Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

1, 0, 0, 6 23.33%
1, 0, 0, 6 36.67%
1, 0, 0, 6 40.00%
(Note, Faglaro Enterprises Limited publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
CryptDestroyHash, CryptCreateHash, CryptReleaseContext, CryptAcquireContextW, CryptGetHashParam, ConvertSidToStringSidW, DuplicateTokenEx, CreateProcessAsUserW, GetTokenInformation, OpenProcessToken, CryptHashData
htmlayout.dll
HTMLayoutWindowAttachEventHandler, HTMLayoutGetRootElement, HTMLayoutLoadHtml, HTMLayoutSetAttributeByName, HTMLayoutDataReady, HTMLayoutProcND, HTMLayout_UnuseElement, HTMLayout_UseElement, HTMLayoutSetCallback, HTMLayoutVisitElements
kernel32.dll
InitializeCriticalSectionAndSpinCount, GetFileType, HeapCreate, QueryPerformanceCounter, HeapReAlloc, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetModuleFileNameA, GetStdHandle, IsProcessorFeaturePresent, LCMapStringW, SetLastError, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, IsValidCodePage, GetOEMCP, GetACP, InterlockedDecrement, InterlockedIncrement, GetCPInfo, WideCharToMultiByte, HeapAlloc, HeapFree, HeapSize, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, RaiseException, GetStartupInfoW, HeapSetInformation, GetCommandLineA, GetSystemTimeAsFileTime, DecodePointer, GetCurrentProcess, VirtualFree, OpenProcess, Sleep, GetLastError, VirtualAlloc, Process32FirstW, ProcessIdToSessionId, Process32NextW, CreateToolhelp32Snapshot, CloseHandle, GetPrivateProfileSectionNamesW, FindFirstFileW, GetUserDefaultLCID, GetPrivateProfileStringW, GetLocaleInfoW, GetModuleFileNameW, FindClose, FindNextFileW, CreateMutexW, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, GetFileSize, SetFilePointer, VirtualQuery, WriteFile, ReadFile, CreateFileW, MultiByteToWideChar, GetCurrentProcessId, ExitProcess, FindResourceW, LoadResource, GetTickCount, SizeofResource, GetTempPathW, LockResource, GetVersion, CreateThread, GetModuleHandleW, GetProcAddress, GetCurrentThreadId, LoadLibraryW, RtlUnwind, GetConsoleCP, GetConsoleMode, GetStringTypeW, SetStdHandle, WriteConsoleW, FlushFileBuffers, SetUnhandledExceptionFilter, EncodePointer, GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree
ole32.dll
CoUninitialize, CoInitializeSecurity, CoInitializeEx
shell32.dll
ShellExecuteW
shlwapi.dll
SHGetValueW, SHSetValueW, StrStrIW, PathRemoveFileSpecW, PathFindFileNameW
user32.dll
RegisterWindowMessageW, PostMessageW, LoadCursorW, RegisterClassExW, LoadIconW, CreateWindowExW, SetTimer, KillTimer, SetForegroundWindow, FindWindowExA, SetWindowPos, ShowWindow, SendMessageW, DefWindowProcW, SetProcessWindowStation, GetMessageW, CloseWindowStation, OpenDesktopW, CloseDesktop, TranslateMessage, SetThreadDesktop, OpenWindowStationW, DispatchMessageW, GetWindowThreadProcessId, GetShellWindow
userenv.dll
CreateEnvironmentBlock, DestroyEnvironmentBlock
wininet.dll
InternetCrackUrlW, InternetOpenW, HttpQueryInfoW, InternetConnectW, InternetCloseHandle, HttpSendRequestW, HttpOpenRequestW, InternetReadFile
wtsapi32.dll
WTSQueryUserToken, WTSQuerySessionInformationW

EFupdater.exe

By Faglaro Enterprises Limited (Signed)

Remove EFupdater.exe
Version:   1, 0, 0, 6
MD5:   d79643bc1ea43d6393b8c6f6e0bbb28a
SHA1:   802ac9323c8911b25b7ff102bbc8fc6c4b228fd8
SHA256:   3f4a56d74fd8bc81b2d99da954b55dd2610d384060fa5e99f6436c285ef26da0
Warning 10 antivirus scanners has detected malware.

Overview

efupdater.exe is malware that executes as a process with the local user's privileges typically within the context of its parent svchost.exe (Host Process for Windows Services by Microsoft Corporation). It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). It is installed with a couple of know programs including ExpressFiles published by Express Solutions, ExpressFiles from Express Solutions and ExpressFiles by Express Solutions.

DetailsDetails

File name:efupdater.exe
Typical file path:C:\Program Files\expressfiles\efupdater.exe
File version:1, 0, 0, 6
Product version:1,0,0,0
Size:1005 KB (1,029,120 bytes)
Build date:7/16/2013 11:12 AM
Certificate
Issued to:Faglaro Enterprises Limited
Authority (CA):COMODO CA Limited
Effective date:Wednesday, December 12, 2012
Expiration date:Sunday, December 13, 2015
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Express Solutions
  61% remove
No settings, no complications, unimaginable speed, with minimum effort and maximum simplicity! User-friendly interface anyone can manage. Built-in instant search tool with an amazingly intelligent algorithm! It's absolutely free. And, we are con- stantly working to make our product better. Ask why? It's simple! We like to make the Internet better, and staying there pleasant. It's totally unique. Very simple inter- face is specifically d...

BehaviorsBehaviors

Scheduled tasks
  • The job 'Express FilesUpdate' runs on logon in the path '\Express FilesUpdate'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path 'C:\WINDOWS\Tasks\Express FilesUpdate.job'
  • Login entry path '\Express FilesUpdate'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 10 of them detected the following malware.
Antivirus engineEngine versionDetection
Baidu Antivirus 3.5.1.41473 Trojan.Win32.Agent.peo
Bkav Security 1.3.0.4246 W32.HfsAuto.07ee
CAT Quick Heal 10.13.12.00 (Suspicious) - DNAScan
ESET NOD32 7.8891 a variant of Win32/YourFileDownloader.B
Fortinet 5.1.147.0 W32/YourFileDownloader.B
Kingsoft 2013.4.9.267 Win32.Troj.Generic.a.(kcloud)
McAfee 5.600.1067 Artemis!D79643BC1EA4
McAfee Gateway Anti-Malware v2013-dat Heuristic.LooksLike.Win32.SuspiciousPE.F
Symantec 20131.1.5.61 Suspicious.Cloud.5
VIPRE Antivirus 22200 Trojan.Win32.Generic!BT

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00233503%
0.028634%
Kernel CPU:0.00082546%
0.013761%
User CPU:0.00150957%
0.014873%
Kernel CPU time:312 ms/min
100,923,805ms/min
CPU cycles:478,399/sec
17,470,203/sec
Memory
Private memory:10.87 MB
21.59 MB
Private (maximum):13.35 MB
Private (minimum):718 KB
Non-paged memory:10.87 MB
21.59 MB
Virtual memory:87.1 MB
140.96 MB
Virtual memory (peak):95.25 MB
169.69 MB
Working set:1.42 MB
18.61 MB
Working set (peak):14.56 MB
37.95 MB
Page faults:27,556/min
2,039/min
I/O
I/O read transfer:52.37 KB/sec
1.02 MB/min
I/O read operations:2/sec
343/min
I/O other transfer:1.92 KB/sec
448.09 KB/min
I/O other operations:106/sec
1,671/min
Resource allocations
Threads:4
12
Handles:185
600
GUI GDI count:24
103
GUI GDI peak:28
142
GUI USER count:6
49
GUI USER peak:7
71

BehaviorsProcess properties

Integrety level:High
Platform:64-bit
Command line:"C:\Program Files\expressfiles\efupdater.exe"
Owner:User
Parent processes:

ResourcesThreads

Averages
 
ntdll.dll
Total CPU:0.01773623%
0.272967%
Kernel CPU:0.01773623%
0.107585%
User CPU:0.00000000%
0.165382%
CPU cycles:28,454/sec
5,741,424/sec
Memory:1.23 MB
1.16 MB
EFUpdater.exe (main module)
Total CPU:0.00189778%
Kernel CPU:0.00012271%
User CPU:0.00177507%
CPU cycles:53,320/sec
Memory:1.91 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 60.00%
Windows 7 Home Premium 16.67%
Microsoft Windows XP 10.00%
Windows 8.1 Pro Preview 10.00%
Windows 8 3.33%

Distribution by countryDistribution by country

United States installs about 33.33% of efupdater.exe.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 19.51%
Compaq 14.63%
Dell 14.63%
Gateway 9.76%
Acer 9.76%
Hewlett-Packard 9.76%
Samsung 7.32%
Alienware 7.32%
GIGABYTE 7.32%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE