yourselves. ok 82 # - 012E - LATIN CAPITAL LETTER I WITH OGONEK - 012F - C not ok 83 # - 0130 - LATIN CAPITAL LETTER I WITH DOT ABOVE - 0069 - I - 1 1 1 1 0 1 0 0 not ok 84 # - 0131 - LATIN SMALL LETTER DOTLESS I - 0069 - I - 1 1 1 1 0 0 0 0 ok 85 # - 0132 - LATIN CAPITAL LIGATURE IJ - 0133 - C one other unrelated observation. config-args below is missing the -Duseithreads, but it built that way, as is evident from 'usethreads=define' this might be ...

superreview requested: [Bug 362139] bump SeaMonkey versions to 1.0.7/1.1 on 1.8.0/1.8 branches, localeVersion to 1.8.1 on 1.8 branch : [Attachment 246921] 1.8.0 patch: SeaMonkey version -> 1.0.7
Robert Kaiser <kairo@kairo.at> has asked neil@parkwaycc.co.uk <neil@httl.net> for superreview: Bug 362139: bump SeaMonkey versions to 1.0.7/1.1 on 1.8.0/1.8 branches, localeVersion to 1.8.1 on 1.8 branch https://bugzilla.mozilla.org/show_bug.cgi?id=362139 Attachment 246921: 1.8.0 patch: SeaMonkey version -> 1.0.7 https://bugzilla.mozilla.org/attachment.cgi?id=246921&action=edit ------- Additional Comments from Robert Kaiser <kairo@kairo.at> This is the 1.8.0 branch patch for bumping SeaMonkey version to 1.0.7 ...

superreview granted: [Bug 362139] bump SeaMonkey versions to 1.0.7/1.1 on 1.8.0/1.8 branches, localeVersion to 1.8.1 on 1.8 branch : [Attachment 246921] 1.8.0 patch: SeaMonkey version -> 1.0.7
neil@parkwaycc.co.uk <neil@httl.net> has granted Robert Kaiser <kairo@kairo.at>'s request for superreview: Bug 362139: bump SeaMonkey versions to 1.0.7/1.1 on 1.8.0/1.8 branches, localeVersion to 1.8.1 on 1.8 branch https://bugzilla.mozilla.org/show_bug.cgi?id=362139 Attachment 246921: 1.8.0 patch: SeaMonkey version -> 1.0.7 https://bugzilla.mozilla.org/attachment.cgi?id=246921&action=edit ...

Secunia Personal Software Inspector 0.1.0.0 beta
https://psi.secunia.com/ Highlights of The Secunia PSI: * The Secunia PSI will be available free of charge * Calculates your unique Secunia System Score * Automatically scans your computer * Enables you to update Insecure/End-of-Life software * Provides Direct Download Links to security updates & patches * Detects and advises on more than 4,200 applications * Direct correlation between thousands of Secunia Advisories and your specific system and software * Secure SSL encrypted connection to Secunia -- Fabrice Roux aka [RS]Faramir_agst PaintShop Pro and Tribes scr...

Upgrade OES 1.0.0 to 1.0.1 / sp3 to sp4
I need to upgrade 1 OES Netware 1.0.0 server to 1.0.1. Is NW65sp4a.exe the best way to upgrade the OES server? Some documentation says to use the iso, the forums say use the .exe ? Thanks for any advice. The iso is for new installs, the .exe is the upgrade for existing servers. NW65SP4a is for the Netware kernel, is that what you are using ? Cheers Dave -- Dave Parkes [NSCS] Occasionally resident at http://support-forums.novell.com/ Yes - I'm using the Netware kernel - thanks for the response. Would I use the iso to upgrade from nw60sp4 ? Yes. -- Andre...

127.0.0.1 Sweet 127.0.0.1
Four days off starting tomorrow and am staying home! Love it!! -- seabirdII ------------------------------------------------------------------------ I think I heard seabirdII say something like: > Four days off starting tomorrow and am staying home! Love it!! Nice! I went through a couple months of 4 day weekends, they get addicting. Stevo On Thu, 08 Oct 2009 14:38:10 +0000, Stevo wrote: > Nice! I went through a couple months of 4 day weekends, they get > addicting. Same with 4-day work weeks, which I start this week until the end of November...

