Versions

16.0.3.51	9.89%
16.0.2.32	4.56%
16.0.1.18	6.08%
16.0.0.282	32.32%
15.0.6.14	21.67%
15.0.5.109	11.03%
15.0.4.53	4.18%
15.0.2.72	1.14%
15.0.1.13	1.90%
12.0.1.669	0.38%
12.0.1.666	3.04%
12.0.1.647	0.38%
12.0.1.633	0.38%
12.0.1.609	0.38%
0.1.1.868	0.38%
0.1.1.831	0.38%
0.1.1.137	0.76%
0.1.0.4279	1.14%

Relationships

realsched.exe

RealPlayer (32-bit) by RealNetworks (Signed)

Remove realsched.exe

Warning 27 antivirus scanners has detected malware in various versions of realsched.exe.

Overview

There are 18 versions of realsched.exe in the wild, the latest version being 16.0.3.51. realsched.exe is run as a standard windows process with the logged in user's account privileges. During installation, a run registry key for all users is added that will cause the program to run each time any user logs on to Windows. The average file size is about 253.63 KB. The file is a digitally signed and issued to RealNetworks by Thawte. Some variations of the file have been seen to be installed with the program RealPlayer from RealNetworks, Inc.. During the process's lifecycle, the typical CPU resource utilization is less than 0.01%, the average private memory consumption is about 2.22 MB. Addionally, typically read and write I/O disk operations is about 5.24 KB per minute for reads and 36 Bytes per minute for writes.

What is realsched.exe?

RealNetworks Scheduler
RealUpgrade Launcher is part of RealPlayer, by RealNetworks, a cross-platform software product primarily used for the playing of recorded media. The media player is compatible with numerous formats within the multimedia realm, including MP3, MPEG-4, QuickTime, Windows Media, and multiple proprietary versions of RealAudio and RealVideo formats.

About realsched.exe (from RealNetworks)

“Real brings you RealPlayer, the only solution you’ll need for managing all your music and videos. It’s the best free media player around for enjoying all types of entertainment! You can also transfer ”

Details

File name:	realsched.exe
Publisher:	RealNetworks, Inc.
Product name:	RealPlayer (32-bit)
Description:	RealNetworks Scheduler
Typical file path:	C:\Program Files\real\realplayer\update\realsched.exe
Certificate
Issued to:	RealNetworks
Authority (CA):	Thawte
Effective date:	Sunday, August 15, 2010
Expiration date:	Tuesday, August 16, 2011

Programs installed in

(Note, the programs listed below are for all versions of RealPlayer (32-bit) .)

RealPlayer

RealNetworks, Inc.

27% remove

RealPlayer is a cross-platform software product primarily used for the playing of recorded media. The media player is compatible with numerous formats within the multimedia realm, including MP3, MPEG-...

Behaviors

(Note, the behaviors below are for all versions of realsched.exe, select a unique version for details.)

Startup files (all users) run

Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'TkBellExe' → "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

Autoplay handlers

Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'

Handler name 'RPPlayMediaOnArrival'
Handler name 'RPPlayDVDMovieOnArrival'
Handler name 'RPPlayCDAudioOnArrival'
Handler name 'RPDVDBurningOnArrival'
Handler name 'RPDeviceOnArrival'

