Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Relationships
Parent process
Related files
tuto4pc_pl_1.exe
By Tuto4PC.com (Signed)
MD5: | ad2b0948533b2057dcfdb9bddc949c88 |
SHA1: | d9c0757491e8d3ec418112d43c499d97eb583048 |
SHA256: | 1534c67c67d7eb53dc25f5902b4749f15892f9aeba0d7f48c4fe197604dbd8a3 |
Warning 5 antivirus scanners has detected malware.
Overview
tuto4pc_pl_1.exe is malware that executes as a process with the local user's privileges typically within the context of its parent
ucammonitor.exe (MgiSvr by ArcSoft). It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). This is typically installed with the program Tuto4pc published by Tuto4pc and is most likely removed by most users once installed (82% removed). This particular version is usually found on Windows 7 Home Premium (6.1.7601.65536).
Details
File name: | tuto4pc_pl_1.exe |
Typical file path: | C:\Program Files\tuto4pc\tuto4pc_pl_1.exe |
Size: | 3.68 MB (3,854,696 bytes) |
Certificate |
Issued to: | Tuto4PC.com |
Authority (CA): | GlobalSign nv-sa |
Effective date: | Thursday, October 27, 2011 |
Expiration date: | Sunday, October 27, 2013 |
Digital DNA |
File packed: | No |
.NET CLR: | No |
More details
Programs
The following program will install this file
This is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings. In some cases, the program will monitor a user's behavior and will inject rival advertisements over existing one or just inject new ones all together.
Behaviors
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Tutorials' → "C:\Program Files\TUTO4PC\tuto4pc_pl_1.exe"
Malware detections
Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
Antivirus engine | Engine version | Detection |
avast! |
6.0.1289.0 |
Win32:Eorezo-BL [PUP] |
Comodo Internet Security |
16287 |
UnclassifiedMalware |
Emsisoft Anti-Malware |
3.0.0.575 |
Adware.Win32.EoRezo.AMN (A) |
eSafe |
7.0.17.0 |
Win32.Trojan |
ESET NOD32 |
7.8352 |
a variant of Win32/Adware.EoRezo.AO |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00016747% | |
Kernel CPU: | 0.00007160% | |
User CPU: | 0.00009587% | |
Kernel CPU time: | 41,496,266 ms/min | |
Memory |
Private memory: | 7.57 MB | |
Private (maximum): | 9.02 MB | |
Private (minimum): | 424 KB | |
Non-paged memory: | 7.57 MB | |
Virtual memory: | 104.51 MB | |
Virtual memory (peak): | 120.84 MB | |
Working set: | 2.97 MB | |
Working set (peak): | 14.05 MB | |
Page faults: | 595,785/min | |
Resource allocations |
Threads: | 9 | |
Handles: | 175 | |
GUI GDI count: | 32 | |
GUI GDI peak: | 34 | |
GUI USER count: | 1 | |
GUI USER peak: | 4 | |
Process properties
Distribution by Windows OS
OS version | distribution |
Windows 7 Home Premium |
100.00% |
|