D.O.S. with Groupwise Messenger 1.0.1, 1.0.2 and 1.0.3
I reported this in the Groupwise Mesenger forum to no avail. I'll try my luck here :-) If you run a 'snmpwalk' on a Netware server running Groupwise Messenger V1.0.1 to V1.0.3) with _MESSENGER_ SNMP enabled, it will abend the server. With version 1.0.2 and 1.0.3, if you disable the Messenger SNMP, server won't abend but will only report SNMP info for Netware (and Groupwise if loaded and SNMP enabled). Can be easily tested by running the win32 snmpwalk from http://www.bradford-sw.com/board/board.cgi?id=BSI_Tools&action=download&gul=13 like this : snmpwal...

Install 1.0 and 1.1 side-by-side and use the 1.1 csc to compile a 1.0
Hi, I have the following (tricky) questions: 1. Can I install the 1.0 and 1.1 .NET Framework side-by-side with NO drawbacks on MY PC where I develop the .NET applications? (I do NOT use VS.NET) 2. After installing the 1.1 version, am I STILL ABLE to compile a 1.0 version, since our production web-server still runs on 1.0 (our development web-server was upgraded to 1.1) ?? thx Eau .... as long as you compile DLLs with the right csc.exe/vbc.exe from 1.0 or 1.1 Free ASP.NET Version Switcher may interest you.DNN skins ForumTressleworks modulesDNN & webhostingIEWCtrls...

critical leak in security on firefox 2.0.0.1 and 2.0
Name: Jimi Product: Firefox Summary: critical leak in security on firefox 2.0.0.1 and 2.0 Comments: Dear Sirs, I saw that you created new version of firefox 2 so I have just tested latest firefox 2.0.0.1. on the same problem that I had with firefox 2. So, after browsing again this time with 2 opened tabs I was testing switch proxy extension and than suddenly huge amount of data came on my computer seemingly out of nowhere. I stopped activities by pusshing stop loading this page icon on browser on both opened tabs although only on one the page was loading ...

Confused! DNN 1.0.10 on .NET 1.0 or 1.1?
What version of ASP.Net should I be running DNN 10.0.1d on? Currently i am running it on 1.0 on both test server and live, but this means that some 3rd party modules will not work and i get the "File or assembly name System, or one of its dependencies, was not found" error.. So what should i be running? can i just swicth over now to 1.1 and all will be fine and dandy? i do not want to have to go into the code and recompile. From the DNN 2.0 documentation i thought this would be the version for .Net 1.1 and that DNN 1.0 was for .Net 1.0 and therefore i should change over t...

Securable's first v1.0 release... [1.0.2568.0]
Gang, Thanks to all of the great help, suggestions, and feedback from everyone in "grc.thinktank", SecurAble is at first v1.0 release. http://www.GRC.com/miscfiles/SecurAble.exe I fixed the last few remaining issues, such as the "clicking on an underlined word" problem, and added hyperlink support with references to the SecurAble-related Security Now podcasts. If anyone finds any remaining typos or problems I will, of course, be all over that ... but it sure looks like it's ready for release. Yay! Since Leo and I have already announced SecurAbl...

critical leak in security on firefox 2.0.0.1 and 2.0 #2
Name: Jimi Product: Firefox Summary: critical leak in security on firefox 2.0.0.1 and 2.0 Comments: Dear Sirs, I saw that you created new version of firefox 2 so I have just tested latest firefox 2.0.0.1. on the same problem that I had with firefox 2. So, after browsing again this time with 2 opened tabs I was testing switch proxy extension and than suddenly huge amount of data came on my computer seemingly out of nowhere. I stopped activities by pusshing stop loading this page icon on browser on both opened tabs although only on one the page was loading ...

superreview granted: [Bug 283181] installer version text needs to be upgraded from 1.0 to 1.0.1 : [Attachment 175188] Bump version in installers to 1.0.1/1.7.6
Ben Goodger <bugs@bengoodger.com> has granted Chase Phillips <cmp@mozilla.org>'s request for superreview: Bug 283181: installer version text needs to be upgraded from 1.0 to 1.0.1 https://bugzilla.mozilla.org/show_bug.cgi?id=283181 Attachment 175188: Bump version in installers to 1.0.1/1.7.6 https://bugzilla.mozilla.org/attachment.cgi?id=175188&action=edit ...

superreview requested: [Bug 283181] installer version text needs to be upgraded from 1.0 to 1.0.1 : [Attachment 175188] Bump version in installers to 1.0.1/1.7.6
Chase Phillips <cmp@mozilla.org> has asked Ben Goodger <bugs@bengoodger.com> for superreview: Bug 283181: installer version text needs to be upgraded from 1.0 to 1.0.1 https://bugzilla.mozilla.org/show_bug.cgi?id=283181 Attachment 175188: Bump version in installers to 1.0.1/1.7.6 https://bugzilla.mozilla.org/attachment.cgi?id=175188&action=edit ...

!27.0.0.1 vs. 0.0.0.0
I can use any number of tools to see what ports I have listening and/or connected. But among the *Listening* ports, some are 127.0.0.1 and some are 0.0.0.0. What is the difference between 127.0.0.1 and 0.0.0.0 ? Since I've got both - there MUST be a difference. Thanks, Alan 0.0.0.0 stands for all interfaces (example: yourIPaddress,127.0.0.1-127.254.254.254) 127.0.0.1 stands for local interface only (127.0.0.1) > 0.0.0.0 stands for all interfaces > (example: yourIPaddress,127.0.0.1-127.254.254.254) > > 127.0.0.1 stands for local interface only (127....

Updates after 1.5.0.7 (1.5.0.9, 2.0.0.1)can't access the web.
Name: Jay Product: Firefox Summary: Updates after 1.5.0.7 (1.5.0.9, 2.0.0.1)can't access the web. Comments: see summary Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 ...

System.Security.SecurityException: Request for the permission of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 fai
Hi everyone,I my project is in ASP.Net2.0 using C#.I have used ajax in my project.and I have hosted my site on godaddy.now i faced below error on those pages where i used script manager.System.Security.SecurityException: Request for the permission of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.I have given all permission to every folder.but still same problem.I also used  <system.web>     <trust level="Medium" />   </system.web>but no soluti...

A bug ? 1.1.3889.0.exe and 1.1.3890.0.exe
Have FC (fastcache) installed , working perfectly, bound to 127.0.0.1, as my system nameserver. DNSBench insists it is not working, but uses it to resolve the name of the nameservers I add to it's list. ???? On Fri, 27 Aug 2010 12:52:57 -0300, nemesis <invalid_address@newsgroup.com> wrote: > Have FC (fastcache) installed , working perfectly, bound to >127.0.0.1, as my system nameserver. > DNSBench insists it is not working, but uses it to resolve the >name of the nameservers I add to it's list. > ???? Sorry Windows XP Pro XP3 []'s > ...

1.8.0.1/1.5.0.1 Code Freeze Approaching
Happy New Year! The code freeze for the first Firefox 1.5 update (1.5.0.1) will be on Tuesday January 10 at 11:59P.M. A release candidate for the update will be ready for testing on Friday January 13 in preparation for a final release in late January/early Feb. See the post http://developer.mozilla.org/devnews/index.php/2005/12/16/whats-next/ for more info on the goals of this release. Thanks! As always questions are welcomed at drivers at mozilla.org. ...

1.5.0.0.3 vs 1.5.0.0.4
I have had numerous difficulties with FF 1.5.0.0.4, in particular, some sites often just hang when I click on links. A particularly bad site is Dell http://www.dell.com/, which - when I try to configure a computer - gets all kinds of "waiting for dell" status bar messages. I tried it with a clean profile, to no avail. It works flawlessly with IE. I downloaded fresh copies of 1.5.0.3 and 1.5.0.4 with the intent of uninstalling the latter and then trying the former. *The uninstall process hung*. So I installed 1.5.0.3 on top of 1.5.0.4. The Dell site now works fl...

Firefox 2.0.0.3 and Firefox 1.5.0.11 Security and Stability Update
As part of Mozilla Corporation=92s ongoing stability and security =20 update process, Firefox 1.5.0.11 and Firefox 2.0.0.3 are now =20 available for Windows, Mac, and Linux for free download from http://=20 getfirefox.com. Due to the security fixes, we strongly recommend that all Firefox =20 users upgrade to these latest releases. Note: Firefox 1.5.0.x will be maintained with security and stability =20 updates until April 24, 2007. All users are encouraged to upgrade to =20 Firefox 2. Firefox 1.5.0.11 is available for download from http://=20 www.mozilla.com/firefox/all-older.html...