Scheduled tasks

The job 'RealCreateProcessScheduledTask7880094S-1-5-21-2355705715-2703073010-2366679147-1000' runs on registration in the path '\RealCreateProcessScheduledTask7880094S-1-5-21-2355705715-2703073010-2366679147-1000'
The job 'RealCreateProcessScheduledTask90546427S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask90546427S-1-5-21-1484444706-205473755-680422138-1000'
The task 'RealCreateProcessScheduledTask8247866S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask8247866S-1-5-21-1484444706-205473755-680422138-1000'
The job 'RealCreateProcessScheduledTask7205342S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask7205342S-1-5-21-1484444706-205473755-680422138-1000'
The task 'RealCreateProcessScheduledTask56948664S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask56948664S-1-5-21-1484444706-205473755-680422138-1000'
The job 'RealCreateProcessScheduledTask425531072S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask425531072S-1-5-21-1484444706-205473755-680422138-1000'
The task 'RealCreateProcessScheduledTask41220690S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask41220690S-1-5-21-1484444706-205473755-680422138-1000'
The job 'RealCreateProcessScheduledTask408135057S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask408135057S-1-5-21-1484444706-205473755-680422138-1000'
The task 'RealCreateProcessScheduledTask3919119S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask3919119S-1-5-21-1484444706-205473755-680422138-1000'
The job 'RealCreateProcessScheduledTask361147400S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask361147400S-1-5-21-1484444706-205473755-680422138-1000'
The task 'RealCreateProcessScheduledTask343337421S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask343337421S-1-5-21-1484444706-205473755-680422138-1000'
The job 'RealCreateProcessScheduledTask341536093S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask341536093S-1-5-21-1484444706-205473755-680422138-1000'
The task 'RealCreateProcessScheduledTask336132281S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask336132281S-1-5-21-1484444706-205473755-680422138-1000'
The job 'RealCreateProcessScheduledTask333730708S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask333730708S-1-5-21-1484444706-205473755-680422138-1000'
The task 'RealCreateProcessScheduledTask310249453S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask310249453S-1-5-21-1484444706-205473755-680422138-1000'
The job 'RealCreateProcessScheduledTask303935063S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask303935063S-1-5-21-1484444706-205473755-680422138-1000'
The task 'RealCreateProcessScheduledTask291419212S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask291419212S-1-5-21-1484444706-205473755-680422138-1000'
The job 'RealCreateProcessScheduledTask28162922S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask28162922S-1-5-21-1484444706-205473755-680422138-1000'
The task 'RealCreateProcessScheduledTask2718301S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask2718301S-1-5-21-1484444706-205473755-680422138-1000'
The job 'RealCreateProcessScheduledTask2637462S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask2637462S-1-5-21-1484444706-205473755-680422138-1000'
The task 'RealCreateProcessScheduledTask261177731S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask261177731S-1-5-21-1484444706-205473755-680422138-1000'
The job 'RealCreateProcessScheduledTask208385667S-1-5-21-1484444706-205473755-680422138-1000' runs on registration in the path '\RealCreateProcessScheduledTask208385667S-1-5-21-1484444706-205473755-680422138-1000'

Malware detections

Based on 40+ industry antivirus scanners, 27 of them detected the following malware.

Antivirus engine	Engine version	Detection	File version
Avira AntiVir	7.11.64.68	TR/Dropper.Gen	0.1.1.868
avast!	6.0.1289.0	Win32:Malware-gen	0.1.1.868
AVG	2014.0.3629	Dropper.Generic7.CCPG	0.1.1.868
BitDefender	7.2	Gen:Variant.Barys.290	0.1.1.868
Comodo Internet Security	15850	Heur.Suspicious	16.0.0.282
Comodo Internet Security	17682	Heur.Suspicious	16.0.1.18
Comodo Internet Security	15518	UnclassifiedMalware	0.1.1.868
Emsisoft Anti-Malware	3.0.0.569	Gen:Variant.Barys.290 (B)	0.1.1.868
ESET NOD32	7.8099	a variant of MSIL/Injector.AFM	0.1.1.868
Fortinet	5.0.43.0	MSIL/Kryptik.GVV!tr	0.1.1.868
F-Secure	11.0.19020.35	Gen:Variant.Barys.290	0.1.1.868
G Data	13.10.22	Gen:Variant.Barys.290	0.1.1.868
Ikarus	T3.1.4.0.0	VirTool.MSIL	0.1.1.868
Jiangmin	16.0.100	Trojan/Generic.aiocv	0.1.1.868
Kaspersky	9.0.0.837	HEUR:Trojan.Win32.Generic	0.1.1.868
Kingsoft	2013.1.8.219	Win32.Troj.Undef.(kcloud)	0.1.1.868
McAfee	5.400.1158	Suspicious Resource!msil	0.1.1.868
McAfee Gateway Anti-Malware	v2012.1-dat	Artemis!79BFEE40D13A	0.1.1.868
Microsoft Security Essentials	1.9203.0	VirTool:MSIL/Injector.CT	0.1.1.868
eScan by MicroWorld	12.0.250.0	Gen:Variant.Barys.290	0.1.1.868
Norman	7.00.22	Troj_Generic.IHISF	0.1.1.868
Panda Antivirus	10.0.3.5	Trj/CI.A	0.1.1.868
PC Tools	9.0.0.2	HeurEngine.ZeroDayThreat	0.1.1.868
Rising Antivirus	24.52.04.01	Trojan.Win32.Generic.142A2C74	0.1.1.868
Sophos	4.86.0	Mal/Generic-S	0.1.1.868
Trend Micro HouseCall	9.700.0.1001	TROJ_GEN.R47H1C8	0.1.1.868
VIPRE Antivirus	15956	Trojan.Win32.Generic!BT	0.1.1.868

All file variations of realsched.exe

MD5	SHA-1	File size
f6158734f1e24c6c510155cf0d363911	15d83b99ad9bf859971a3e2b0ecc1ddd0d48b871	288.59 KB
225518f190edbc37ca32197a3e94b498	40abb8a714606dc0611c8d0a3a711c47d1397224	288.59 KB
7f2691fd961c9a704da221745cce6295	86e7fec0e6373fdc51f17ad24d7fa089ac3829e5	288.59 KB
48e6868781b4e8bf4b77dbec7694bce8	a53c6999213b57ce37a0a24dc28aaa1937ac49c0	288.16 KB
a73731a0b0a165907799e9afb461f856	3c5af46aa972ecfdcd3b2433cd1665a194c8b63e	289.16 KB
a05602fcf939a0a051d0cdf8c5ceda98	b7a3790cb7de54ae206e7653b80d3f5a8d4e698a	289.16 KB
8e53b67fa3816e854b07c5dc66e10730	da4fe7632ed771258bb0d5e5ee1efd9bece8086e	289.12 KB
0ec18f61e86f87c0ade782920b403d9a	e6f449fd79a4c9201e93d343ea420e93cb7bdf0e	289.12 KB
4f8dd1cea5412541283f1e9ee02f7ab2	f55cb954f91008fcbc58a7f146be06d9d2f600af	289.12 KB
2aa60514b683f15cf484c4a9f21c3425	f069024163671e4d59b1c91dd17ed88f2ba43415	267.12 KB
0dd53ab39a617d08b41db6f628ff3a84	6ab98f9cf50dcd36c943ee8354a9a379468280da	267.12 KB
b114db354d13a21c1ac2b1807ee2f500	18d765cfdd1925f8b3a81cac2624eb71db34480c	267.13 KB
4b4d7626e7330f091100bfc22230ecf0	c0dbbfe6cdac953e68b6ee11684d1de6e921598e	267.13 KB
869513ca8428f231c7cac62a6f9b974a	a13ebab88463315185bc11c16340df0019c626de	268.17 KB
79bfee40d13a25039a7c7885290d3f8d	ce52cfe3e2ff5bc29fccd217f05951fbbf71b39a	56.5 KB
c2444b96b191e83451c3e888d0a2db71	de71c9e9704f96b9f1078210541a695072ff0bfa	197.52 KB
5676e75f98ff8e0f81dff604a09288bb	f6072722d007c5b3e9b221bdd5061c8e6f877a04	193.52 KB
74bc945eb2584e90619a56ef5028ab0f	08b04794ef52f44785cfad7c1070713dd056839a	181.54 KB

Distribution by Windows OS

OS version	distribution
Windows 7 Ultimate	25.10%
Windows 7 Home Premium	19.77%
Microsoft Windows XP	14.07%
Windows 7 Home Basic	12.17%
Windows Vista Home Premium	6.46%
Windows 7 Professional	6.08%
Windows 7 Ultimate N	3.80%
Windows XP Professional	3.42%
Windows 8	3.04%
Windows 8 Pro	2.28%
Windows Vista Home Basic	1.52%
Windows 8 Enterprise	0.76%
Windows 8 Single Language	0.76%
Windows Vista Ultimate	0.38%
Windows 8 Pro with Media Center	0.38%

Distribution by country

United States installs about 33.33% of RealPlayer (32-bit) .

Distribution by PC manufacturer

PC Manufacturer	distribution
Toshiba	36.44%
Dell	16.00%
Hewlett-Packard	11.11%
Acer	11.11%
Sony	10.67%
ASUS	3.56%
Intel	3.56%
Lenovo	2.67%
GIGABYTE	2.22%
Samsung	1.33%
Compaq	0.89%
American Megatrends	0.44%

Remove Adware and Spyware Programs, FREE Download!