Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

4,4,3,64051 20.00%
4,0,3,57478 20.00%
3,6,2,47687 20.00%
3,6,2,44641 20.00%
3,4,2,41470 20.00%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
OpenSCManagerW, RegQueryValueExW, RegQueryInfoKeyW, InitializeSecurityDescriptor, RegDeleteKeyW, SetSecurityDescriptorDacl, RegDeleteValueW, ConvertStringSecurityDescriptorToSecurityDescriptorW, SetSecurityInfo, RegOpenKeyExW, GetSecurityDescriptorSacl, RegEnumKeyExW, RegCloseKey, RegSetValueExW, OpenProcessToken, GetTokenInformation, RegFlushKey, GetUserNameW, LookupAccountNameW, LookupPrivilegeValueW, ImpersonateLoggedOnUser, RegOpenCurrentUser, FreeSid, EqualSid, AllocateAndInitializeSid, CloseServiceHandle, QueryServiceStatus, OpenServiceW, RegCreateKeyExW, CreateProcessAsUserW, DuplicateTokenEx, SetTokenInformation, RegQueryValueExA, ConvertSidToStringSidW, AdjustTokenPrivileges, RevertToSelf
comctl32.dll
InitCommonControlsEx
directui.dll
DirectUI_ComboBox_SetCurSel, DirectUI_GetControlRect, DirectUI_Button_SetCheck, DirectUI_TrackPopupMenu, DirectUI_MoveEx, DirectUI_GetStringItem, DirectUI_LoadSkinResourceFromFolder, DirectUI_GetStringLength, DirectUI_UpdateSkin, DirectUI_SetControlPos, DirectUI_EnableControl, DirectUI_ComboBox_AddString, DirectUI_SubclassWindow, DirectUI_ComboBox_GetCurSel
imm32.dll
ImmDisableIME
iphlpapi.dll
GetAdaptersAddresses
kernel32.dll
SetProcessShutdownParameters, ReleaseMutex, CloseHandle, LocalFree, GetPrivateProfileStringW, WritePrivateProfileSectionW, WritePrivateProfileStringW, GetVersionExW, CreateDirectoryW, LoadLibraryW, SetLastError, Process32FirstW, ProcessIdToSessionId, Process32NextW, CreateToolhelp32Snapshot, GetCurrentProcessId, WideCharToMultiByte, WTSGetActiveConsoleSessionId, GetFileSize, WriteFile, ReadFile, CreateFileW, IsDBCSLeadByteEx, SystemTimeToFileTime, GetLocalTime, DeleteFileW, GetFileSizeEx, CreateProcessW, InitializeCriticalSectionAndSpinCount, lstrlenA, SetFilePointer, SetEndOfFile, CreateFileA, GlobalAlloc, GlobalFree, Sleep, GetSystemInfo, GlobalMemoryStatusEx, SetErrorMode, GetCommandLineW, SetEnvironmentVariableA, CompareStringW, CompareStringA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetLocaleInfoW, GetStringTypeW, GetStringTypeA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetDateFormatA, GetTimeFormatA, SetConsoleCtrlHandler, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlushFileBuffers, GetStartupInfoA, CreateEventW, SetHandleCount, GetConsoleMode, GetConsoleCP, IsValidCodePage, GetOEMCP, GetCurrentThreadId, GetCurrentThread, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleFileNameA, GetStdHandle, ExitProcess, FatalAppExitA, HeapCreate, GetCPInfo, LCMapStringW, LCMapStringA, RtlUnwind, GetStartupInfoW, CreateThread, ExitThread, GetSystemTimeAsFileTime, GetFileAttributesW, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, LoadLibraryA, GetModuleHandleA, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, SizeofResource, OpenProcess, InitializeCriticalSection, GetModuleHandleW, SetEvent, InterlockedCompareExchange, WaitForSingleObject, GetCurrentProcess, InterlockedDecrement, InterlockedIncrement, LoadLibraryExW, LoadResource, FreeLibrary, FindResourceW, FindResourceExW, UnmapViewOfFile, MapViewOfFile, CreateMutexW, Module32NextW, VirtualProtect, Module32FirstW, IsWow64Process, AddVectoredExceptionHandler, RemoveVectoredExceptionHandler, LockResource, CreateFileMappingW, EnterCriticalSection, GetProcAddress, GetLastError, InterlockedExchange, GetPrivateProfileIntW, RaiseException, FlushInstructionCache, lstrlenW, MultiByteToWideChar, GetTimeZoneInformation, GetModuleFileNameW, HeapAlloc, HeapDestroy, OpenEventW, DeleteCriticalSection, GetACP, lstrcmpiW, GetFileType, LeaveCriticalSection, DeviceIoControl
log.dll
WriteLog, CreateLog
ole32.dll
CoUninitialize, CoCreateInstance, CoTaskMemRealloc, CoTaskMemAlloc, CoCreateGuid, CoTaskMemFree, CoInitialize
rpcrt4.dll
UuidCreate, UuidToStringW, RpcStringFreeW
shell32.dll
SHGetSpecialFolderPathW, SHAppBarMessage, SHGetFolderPathW, Shell_NotifyIconW
shlwapi.dll
PathAppendW, StrStrIW, SHDeleteKeyW, PathFindFileNameW, PathAddBackslashW, PathAddExtensionW, PathRemoveFileSpecW, PathIsDirectoryW, PathFileExistsW, StrRChrW, PathFindExtensionW
user32.dll
TranslateMessage, PeekMessageW, SetWindowLongW, CreateWindowExW, SendMessageW, IsWindow, RegisterClassExW, DefWindowProcW, GetWindowThreadProcessId, DispatchMessageW, GetClassInfoExW, LoadCursorW, PostMessageW, LoadImageW, RegisterWindowMessageW, CharNextW, GetMessageW, SetCursor, DestroyWindow, DestroyIcon, GetSystemMetrics, LoadStringW, LoadIconW, KillTimer, SetTimer, GetWindow, CallWindowProcW, GetMonitorInfoW, SetWindowTextW, DestroyMenu, UnregisterClassA, GetParent, TranslateAcceleratorW, GetWindowRect, MonitorFromPoint, SetForegroundWindow, LoadStringA, PostQuitMessage, AttachThreadInput, MessageBeep, WindowFromPoint, GetClientRect, SetFocus, GetMenuItemInfoW, PtInRect, GetForegroundWindow, TrackPopupMenuEx, InvalidateRect, GetWindowLongW, AppendMenuW, EnableMenuItem, MonitorFromWindow, GetDesktopWindow, SetWindowPos, GetCursorPos, ShowWindow, CreatePopupMenu, CreateDialogParamW, GetMenuItemCount, RemoveMenu, SetMenuDefaultItem, MapWindowPoints
userenv.dll
CreateEnvironmentBlock, DestroyEnvironmentBlock
version.dll
GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
winhttp.dll
WinHttpSetCredentials, WinHttpReadData, WinHttpAddRequestHeaders, WinHttpOpen, WinHttpQueryHeaders, WinHttpCloseHandle, WinHttpConnect, WinHttpWriteData, WinHttpSendRequest, WinHttpSetOption, WinHttpReceiveResponse, WinHttpOpenRequest, WinHttpCreateUrl
wtsapi32.dll
WTSQueryUserToken, WTSEnumerateSessionsW, WTSFreeMemory

