GDIPFONTCACHEV1

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Does anyone know what GDIPFONTCACHEV1 is? I tried to delete it once, but soon
it came back... I don't have any malware on my pc.

thx
 
Questioner said:
Does anyone know what GDIPFONTCACHEV1 is? I tried to delete it once, but soon
it came back... I don't have any malware on my pc.

thx
Click to expand...

You do in fact have malware on your computer, sorry. Learn how to clean
it up:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Thanks to Malke, the greatest MVP there ever was. Too bad she has to
live in (or anywhere near) Fresno...

"I was raised on a may-naise farm half-way between Visalia and
Bakersfield. Right outa the eighth-grade mah bruther run over me with a
backhoe. Sparks commenced and mah face caught on fire. Daddy run off the
porch and put it out with a rake. Then I growed up."
~Tim Tomerson

Although I saw the best Loggins & Messina concert ever at the colledge
there... Pablo Cruise opened. Frikkin rocked!

Steve N.
 
I used adaware and tried to delete this. there was no results and I don't
have f3scrctr.dll, mwsbar.dll, mwsoeplg.dll. Help please
 
Hello Questioner,

According to a Pest Patrol analysis page, GDIPFONTCACHEV1 is not a pest.

http://research.pestpatrol.com/Analyses/2004-05-13_001701.asp

I just checked my own PC, and I have this file in 9 different folders,
including C:\I386.

Some of the create dates for this file match the original manufacture date
of my Dell computer, so if I'm being compromised, it's been going on for 3
1/2 years.

Alan
 
That depends on the file version.
LinkGrabber99 (popup adware) uses the same file name as one of it's active
files.

--
Larry Samuels Associate Expert
MS-MVP (2001-2005)
Unofficial FAQ for Windows Server 2003 at
http://pelos.us/SERVER.htm
Expert Zone-
 
Hi Larry,

Well, none of the various GDIPFONTCACHEV1.DAT files on my computer seem to
have any file versions associated with it on my PC. When I click Properties
on any of them, there isn't a Version tab available.

In fact, if I right click on _MOST_ of the 755 *.DAT files in my C:\ drive
and check in Properties, I don't have a Version Tab shown.

If any of these GDIPFONTCACHEV1.DAT files were part of a malware program,
wouldn't Windows Defender, Ad-Aware, SpyBot, Pest-Patrol, etc. flag any of
them?

Alan
 
I picked up this description off a website which may be of interest to you:

"The gdipfontcachev1.dat file is dangerous to the computer system and your
privacy. It belongs to a parasite, whose payload may differ depending on its
type. While relatively harmless pests may use gdipfontcachev1.dat to degrade
system performance, display commercial advertisements or perform other
annoying actions, really dangerous parasites may use gdipfontcachev1.dat to
damage your system, infect files, corrupt installed software and violate your
privacy. DO NOT open this file!
"The gdipfontcachev1.dat file is installed and used by LinkGrabber 99.
Please note that the gdipfontcachev1.dat file actually may be a fully
legitimate part of the operating system or legitimate software. Often
parasites use files with unsuspicious names, but malicious functionality. You
should always carefully check the file before deleting it. It may not be
related with malware, but can be required by your essential programs to work
properly."
 
Hi Tonyo,

It seems as if that's the problem with trying to determine whether this file
is "bad" or not. Depending upon various sources found via Google, opinions
range from its being harmless to your description of its being "dangerous."

This is not just directed at you, but is there some way of anyone knowing
for sure?

Alan
 
Hi Alan,

Sorry, my reply was misleading. I didn't mean check the version tab since
that is easily alterable by editing the metadata.
What I meant was to check the file size/hash against known good versions
installed by legitimate programs.

There is every probability that all the versions on YOUR pc are legit. That
is probably not the case with Questioner's pc since he/she tried to delete
the file. Something must have flagged the file to bring it to their
attention and make them try to delete it.


--
Larry Samuels Associate Expert
MS-MVP (2001-2005)
Unofficial FAQ for Windows Server 2003 at
http://pelos.us/SERVER.htm
Expert Zone-
 
It seems to be some kind of component of XML or other coding
language. I have this module on different OS'es (XP, Server 2003).
There appears to be an instance in the \Application Data subfolder
of the profile and another one in the \Local Settings\ tree.
I was searching around for info and read through a certification for
Visual .Net and it made reference to leaving the .Dat after uninstall.
Whatever it's function, it doesn't seem to get accessed/updated as
both copies on my primary machine have quite old "Last Modified"
time stamps. The module is also found on a Windows 2000 instance.
 
Alan said:
Hi Steve,

Well, according to this response, it's not adware:

"umm figured it out..
File is created when I run (ohhh how I hate to admit this)
Hallmark Card Studio
The fonts list in it made me try opening all applications that use fonts and
might induce it's creation and low and behold after a process of trial and
error mystery solved!"

http://www.users.waitrose.com/~archive/m.p.w.gen_discussion/Dakw-GDIPFONTCACHEV1dat-i.shtml

Alan
Click to expand...

Ok. I stand corrected. When I did a search I got a whole slew of adware
hits on it. Glad you got it figured out and you're safe after all.

There's nothing to be ashamed of for using Hallmark, Alan.

Steve N.
 
Well, out of the nine GDIPFONTCACHEV1.DAT files on my PC -- running XP Home
+ SP2 -- five are 13 KB in size and have the same date of 10/24/02
associated with them -- basically the date my PC was manufactured by Dell.

Of the other four:

One is in C:\Documents and Settings\User2\Local Settings\Application Data,
is 103 KB and has a Create date of 09/08/04.

Another is in C:\Documents and Settings\Owner\Local Settings\Application
Data, is 103 KB and has a Create date of 10/24/02.

Another is in C:\Documents and Settings\Alan\Application Data, is 110 KB,
has a Create date of 11/22/03, and shows as being last modified on 5/11/06.

And the ninth is in C:\Documents and Settings\Alan\Local
Settings\Application Data, is 110 KB, has a Create date of 10/29/02, and
shows as being last modified on 5/23/06.

I'm not sure what any of this proves, but now I know more about this
GDIPFONTCACHEV1.DAT than I did yesterday. :>

Alan
 
I always look on an unknown file as a challenge to try and
determine what it is, why it's there. Something always raises
a "Red Flag" when I find filenames that appear in all Upcase
characters. You would think that the naming convention of
"GDIP" would lend some clue about it - but nothing I could
turn up. This would be a good item for any Microsoft folks
lurking around to comment about, as documentation on it
seems sparse.
 
So is it bad or not? Is it adware or should I just leave it? (things are
complicated when parasites use legit names!)
 
Questioner,

Well, I have 9 copies of it on my PC, and nothing seems amiss right now.
Also, I got no warnings from Windows Defender, Spybot Search and Destroy,
Pest Patrol, and Ad-Aware when I ran all these today after reading about
this file.

So....I'm not going to get too scared.....YET!! :>

Alan
 
Just as a test case, I renamed the 2 files on my system to a
non-functional extension .org. They are not part of the WFP
(Windows File Protection) as no immediate replacements
were applied. I rebooted and only the .Dat in:
C:\Docs & Settings\'MyProfileName'\Local Settings\Application
Data
was recreated. The other .dat retained it's .Org extension.
Apparently, Windows itself recreates the single .Dat and the
others may not be required/needed by the system.
 
Back
Top