Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

1, 0, 0, 6 23.33%
1, 0, 0, 6 36.67%
1, 0, 0, 6 40.00%
(Note, Faglaro Enterprises Limited publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
CryptDestroyHash, CryptCreateHash, CryptReleaseContext, CryptAcquireContextW, CryptGetHashParam, ConvertSidToStringSidW, DuplicateTokenEx, CreateProcessAsUserW, GetTokenInformation, OpenProcessToken, CryptHashData
htmlayout.dll
HTMLayoutWindowAttachEventHandler, HTMLayoutGetRootElement, HTMLayoutLoadHtml, HTMLayoutSetAttributeByName, HTMLayoutDataReady, HTMLayoutProcND, HTMLayout_UnuseElement, HTMLayout_UseElement, HTMLayoutSetCallback, HTMLayoutVisitElements
kernel32.dll
InitializeCriticalSectionAndSpinCount, GetFileType, HeapCreate, QueryPerformanceCounter, HeapReAlloc, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetModuleFileNameA, GetStdHandle, IsProcessorFeaturePresent, LCMapStringW, SetLastError, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, IsValidCodePage, GetOEMCP, GetACP, InterlockedDecrement, InterlockedIncrement, GetCPInfo, WideCharToMultiByte, HeapAlloc, HeapFree, HeapSize, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, RaiseException, GetStartupInfoW, HeapSetInformation, GetCommandLineA, GetSystemTimeAsFileTime, DecodePointer, GetCurrentProcess, VirtualFree, OpenProcess, Sleep, GetLastError, VirtualAlloc, Process32FirstW, ProcessIdToSessionId, Process32NextW, CreateToolhelp32Snapshot, CloseHandle, GetPrivateProfileSectionNamesW, FindFirstFileW, GetUserDefaultLCID, GetPrivateProfileStringW, GetLocaleInfoW, GetModuleFileNameW, FindClose, FindNextFileW, CreateMutexW, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, GetFileSize, SetFilePointer, VirtualQuery, WriteFile, ReadFile, CreateFileW, MultiByteToWideChar, GetCurrentProcessId, ExitProcess, FindResourceW, LoadResource, GetTickCount, SizeofResource, GetTempPathW, LockResource, GetVersion, CreateThread, GetModuleHandleW, GetProcAddress, GetCurrentThreadId, LoadLibraryW, RtlUnwind, GetConsoleCP, GetConsoleMode, GetStringTypeW, SetStdHandle, WriteConsoleW, FlushFileBuffers, SetUnhandledExceptionFilter, EncodePointer, GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree
ole32.dll
CoUninitialize, CoInitializeSecurity, CoInitializeEx
shell32.dll
ShellExecuteW
shlwapi.dll
SHGetValueW, SHSetValueW, StrStrIW, PathRemoveFileSpecW, PathFindFileNameW
user32.dll
RegisterWindowMessageW, PostMessageW, LoadCursorW, RegisterClassExW, LoadIconW, CreateWindowExW, SetTimer, KillTimer, SetForegroundWindow, FindWindowExA, SetWindowPos, ShowWindow, SendMessageW, DefWindowProcW, SetProcessWindowStation, GetMessageW, CloseWindowStation, OpenDesktopW, CloseDesktop, TranslateMessage, SetThreadDesktop, OpenWindowStationW, DispatchMessageW, GetWindowThreadProcessId, GetShellWindow
userenv.dll
CreateEnvironmentBlock, DestroyEnvironmentBlock
wininet.dll
InternetCrackUrlW, InternetOpenW, HttpQueryInfoW, InternetConnectW, InternetCloseHandle, HttpSendRequestW, HttpOpenRequestW, InternetReadFile
wtsapi32.dll
WTSQueryUserToken, WTSQuerySessionInformationW

EFupdater.exe

By Faglaro Enterprises Limited (Signed)

Remove EFupdater.exe
Version:   1, 0, 0, 6
MD5:   79ebd77c22501221ab73a4549c9fdbf2
SHA1:   c87f90d1b28c604cc023fa7fd115b755fc98d9c9
SHA256:   51e0a0b7c653b4407342adcab9dccc5a21dafbed3eec048e0451a53cf2e05598
Warning 5 antivirus scanners has detected malware.