bavtray.exe

Baidu Antivirus by Baidu Online Network Technology (Beijing)Co. (Signed)

Remove bavtray.exe
Version:   4,0,3,57478
MD5:   02b7ae9fbefcf00e0dcb3390eb9eb6b5
SHA1:   d33e08ca82e5730149df5ed09cf49a51e6eff591

Overview

bavtray.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). It is installed with a couple of know programs including Baidu Antivirus published by Baidu, Inc., Baidu Antivirus from Baidu, Inc. and Baidu Antivirus by Baidu, Inc.. The file is digitally signed by Baidu Online Network Technology (Beijing)Co. which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:bavtray.exe
Publisher:Baidu, Inc.
Product name:Baidu Antivirus
Description:Baidu Antivirus Tray Application
Typical file path:C:\Program Files\baidu security\baidu antivirus\bavtray.exe
File version:4,0,3,57478
Size:1.12 MB (1,177,960 bytes)
Build date:1/21/2014 4:11 PM
Certificate
Issued to:Baidu Online Network Technology (Beijing)Co.
Authority (CA):VeriSign
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Baidu Antivirus
 Baidu, Inc.
18% remove
Baidu Antivirus protects your computer against malware, phishing and malicious websites, worms, and trojans. Remove viruses. Free download and permanently free in future use. Baidu Antivirus consists of Antivirus, Cloud Scan, HIPS, Firewall, Anti-phishing.

BehaviorsBehaviors

Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Baidu Antivirus' → "C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" -auto

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00104404%
0.028634%
Kernel CPU:0.00072359%
0.013761%
User CPU:0.00032045%
0.014873%
Kernel CPU time:141 ms/min
100,923,805ms/min
CPU cycles:29,604/sec
17,470,203/sec
Memory
Private memory:3.78 MB
21.59 MB
Private (maximum):8.68 MB
Private (minimum):424 KB
Non-paged memory:3.78 MB
21.59 MB
Virtual memory:93.21 MB
140.96 MB
Virtual memory (peak):101.24 MB
169.69 MB
Working set:636 KB
18.61 MB
Working set (peak):8.68 MB
37.95 MB
Page faults:5,413/min
2,039/min
I/O
I/O read transfer:1.31 KB/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:559 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:27 Bytes/sec
448.09 KB/min
I/O other operations:2/sec
1,671/min
Resource allocations
Threads:22
12
Handles:171
600
GUI GDI count:80
103
GUI GDI peak:84
142
GUI USER count:19
49
GUI USER peak:20
71

BehaviorsProcess properties

Tray notification:Yes
Integrety level:Medium
Platform:32-bit
Command line:"C:\Program Files\baidu security\baidu antivirus\bavtray.exe" -auto
Owner:User
Parent process:explorer.exe (Windows Explorer by Microsoft Corporation)

ResourcesThreads

Averages
 
BavTray.exe (main module)
Total CPU:0.00128708%
0.272967%
Kernel CPU:0.00080443%
0.107585%
User CPU:0.00048266%
0.165382%
CPU cycles:27,306/sec
5,741,424/sec
Memory:1.14 MB
1.16 MB
bavipc.dll (Baidu Antivirus by Baidu)
Total CPU:0.00016091%
Kernel CPU:0.00016091%
User CPU:0.00000000%
CPU cycles:554/sec
Memory:488 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 Pro 20.00%
Windows 8.1 20.00%
Windows 7 Professional 20.00%
Microsoft Windows XP 20.00%
Windows 7 Ultimate 20.00%

Distribution by countryDistribution by country

Egypt installs about 40.00% of Baidu Antivirus.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 40.00%
Compaq 40.00%
Acer 20.00%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE