# tgcmd.exe: malicious?



## GenderBender (Dec 6, 2002)

I run XP from home. In the past 24 hours, at start up NAV is autolaunching a warning that a potentially malicious script is detected: tgcmd.exe. I'd like to know the common wisdom on this executable; who typically is behind this executable (marketers, hackers)? Also, I'd like to remove the .exe. What's a safe way to do so?

I tried Symantec's website to no avail (it's 3am so granted I may have missed something!) and found you via a web search: news for you, your site is the first up when searching under "tgcmd.exe."


----------



## Yankee Rose (Jul 14, 1999)

Hi there GenderBender - welcome to TSG. 

Do you by chance use a Sony Vaio? If so - take a look here.

I found a link to your error via Symantec, but it won't come in for me:

http://service1.symantec.com/SUPPOR...68499137eac7fcef88256aeb0075578a?OpenDocument

Have you run a Spyware scan on your system lately? Ad-Aware is a good one. It detects and removes most spyware on your PC.

Hope this helps! Good luck.


----------



## RandyG (Jun 26, 2000)

[tsg=welcome][/tsg]

do you also have tgfix.exe running? I got this information from http://www.pacs-portal.co.uk/startup_pages/startup_full.htm#T



> *TgAddServer tgfix.exe * Part of a program called Tioga from Support.com - included on @Home service installation disc. It's installation was so you could get your @Home service updated automatically without having to go to their pages and downloading the newest patches, however.. it's also spyware the company distributes on it's installation disc and uses to collect information on your computer, where you've been, what you've downloaded, etc. It's not only safe to disable, I'd highly recommend it unless you like other people looking inside your computer. Removal procedure here
> *Tgcmd tgcmd.exe * Spyware as above. TGCMD is also part of Sony's Vaio support agent - designed by Support.com. If TGCMD is disabled, it will be necessary to recover the computer in order to use it again


 Some more info about it can be found here

****** I see Jody got in before me. AdAware has been suggested to remove this to other users on otherforums, so it should work for you as well.


----------



## Davey7549 (Feb 28, 2001)

Oh Poohey Randy beat me to it! ^^^^^^ Oh my gosh Jody too!

GB
Welcome to TSG!
Here is the explanation of what it is, what it does, its possible sources, and recommendations for removal. 
Clip from "AnswersThatWork".

Let us know what you found and did.



> This is the sort of software we classify as spyware. It is part of Tioga Softwares remote support and management tools (Tioga.com, Support.com, and SupportSoft.com are one and the same company) and is installed by the setup CD of the @Home ISP (@Home and MediaOne are now part of Comcast, with the ComcastSupport software being the mian culprit for introducing "T g c m d" on a PC). The Tioga/SupportSoft.com software is also included in the Sony Support software that comes with some Sony Vaio's. The original intention of "T g c m d" is to have your @Home service and software automatically updated when you are online; however it also collects information from your PC, which web pages you have visited, what you have downloaded, and permission based information about your system, its software, its settings, etc... As if that were not enough for us to recommend disabling it, it has additionally also been known to create a WININIT.INI file in the Windows folder, something which straight away prevents Windows ME users from using the extremely valuable System Restore feature of Windows ME. Finally, some users have also reported : being unable to clear the Internet history files when it is running, Eudora startup problems, and SDCSchedulerWindow error messages on shutdown of Windows.
> 
> *Recommendation :*
> If you are a Comcast customer, de-install "Comcast Support" through the Add/Remove icon in your Control Panel. Next, look up BJCFD in these Task List pages. If you have a Sony Vaio, de-install the "Vaio Support Agent" through the Add/Remove icon in your Control Panel. In all cases, if the de-installation of Comcast Support or Vaio Support Agent does not remove "T g c m d" after a reboot, then immediately disable "T g c m d" using Startup Manager.


Not disable via startup manager is typing Msconfig in your start\Run line and going to the startup tab and unchecking Tgcmd.exe then clicking Apply, then OK.

Dave


----------



## egdave (Dec 9, 2002)

Gender Bender,
I too have had the malicious script warning popping up. Seems it also started around the 5th of December. I also have XP, am using a Sony VAIO and using Nortons System Works. I did a little research and found that tgcmd.exe could have been installed if and when @home was installed. I did a search for tgcmd and added .bad to the exe,ini,hlp,pf,cnt. I don't get the Script warning anymore, and everything seems to work ok but Norton. 
Now the file it looks for nmain.exe seems to have dissapeared.
There are lots of hits about that file containing a virus, so now I get to do more search on that subject. Always something ha?


----------



## c4791p (Dec 10, 2002)

I also just started receiving this error following my most recent update of Norton Antivirus.

I run Win XP Pro at home on my Sony Vaio and found the discussions really interesting.

Waffled between changing the name of Tgmcd.exe to something else because of all the posts that said nothing really bad happened if you did that (and you could always go back by recreating the original name.)

But, then I read another post which made note of a whole pile of files that were eliminated when she removed a program from support.com

I went into the add/remove programs function from control panel and spotted an entry VAIO Support that was last used in Dec 2001, supposedly. I saw no reason for the program to exist and elected to remove it. What pops up, the statement "Uninstalling Support.com Agent"!!!!

It took 10 minutes for everything to uninstall!!!!! and I still had to remove a Vaio Support icon from my desktop. But when I restarted, NAV doesn't give any alert.

I'd never used their support and don't like having some program sitting there which apparently sucks up all sort of space and continues to recreate parts of itself.

The program was probably sitting there running all the time since I received my computer for my birthday last April, and doing who knows what all that time. Except for the NAV update, I'd never even thought that a program I never used might have been there working on its own.

Maybe this helps explain why my computer resourse useage reports seemed out of whack some times.

Chuck
Las Vegas


----------



## pappasj (Dec 11, 2002)

just some additional info regarding this script blocking
file.

my system is a new sony vaio rx860 purchase 11/15/02
install norton same date.

tgcmd.exe first show at start-up 12/05/02

e-mail to sony tech// no comeback

did speak to sony tech support they say chose norton

option to run all the time..

i think i have a privicy issue with sony

ps::sony stoped using norton a couple of years ago
the system software sony uses today is pcpillian??
somethimg like that


----------



## egdave (Dec 9, 2002)

I did more research on tgcmd.exe and as it was used by @Home, it was also used by Sony on there Vaio computers for an updateing program. After changing the names of the 5 tgcmd files I discovered that somehow I lost the nmain.exe file that Norton needs to operate. I tried a System Restore and found it wouldnt work till I renamed the 5 files. I then removed all traces of Norton and reinstalled it. After Norton Updated itself I got the TGCMD script message again, and chose to let the script run. Now no more problem. But have decided to get rid of the TGCMD program. What is the best way to do that?


----------