Overview

efupdater.exe is malware that executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). It is installed with a couple of know programs including ExpressFiles published by Express Solutions, ExpressFiles from Express Solutions and ExpressFiles by Express Solutions. The file is digitally signed by Faglaro Enterprises Limited which was issued by the COMODO CA Limited certificate authority (CA).

DetailsDetails

File name:efupdater.exe
Typical file path:C:\Program Files\expressfiles\efupdater.exe
File version:1, 0, 0, 6
Product version:1,0,0,0
Size:243.59 KB (249,440 bytes)
Build date:5/29/2013 6:12 AM
Certificate
Issued to:Faglaro Enterprises Limited
Authority (CA):COMODO CA Limited
Effective date:Wednesday, December 12, 2012
Expiration date:Sunday, December 13, 2015
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
ExpressFiles
 Express Solutions
  61% remove
No settings, no complications, unimaginable speed, with minimum effort and maximum simplicity! User-friendly interface anyone can manage. Built-in instant search tool with an amazingly intelligent algorithm! It's absolutely free. And, we are con- stantly working to make our product better. Ask why? It's simple! We like to make the Internet better, and staying there pleasant. It's totally unique. Very simple inter- face is specifically d...

BehaviorsBehaviors

Scheduled tasks
  • The job 'Express FilesUpdate' runs on logon in the path '\Express FilesUpdate'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path 'C:\WINDOWS\Tasks\Express FilesUpdate.job'
  • Login entry path '\Express FilesUpdate'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
Antivirus engineEngine versionDetection
avast! 8.0.1489.320 Win32:Expressfiles-B [PUP]
Dr.Web 8.13.9.29 Tool.DownLoader.52
ESET NOD32 7.8777 a variant of Win32/YourFileDownloader.B
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V0529
VIPRE Antivirus 21296 ExpressFiles Installer (fs)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00110078%
0.028634%
Kernel CPU:0.00053777%
0.013761%
User CPU:0.00056301%
0.014873%
Kernel CPU time:724 ms/min
100,923,805ms/min
CPU cycles:45,974/sec
17,470,203/sec
Memory
Private memory:10.3 MB
21.59 MB
Private (maximum):6.04 MB
Private (minimum):594.67 KB
Non-paged memory:10.3 MB
21.59 MB
Virtual memory:91.38 MB
140.96 MB
Virtual memory (peak):102.53 MB
169.69 MB
Working set:1.35 MB
18.61 MB
Working set (peak):14.44 MB
37.95 MB
Page faults:37,643/min
2,039/min
I/O
I/O read transfer:3.95 KB/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O other transfer:603 Bytes/sec
448.09 KB/min
I/O other operations:5/sec
1,671/min
Resource allocations
Threads:4
12
Handles:198
600
GUI GDI count:26
103
GUI GDI peak:27
142
GUI USER count:8
49
GUI USER peak:9
71

BehaviorsProcess properties

Integrety level:High
Platform:64-bit
Command line:"C:\Program Files\expressfiles\efupdater.exe"
Owner:User
Parent process:taskeng.exe (Task Scheduler Engine by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 60.00%
Windows 7 Home Premium 16.67%
Microsoft Windows XP 10.00%
Windows 8.1 Pro Preview 10.00%
Windows 8 3.33%

Distribution by countryDistribution by country

United States installs about 33.33% of efupdater.exe.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 19.51%
Compaq 14.63%
Dell 14.63%
Gateway 9.76%
Acer 9.76%
Hewlett-Packard 9.76%
Samsung 7.32%
Alienware 7.32%
GIGABYTE 7.32%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE