Tuesday, 4 October 2011

Facebook and Google Installed on my Windows 7 Machine?

As a fairly utilitarian Windows user, I like to have my machine stripped down with a lot of bells and whistles turned off. Especially all the hindrances, I mean 'simplifying features' that Microsoft have added in more contemporary versions.

 As most advanced users of Windows know, to keep it running well requires quite a lot of forethought and maintenance; especially if you're using it for testing when a very specific Windows-only tool is required or Linux-Java-Fails ensue. I regularly check my boot options, what services are running and what will run at start-up using msconfig.exe. This is a great little tool (if you don't already know it) that's built into Windows and gives a very simple view of what's going on. This can be launched from 'run' or in Windows Vista and later, by typing it into the search box on the start menu and hitting enter.

I checked msconfig recently, and found that two new services had appeared, one listed as Facebook Update and one listed as Google Update. My first reaction was that I'd been pwned, perhaps by one of the niche fetish porn websites I frequent or all the emails from dead relatives in Asia who've left me millions(?). However, upon further investigation (Googling for 30 seconds), I discovered that they were indeed genuine (in my case). I just wanted to share this with anyone who isn't aware and see if anyone knows a bit more about what information they could be gathering alongside performing their special tasks.

FacebookUpdate.exe is concerned with integrations with Skype and other services through Facebook.com, webcam services etc.

Google state that "GoogleUpdate.exe is a software component that acts as a meta-installer and auto-updater in many downloadable Google applications, including Google Chrome. It keeps your programs updated with the latest features. More importantly, GoogleUpdate allows your Google applications to be rapidly updated if security flaws are discovered,"

A summary of the findings is show below:


Full path on a computer: Appdata\Local\Facebook\Update\FacebookUpdate.exe MD5: 3cbc69a4fa0e2432fafaa559b83dc077 SHA1: 9e550c32bda4ef515336729f4f52e43f1439f9d8
Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Facebook Update: “Appdata\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver”
Internet connections to: dragon.ak.fbcdn.net, www.download.windowsupdate.com, crl.verisign.com, www.facebook.com. 

More information can be found at: http://greatis.com/blog/not-a-virus/facebookupdate-exe.htm 


Full path on a computer: \AppData\Local\Google\Update\GoogleUpdate.exe
Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Facebook Update: “Appdata\Local\Google\Update\GoogleUpdate.exe /c” Internet Connections: Unknown (probably all sorts!)

More information can be found at: http://googlesystem.blogspot.com/2008/10/invisible-googleupdateexe.html , http://www.ghacks.net/2008/12/28/googleupdateexe/

Obviously, this can, will or even has been hijacked or impersonated (various findings online), so check that they're genuine with Google and Facebook and MD5 hashes.

No comments:

Post a Comment