Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

1, 0, 0, 6 64.71%
1,0,0,0 2.94%
1,0,0,0 23.53%
1,0,0,0 8.82%

Relationships

EFupdater.exe

Express Files Updater by Faglaro Enterprises Limited (Signed)

Remove EFupdater.exe
Version:   1,0,0,0
MD5:   3cffe856d6c054b04da4c0a84d95bf6e
SHA1:   6ac9784405f19c54c94812dbc4f6d1e3512f38f5
SHA256:   22382682af13585fb26b2695269b5193c30c618022314ccbbda6299ba4c158b3
Warning 3 antivirus scanners has detected malware.

What is EFupdater.exe?

Express Files Updater (efupdater.exe) is a program which runs in the background of Windows and automatically starts up when your PC boots. It checks for software udpates and automatically downloads and installs them if found.

About EFupdater.exe (from Faglaro Enterprises Limited)

It's all-in-one product. Easy to use instant built-in search tool usefully sorts your results and download manager is so handy. With our prod- uct you can find any content of any subject that interest

Overview

efupdater.exe is malware that executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges). It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). It is installed with a couple of know programs including ExpressFiles published by Express Solutions, ExpressFiles from Express Solutions and ExpressFiles by Express Solutions.

DetailsDetails

File name:efupdater.exe
Publisher:http://www.express-files.com/
Product name:Express Files Updater
Typical file path:C:\Program Files\expressfiles\efupdater.exe
File version:1,0,0,0
Size:195.65 KB (200,344 bytes)
Certificate
Issued to:Faglaro Enterprises Limited
Authority (CA):COMODO CA Limited
Effective date:Friday, December 16, 2011
Expiration date:Sunday, December 16, 2012
Digital DNA
PE subsystem:Windows GUI
File packed:Yes
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
ExpressFiles
 Express Solutions
  61% remove
No settings, no complications, unimaginable speed, with minimum effort and maximum simplicity! User-friendly interface anyone can manage. Built-in instant search tool with an amazingly intelligent algorithm! It's absolutely free. And, we are con- stantly working to make our product better. Ask why? It's simple! We like to make the Internet better, and staying there pleasant. It's totally unique. Very simple inter- face is specifically d...

BehaviorsBehaviors

Scheduled tasks
  • The job 'Express Files Updater' runs on logon in the path 'C:\WINDOWS\Tasks\Express Files Updater.job'
  • The job 'Express FilesUpdate' runs on logon in the path '\Express FilesUpdate'
  • Entry path '\Express FilesUpdate'
  • Entry path '\Express Files Updater'
  • Entry path 'C:\WINDOWS\Tasks\Express FilesUpdate.job'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path 'C:\WINDOWS\Tasks\Express Files Updater.job'
  • Login entry path '\Express FilesUpdate'
  • Login entry path '\Express Files Updater'
  • Login entry path 'C:\WINDOWS\Tasks\Express FilesUpdate.job'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
Antivirus engineEngine versionDetection
Dr.Web 8.13.4.10 Tool.DownLoader.52
ESET NOD32 7.8137 a variant of Win32/YourFileDownloader.B
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V0721

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00030590%
0.028634%
Kernel CPU:0.00015923%
0.013761%
User CPU:0.00014668%
0.014873%
Kernel CPU time:203 ms/min
100,923,805ms/min
Memory
Private memory:8.05 MB
21.59 MB
Private (maximum):10.76 MB
Private (minimum):10.71 MB
Non-paged memory:8.05 MB
21.59 MB
Virtual memory:48.23 MB
140.96 MB
Virtual memory (peak):51.51 MB
169.69 MB
Working set:10.75 MB
18.61 MB
Working set (peak):10.77 MB
37.95 MB
Page faults:4,147/min
2,039/min
I/O
I/O read transfer:2.15 KB/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:0 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:11 Bytes/sec
448.09 KB/min
I/O other operations:1/sec
1,671/min
Resource allocations
Threads:2
12
Handles:153
600
GUI GDI count:33
103
GUI USER count:5
49

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command line:"C:\Program Files\expressfiles\efupdater.exe"
Owner:SYSTEM
Parent process:svchost.exe (Generic Host Process for Win32 Services by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 32.35%
Microsoft Windows XP 29.41%
Windows 7 Home Premium 14.71%
Windows Vista Home Premium 11.76%
Windows 8 Pro 8.82%
Windows 8 Pro with Media Center 2.94%

Distribution by countryDistribution by country

United Kingdom installs about 23.53% of Express Files Updater.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Acer 23.53%
Dell 23.53%
Toshiba 23.53%
American Megatrends 17.65%
Hewlett-Packard 11.76%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE