What is GLB1.TMP ?? Please advise

Discussion in 'ProcessGuard' started by Old Monk, Aug 2, 2005.

Thread Status:
Not open for further replies.
  1. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi folks

    Anybody any idea what glb1.tmp is - suddenly appeared with Modify + Read rights and able to install drivers. Only recent install is ZA 6- clearly a case of newbie granting permissions with out forethought I'm afraid (can't recall it though )-Googled it but can't find a definitive answer.

    Security also has glb12.tmp and glba2b.exe as Always Permit

    Have I screwed up anywhere ?

    Cheers

    Jon
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi, Probably not, when you install new programs or updates the installer may need to run a few special installer programs and PG will prompt to allow them to run, you may have ticked permit always where permit once was all that is needed. What appears to have happened is that you gave the file permission to install a a new driver which is probably necessary for the application to work. Once installed that permission will be no longer required and can be removed.

    If you check with ZA they could verify that those particular files belong to the ZA installer.

    HTH Pilli :)
     
  3. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi Pilli

    Thanks for the reassurance.

    I can only assume that they form part of the new ZA 6 but I'll ask them the question. I disabled protection in PG whilst running the install and then left in learning mode while I played with ZA 6. I guess this is how it happened. As I trust ZA was this correct procedure ?

    Just getting wary now I have these apps about things that are unfamiliar which is the whole point I suppose.

    One more thing to help me with my own 'learning mode' - when I searched for and found these 3 items when I clicked on them for more info I got a message something like ' could not find where these files were created' (don't have the machine with me so can't be more precise) - What does that mean ?

    Thanks again

    Jon
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    They may have been tempory installer files that no longer exist on your system

    To go back to you other point :) Learning mode will give permit always to anything uou install in that mode. Drivers may give an alert after learning mode is disabled and after a reboot, you then have to make the allow decision based on what you have done and whether it is normal for that install etc.

    HTH Pilli
     
  5. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
  6. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi -thanks again for your advice Pilli

    Brian, thanks for the link which in a way added to my confusion. Having googled away, there seems to be little consensus about glb on any forum. I've seen reports and opinion stating it's all sorts of things including a backdoor trojan.

    Therefore I've had a look in the ZA program files (6 months ago I wouldn't even have a clue where to look !) and the source of the installer is glb1.tmp so now I'm even more reassured- as some links have stated it seems to be something to do with unwise.exe .Also scanned with various apps and nothing untoward found. I

    In some ways I'm tempted to leave both PG and Prevx running while I do new installs. Even though the alerts would be annoying at least I could see exactly whats happening and what doesn't work if it's denied rather than being concerned about shutting the stable door too late. That way seems the quickest way to learn what's happening behind the scenes.

    Cheers

    Jon
     
  7. SOLUTION: -->Re: What is GLB1.TMP ?? Please advise

    Looks like the file's properties report it to belong to "MailFrontier Inc." and is part of "MailFrontier Desktop" an antispam technology. It also looks like the teamed up with ZoneAlarm and I suppose it is now part of ZoneAlarm as is indicated in the following:
    http://www.mailfrontier.com/press/press_zone.jsp

    You would think ZoneAlarm would recognize it, no? Of course it could be a spoof but I don't tend to think so.

    AFH.
     
  8. KeepItSimple

    KeepItSimple Registered Member

    Joined:
    Aug 21, 2005
    Posts:
    5
    Re: What is GLB1.TMP ?? Please advise - use Prevx One

    Try the Prevx One shield site for file info.

    I have found the best place to search for info on unknown software like this is to use the Prevx One site at http://shield.prevx.com/pxland.asp. It lets you search by file name including the suffix. I use it first now ahead of fileinfo and virus info.com. I am not sure that is what Prevx intended but it is great for that type of thing. Someone told me it has info on over 5 million programs and executables. That sounds a lot but then again I have never drawn a blank yet.

    Give it a try and see what it has to say. It sounds like this is part of a temporary file execution as part of an internet download.
     
Thread Status:
Not open for further replies.