Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

16.0.3.51 9.89%
16.0.2.32 4.56%
16.0.1.18 6.08%
16.0.0.282 32.32%
15.0.6.14 21.67%
15.0.5.109 11.03%
15.0.4.53 4.18%
15.0.2.72 1.14%
15.0.1.13 1.90%
12.0.1.669 0.38%
12.0.1.666 3.04%
12.0.1.647 0.38%
12.0.1.633 0.38%
12.0.1.609 0.38%
0.1.1.868 0.38%
0.1.1.831 0.38%
0.1.1.137 0.76%
0.1.0.4279 1.14%

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegDeleteValueA, FreeSid, RegEnumKeyA, RegCreateKeyA, RegSetValueA, RegQueryValueA, RegDeleteKeyA, RegCreateKeyExA, RegSetValueExA, RegEnumKeyExA, RegNotifyChangeKeyValue, RegOpenKeyExA, RegQueryValueExA, RegOpenKeyA, RegCloseKey, RegCreateKeyW, RegSetValueW, RegOpenKeyW, RegQueryValueW
gdi32.dll
GetDeviceCaps
kernel32.dll
DllMain, GetVersionExA, GetCurrentThreadId, InterlockedIncrement, InterlockedDecrement, SetEvent, OpenEventA, TerminateThread, SuspendThread, ResumeThread, FormatMessageA, WaitForMultipleObjects, LocalFree, LocalUnlock, LocalLock, LocalAlloc, Sleep, CreateThread, InterlockedExchange, MultiByteToWideChar, WideCharToMultiByte, RaiseException, InitializeCriticalSection, DeleteCriticalSection, SizeofResource, LockResource, LoadResource, FindResourceA, FindResourceExA, GetVersion, lstrlenW, FindCloseChangeNotification, FindFirstChangeNotificationA, GetExitCodeThread, CompareStringA, CompareStringW, LoadLibraryW, ReleaseMutex, CreateMutexA, GetDriveTypeA, FileTimeToSystemTime, FileTimeToLocalFileTime, SystemTimeToFileTime, EnterCriticalSection, LeaveCriticalSection, GetModuleHandleExA, GetSystemInfo, GetModuleFileNameA, FindClose, GetDiskFreeSpaceA, WaitForSingleObject, FindFirstFileA, FindNextFileA, RemoveDirectoryA, DeleteFileA, GetFileSize, CreateFileA, GetFileAttributesA, CreateDirectoryA, GetTempPathA, MoveFileA, GetTickCount, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetTempFileNameA, SetUnhandledExceptionFilter, SetCurrentDirectoryA, GetCurrentDirectoryA, SetProcessWorkingSetSize, GetCurrentProcess, WriteFile, GetThreadContext, VirtualQuery, IsBadWritePtr, GetCurrentProcessId, OpenProcess, SetFilePointer, GlobalMemoryStatus, GetLocaleInfoA, SetStdHandle, LCMapStringW, LCMapStringA, ReadFile, GetStringTypeW, GetStringTypeA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStdHandle, SetHandleCount, GetTimeZoneInformation, UnhandledExceptionFilter, TlsGetValue, TlsSetValue, TlsFree, SetLastError, TlsAlloc, QueryPerformanceCounter, VirtualFree, HeapCreate, HeapDestroy, HeapSize, TerminateProcess, SetEndOfFile, ResetEvent, FindNextChangeNotification, LoadLibraryA, GetProcAddress, FreeLibrary, CreateEventA, GetLastError, CloseHandle, CreateProcessA, SetErrorMode, FlushFileBuffers, IsBadReadPtr, IsBadCodePtr, SetEnvironmentVariableA, GetProcessHeap, GetFullPathNameA, GetWindowsDirectoryA, SetEnvironmentVariableW, GetFileType, PeekNamedPipe, GetFileInformationByHandle, GetCPInfo, HeapFree, HeapAlloc, ExitProcess, VirtualProtect, VirtualAlloc, ExitThread, GetSystemTimeAsFileTime, GetTimeFormatA, GetDateFormatA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, RtlUnwind, HeapReAlloc, SetFileAttributesA, GetACP, GetOEMCP
ole32.dll
CreateClassMoniker, CoRevokeClassObject, CoRegisterClassObject, CoInitializeEx, GetRunningObjectTable, CoUninitialize
setupapi.dll
SetupDiGetClassDevsW, SetupDiEnumDeviceInfo, SetupDiDeleteDeviceInfo, SetupDiDestroyDeviceInfoList, CM_Get_Parent, CM_Get_Device_ID_Size, CM_Get_Device_IDW, SetupDiGetDeviceInstanceIdW
shell32.dll
SHGetFolderPathW, SHGetFolderPathA, SHCreateDirectoryExA, SHCreateDirectoryExW
shlwapi.dll
PathGetDriveNumberW, PathAppendA, PathAddBackslashA, PathAppendW, PathAddBackslashW
user32.dll
CharPrevA, CharNextA, RegisterWindowMessageA, ReleaseDC, GetClassInfoExA, UnregisterClassA, SetWindowsHookExA, GetMessageA, TranslateMessage, DispatchMessageA, GetClassInfoA, RegisterClassA, GetSystemMetrics, CreateWindowExA, DefWindowProcA, PostQuitMessage, SetTimer, KillTimer, DestroyWindow, PostThreadMessageA, FindWindowA, PostMessageA, IsWindow, SendMessageA, GetDC, RegisterClassExA, UnhookWindowsHookEx
version.dll
GetFileVersionInfoA, VerQueryValueA

realsched.exe

RealPlayer (32-bit) by RealNetworks (Signed)

Remove realsched.exe
Version:   0.1.1.868
MD5:   79bfee40d13a25039a7c7885290d3f8d
SHA1:   ce52cfe3e2ff5bc29fccd217f05951fbbf71b39a
SHA256:   84191562844113d1b3fc9f45a534ffac3e575c356eb1191d30e989600405f504
Warning 25 antivirus scanners has detected malware.

What is realsched.exe?

RealNetworks Scheduler
RealUpgrade Launcher is part of RealPlayer, by RealNetworks, a cross-platform software product primarily used for the playing of recorded media. The media player is compatible with numerous formats within the multimedia realm, including MP3, MPEG-4, QuickTime, Windows Media, and multiple proprietary versions of RealAudio and RealVideo formats.

About realsched.exe (from RealNetworks)

Real brings you RealPlayer, the only solution you’ll need for managing all your music and videos. It’s the best free media player around for enjoying all types of entertainment! You can also transfer

DetailsDetails

File name:realsched.exe
Publisher:RealNetworks, Inc.
Product name:RealPlayer (32-bit)
Description:RealNetworks Scheduler
Typical file path:C:\Program Files\real\realplayer\update\realsched.exe
File version:0.1.1.868
Size:56.5 KB (57,857 bytes)
Build date:2/23/2013 3:36 PM
Certificate
Issued to:RealNetworks
Authority (CA):Thawte
Effective date:Sunday, August 15, 2010
Expiration date:Tuesday, August 16, 2011
Digital DNA
Entropy:6.578873
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'TkBellExe' → "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
  • Handler name 'RPPlayMediaOnArrival'
  • Handler name 'RPPlayDVDMovieOnArrival'
  • Handler name 'RPPlayCDAudioOnArrival'
  • Handler name 'RPDVDBurningOnArrival'
  • Handler name 'RPDeviceOnArrival'
Scheduled tasks
  • The job 'RealCreateProcessScheduledTask7880094S-1-5-21-2355705715-2703073010-2366679147-1000' runs on registration in the path '\RealCreateProcessScheduledTask7880094S-1-5-21-2355705715-2703073010-2366679147-1000'
  • The job 'RealCreateProcessScheduledTask90546427S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask90546427S-1-5-21-1484444706-205473755-680422138-1000'
  • The task 'RealCreateProcessScheduledTask8247866S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask8247866S-1-5-21-1484444706-205473755-680422138-1000'
  • The job 'RealCreateProcessScheduledTask7205342S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask7205342S-1-5-21-1484444706-205473755-680422138-1000'
  • The task 'RealCreateProcessScheduledTask56948664S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask56948664S-1-5-21-1484444706-205473755-680422138-1000'
  • The job 'RealCreateProcessScheduledTask425531072S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask425531072S-1-5-21-1484444706-205473755-680422138-1000'
  • The task 'RealCreateProcessScheduledTask41220690S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask41220690S-1-5-21-1484444706-205473755-680422138-1000'
  • The job 'RealCreateProcessScheduledTask408135057S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask408135057S-1-5-21-1484444706-205473755-680422138-1000'
  • The task 'RealCreateProcessScheduledTask3919119S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask3919119S-1-5-21-1484444706-205473755-680422138-1000'
  • The job 'RealCreateProcessScheduledTask361147400S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask361147400S-1-5-21-1484444706-205473755-680422138-1000'
  • The task 'RealCreateProcessScheduledTask343337421S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask343337421S-1-5-21-1484444706-205473755-680422138-1000'
  • The job 'RealCreateProcessScheduledTask341536093S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask341536093S-1-5-21-1484444706-205473755-680422138-1000'
