What is ddcvt.exe?

By abanerji ·
My System details are Compaq Presario P4, 256 MB RAM, XP-SP2 (patched uptodate), ZoneAlarm Free 6.5, AVG Free 7, Ewido Anti-spyware 4.0, DiamondCS ProcessGuard Free 3.405. I have just observed the presence of "C:\Windows\System32\ddcvt.exe" both in ZA's Program Control and ProcessGuard's Security tab. A google search provides no information.

What is this ddcvt.exe please?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Looks suspicious

by Kiltie In reply to What is ddcvt.exe?

Do you mean that it is being detected as a possible threat by ZA and PG? or that it is an executable in those processes folders.

Google got a couple of hits for ddcvt.exe but they were foreign. However the Polish site had

ddcvt.exe --- Zombie

I don't read Polish, but that word stood out, so it looks suspicious, especially as it was in relation to a thread about someone trying to nail malware and posted a Hijackthis log (I can read those lol)

To be safe, find the file and rename it, such as


reboot and see what develops.

However I suspect you may have some malware there, and your best bet (if the anti malware programs cannot solve it) is to go to the forums at, for example (home of Spybot)

Collapse -

Info from another forum

by abanerji In reply to Looks suspicious

Thank you for your response. Sorry, I should have been more explicit. ZA/PG doesn't show it as a threat, just as permitted program.

Meanwhile, I had posted at castlecops too and this is what they say ( It's apparently part of GPL Ghostscript, which I remember came with my pdf creator.

I have also since done online scan of the file at VirusTotal, Jotti, and Norman Sandbox, and all engines say the file is clean.

Re home of Spybot, I visited (as mentioned by you), and it's a site. The true home of Spybot is (that's what I found now).

Collapse -

OOps a typo

by Kiltie In reply to Info from another forum

My apologies about that, yes indeed it is

My excuse: I was getting hit by multiple IMs at the time I posted, and finished rather quickly.

If it is a permitted program, then no problem, case solved.

Out of interest, this is the link which made me suspicious.**02.html

About 2/3 of the way down there is a lot of code with the words that looked suspicious:

2104 - ddcvt.exe --[Zombie]--
2368 - WINLISTER.EXE --[Zombie]--
2404 - ddcvt.exe --[Zombie]--
2492 - ddcvt.exe --[Zombie]--
2868 - ddcvt.exe --[Zombie]--
3372 - ddcvt.exe --[Zombie]--
3660 - CMD.EXE
3684 - ddcvt.exe --[Zombie]--
4060 - ddcvt.exe --[Zombie]--

Total number of processes = 45

Collapse -


by asif In reply to What is ddcvt.exe?

did you try to close the service if yes then waht happen after disabling the service

Related Discussions

Related Forums