Jump to content

gctray.exe detected as Backdoor.Win32.Small.nv

Recommended Posts



We have approximately 100 PCs with Gigabyte 8I865GVME motherboard, running Windows XP and KAV 5.0.676. On these machines, a Gigabyte utility called C.O.M is installed for motherboard health monitoring. Part of this utility is gctray.exe. Yesterday, KAV detected gctray.exe on all these 100 machines as Backdoor.Win32.Small.nv and removed it.


I found on Google that there is some malware which is also named gctray.exe, but I suspect this is not it.


Our gctray exe was installed into c:\windows\system32, it's size is 20480 bytes and md5 checksum 14D7195D329A64F77AB650721DEC2046. Unfortunately I couldn't find the Gigabyte motherboard companion CD to verify whether gctray.exe on this CD is identical.


Can we consider this a false alarm or has Kaspersky Labs actually found that gctray.exe installed by Gigabyte *is* a backdoor?

Share this post

Link to post

I received a confirmation from Kaspersky Labs, after sending our gctray.exe to them for reviewing:


Subject: RE: Possible false positive: Gigabyte COM utility [KLAB-1696858]

Date: 8 Feb 2007 13:03:43 +0300

From: <newvirus@kaspersky.com>



Hello. That is actually backdoor. That is not false positive. If it was actually written by Gigabyte they should remove it from their packages. Thank you for your help.

Share this post

Link to post

  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.