Hello!

We have approximately 100 PCs with Gigabyte 8I865GVME motherboard, running Windows XP and KAV 5.0.676. On these machines, a Gigabyte utility called C.O.M is installed for motherboard health monitoring. Part of this utility is gctray.exe. Yesterday, KAV detected gctray.exe on all these 100 machines as Backdoor.Win32.Small.nv and removed it.

I found on Google that there is some malware which is also named gctray.exe, but I suspect this is not it.

Our gctray exe was installed into c:\windows\system32, it's size is 20480 bytes and md5 checksum 14D7195D329A64F77AB650721DEC2046. Unfortunately I couldn't find the Gigabyte motherboard companion CD to verify whether gctray.exe on this CD is identical.

Can we consider this a false alarm or has Kaspersky Labs actually found that gctray.exe installed by Gigabyte *is* a backdoor?

I received a confirmation from Kaspersky Labs, after sending our gctray.exe to them for reviewing:


Subject: RE: Possible false positive: Gigabyte COM utility [KLAB-1696858]
Date: 8 Feb 2007 13:03:43 +0300
From: <newvirus@kaspersky.com>


Hello. That is actually backdoor. That is not false positive. If it was actually written by Gigabyte they should remove it from their packages. Thank you for your help.