3 files reported as possible malware

The following 3 files are reported as ‘unsigned and thus possible malware’ by the HerdProtect scanner - all in c:\programfiles(86)\gnu\gnupg\

  1. gspawn-win32-console.exe
  2. gspawn-win32.exe
  3. gpgex.dll

Are they legitimate GNUpg files and if so, where can I find the official file hashes/sigs to check them?

Any help or other info much appreciated


Thanks. The installation package file checks out OK.

My concern is that certain individual files within the package may have been replaced/infected AFTER installation. Neither Malwarebytes, nor Hitman pro report them as suspect, but HerdProtect does.

I also have an anomalous situation that may be connected, which is that GPA will only run for about 5-10 minutes before the OS reports it as ‘stopped working’

The SHA1 hash for my gpgex.dll file is:

gpgex.dll: 8D0E B94C 5CB9 1CB0 E145 C3A6 9593 E787 3DD2 A965

I do not have the other two files you mentioned. However, I do have the similarly named “gspawn-win32-helper.exe” and “gspawn-win32-helper-console.exe”.

What version are you using?

-Sean C.

Thanks a bunch for that. The hash is OK- reassuring.

I’m using version 2.2.

This and previous problem are probably the result of my tinkering feverishly with malware/spyware utilities in an effort to identify and thwart the incessant attempts by various proxy and torrent services to gain access to my machine with greater privileges than is strictly needed to operate in the way they are claimed to operate. I’m not the world’s champ techie and its easy to screw things up.

I think the HerdProtect warning is probably just the result of reports by people doing similar things and not recognising the GnuPg progs for what they are. It just scans the subject of crowd-sourced reports with no other techie probing.

Still I’ve become a lot more familiar with the GNU suite as a result. Thanks