What is wrong with GoogleDesktopNetwork3.dll ?

What is wrong with GoogleDesktopNetwork3.dll ?

am 27.06.2007 02:40:37 von chopstickz9999

What's wrong with GoogleDesktopNetwork3.dll ?

It interferes with Visual Studio debugging process I am doing, VC
automatically picks up the dll into my process space. This is not
acceptable. It may be just a spider but it might also works both
ways - means, it crawls for contents for the user, and it also crawls
contents from usre's machine to google (or someone else). Google
should be responsible for any possible damages it might cause since
installation, this implies legal consequences.

Badware - Google DeskTop from file.net

The process Google Desktop belongs to the software Google Desktop or
GoogleDesktopNetwork3.dll or Google Toolbar for Internet or DVD
Solution by Google.

Description: File GoogleDesktopNetwork3.dll is located in a subfolder
of "C:\Program Files". Known file sizes on Windows XP are 111616 bytes
(29% of all occurrence), 126464 bytes, 110592 bytes, 136704 bytes,
135168 bytes, 163328 bytes, 135680 bytes, 149504 bytes, 142848 bytes,
146432 bytes, 164864 bytes, 134656 bytes.
The program has a visible window. Program starts upon Windows startup
(see Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT
\CurrentVersion\Windows\AppInit_DLLs). The file is not a Windows
system file. There is no file information. GoogleDesktopNetwork3.dll
is able to monitor applications. Therefore the technical security
rating is 38% dangerous.


Important: Some malware camouflage themselves as
GoogleDesktopNetwork3.dll, particularly if they are located in c:
\windows or c:\windows\system32 folder. Thus check the
GoogleDesktopNetwork3.dll process on your pc whether it is pest. We
recommend Security Task Manager for verifying your computer's
security. It is one of the Top Download Picks of 2005 of The
Washington Post and PC World.

=======================================

I checked the DLL contents:

Struc has Child(ren). Size: 640 bytes.

Child Type: StringFileInfo
Language/Code Page: 1033/1200
CompanyName: Google
FileDescription: Google Desktop
FileVersion: 5.1.705.14375
InternalName: Google Desktop
LegalCopyright: Copyright (c) 2003-07 Google. All Rights Reserved.
ProductName: Google Desktop
ProductVersion: 5.1.705.14375

======================================
This is what it is doing in memory:

fast delayed loading -

GoogleDesktopCommon_dll_DelayImport_ModuleName:

db 'GoogleDesktopCommon.dll',0
Google Desktop main :

SWC480193BC_GoogleDesktopSetup_exe:

unicode 'GoogleDesktopSetup.exe',0000h

Messes around in the registry

unicode 'regsvr32.exe',0000h

Installs a network code (punch a hole in user's firewall)

SWC4801943C__GD_Install_Network:

unicode '_GD_Install_Network',0000h

....
....

Then, it behaves like a web server:

db 0Dh,0Ah,'Content-Type: text/html',0Dh,0Ah,'Content-Length: 6',
0Dh,0Ah,0Dh,0Ah,'unsafe',0
Align 4
SSZ480196C4_HTTP_1_1_302_Moved__Location__:
db 'HTTP/1.1 302 Moved',0Dh,0Ah,'Location: ',0
Align 4
SWC480196E4_internal_port:
unicode 'internal_port',0000h

....
....
SSZ48019790__HTTP_:
db ' HTTP/',0
Align 4
SSZ48019798_POST_:
db 'POST ',0
Align 4
SSZ480197A0_GET_:
db 'GET ',0
Align 4
SSZ480197A8_redir:
db 'redir',0
Align 4
L480197B0:
db 0Ah;
db 00h;
db 00h;
db 00h;
L480197B4:
db 3Fh; '?'
db 73h; 's'
db 3Dh; '='
db 00h;
L480197B8:
db 26h; '&'
db 73h; 's'
db 3Dh; '='
db 00h;
SSZ480197BC_Referer__http___127_0_0_1_4664_:
db 'Referer: http://127.0.0.1:4664/',0
SSZ480197DC_Referer__http___localhost_4664_:
db 'Referer: http://localhost:4664/',0
SWC480197FC_localhost_:

....
....