  • The task 'RealCreateProcessScheduledTask336132281S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask336132281S-1-5-21-1484444706-205473755-680422138-1000'
  • The job 'RealCreateProcessScheduledTask333730708S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask333730708S-1-5-21-1484444706-205473755-680422138-1000'
  • The task 'RealCreateProcessScheduledTask310249453S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask310249453S-1-5-21-1484444706-205473755-680422138-1000'
  • The job 'RealCreateProcessScheduledTask303935063S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask303935063S-1-5-21-1484444706-205473755-680422138-1000'
  • The task 'RealCreateProcessScheduledTask291419212S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask291419212S-1-5-21-1484444706-205473755-680422138-1000'
  • The job 'RealCreateProcessScheduledTask28162922S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask28162922S-1-5-21-1484444706-205473755-680422138-1000'
  • The task 'RealCreateProcessScheduledTask2718301S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask2718301S-1-5-21-1484444706-205473755-680422138-1000'
  • The job 'RealCreateProcessScheduledTask2637462S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask2637462S-1-5-21-1484444706-205473755-680422138-1000'
  • The task 'RealCreateProcessScheduledTask261177731S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask261177731S-1-5-21-1484444706-205473755-680422138-1000'
  • The job 'RealCreateProcessScheduledTask208385667S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask208385667S-1-5-21-1484444706-205473755-680422138-1000'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 25 of them detected the following malware.
Antivirus engineEngine versionDetection
Avira AntiVir 7.11.64.68 TR/Dropper.Gen
avast! 6.0.1289.0 Win32:Malware-gen
AVG 2014.0.3629 Dropper.Generic7.CCPG
BitDefender 7.2 Gen:Variant.Barys.290
Comodo Internet Security 15518 UnclassifiedMalware
Emsisoft Anti-Malware 3.0.0.569 Gen:Variant.Barys.290 (B)
ESET NOD32 7.8099 a variant of MSIL/Injector.AFM
Fortinet 5.0.43.0 MSIL/Kryptik.GVV!tr
F-Secure 11.0.19020.35 Gen:Variant.Barys.290
G Data 13.10.22 Gen:Variant.Barys.290
Ikarus T3.1.4.0.0 VirTool.MSIL
Jiangmin 16.0.100 Trojan/Generic.aiocv
Kaspersky 9.0.0.837 HEUR:Trojan.Win32.Generic
Kingsoft 2013.1.8.219 Win32.Troj.Undef.(kcloud)
McAfee 5.400.1158 Suspicious Resource!msil
McAfee Gateway Anti-Malware v2012.1-dat Artemis!79BFEE40D13A
Microsoft Security Essentials 1.9203.0 VirTool:MSIL/Injector.CT
eScan by MicroWorld 12.0.250.0 Gen:Variant.Barys.290
Norman 7.00.22 Troj_Generic.IHISF
Panda Antivirus 10.0.3.5 Trj/CI.A
PC Tools 9.0.0.2 HeurEngine.ZeroDayThreat
Rising Antivirus 24.52.04.01 Trojan.Win32.Generic.142A2C74
Sophos 4.86.0 Mal/Generic-S
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.R47H1C8
VIPRE Antivirus 15956 Trojan.Win32.Generic!BT

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 27.00%
Windows 7 Home Premium 18.50%
Windows 7 Home Basic 15.50%
Microsoft Windows XP 11.50%
Windows 7 Professional 6.50%
Windows Vista Home Premium 5.50%
Windows XP Professional 4.50%
Windows 8 4.00%
Windows 7 Ultimate N 2.50%
Windows 8 Pro 2.00%
Windows 8 Enterprise 1.00%
Windows 8 Single Language 0.50%
Windows Vista Home Basic 0.50%
Windows Vista Ultimate 0.50%

Distribution by countryDistribution by country

United States installs about 27.27% of RealPlayer (32-bit) .

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Toshiba 36.36%
Dell 14.35%
Hewlett-Packard 11.48%
Sony 11.48%
Acer 11.00%
ASUS 3.83%
Intel 3.83%
Lenovo 2.87%
GIGABYTE 1.91%
Samsung 1.44%
Compaq 0.96%
American Megatrends 0.48%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE