Express Files

By ESGI Advisor in Potentially Unwanted Programs

Express Files is a potentially unwanted toolbar that may be spread to PCs via Conduit and install a Conduit OurToolbar in Web browsers such as Internet Explorer, Google Chrome and Mozilla Firefox. Express Files may gather and store information about a PC user's Web browsing and transmit this information to OurToolbar so they can suggest services or display relevant pop-up or banner advertisements via the toolbar. Express Files may change the default start page, search engine or a new tab window with Conduit.com. Express Files may also replace the browser's search box and auto-search settings. Express Files may redirect computer users to 'page not found' error websites. Express Files may carry out daily auto-updates. Express Files may integrate with the PC user's Facebook profile, which may require the computer user to approve to do so. In doing so, Conduit may have access to the computer user's profile feed and friends list.

File System Details

Express Files may create the following file(s):
# File Name Detections
1. express-filesToolbarHelper.exe
2. prxtbexpr.dll
3. uninstall.exe
4. hk64tbexpr.dll
5. C:\Program Files\express-files\tbexpr.dll
6. hktbexpr.dll
7. ldrtbexpr.dll
8. %Common Desktop%\ExpressFiles\ExpressFiles.lnk"
9. %Common Desktop%\ExpressFiles\current-cloud.en.html"
10. %Common Desktop%\ExpressFiles\current-cloud.fr.html"
11. %Common Desktop%\ExpressFiles\uninstall.exe"
12. %AppData%\ExpressFiles\current-cloud.html"
13. %Common Desktop%\ExpressFiles.lnk"
14. %Common Desktop%\ExpressFiles\current-cloud.ru.html"
15. %Common Desktop%\ExpressFiles\EFupdater.exe"
16. %WinDir%\Tasks\Express Files Updater.job"
17. %Common Desktop%\ExpressFiles\Uninstall.lnk"
18. %Common Desktop%\ExpressFiles\current-cloud.de.html"
19. %Common Desktop%\ExpressFiles\ExpressDL.exe"
20. %Common Desktop%\ExpressFiles\ExpressFiles.exe"

Registry Details

Express Files may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\ExpressFiles.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%PROGRAMFILES%\ExpressFiles\ExpressDL.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%PROGRAMFILES%\ExpressFile
HKEY_USERS\.DEFAULT\Software\ExpressFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%PROGRAMFILES%\ExpressFiles\ExpressDL.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%PROGRAMFILES%\ExpressFiles\ExpressFiles.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%PROGRAMFILES%\ExpressFiles\ExpressFiles.exe
HKEY_CURRENT_USER\Software\ExpressFiles
HKEY_LOCAL_MACHINE\SOFTWARE\ExpressFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%PROGRAMFILES%\ExpressFiles\ExpressFiles.exe
s\ExpressDL.exe

URLs

Express Files may call the following URLs:

Expressfiles.OurToolbar.com

Trending

Most Viewed

Loading...