After just buying Avast IS i noticed in startup time in my Samsung utility this appeared EFUPDATER.EXE Express files update.
After a bit of googling i discovered it is used to check for program updates on boot up.
My question is,is this part of the software updater in Avast or is it some sort of malware.
Thanks in advance. ???
No, it’s not part of avast!.
I’d suggest to check the properties of the file - you may find some info there.
Thanks for your quick reply,but although the location of this file is in program files it appears to be invisible.
Can’t see how to get rid of it.
do you have this program installed? http://express-files.com/
you can upload and check suspicious file(s) here www.virustotal.com test with 40+ malware scanners
click the additional info for details about the file
you may post link to scan result here
Thanks for your help.I can’t find the program installed in add or remove or in revo uninstaller pro.
I also can’t find anything where it says it resides,which is c\program files(x86\ExpressFiles\EFUpdater.exe
Here’s a screenshot from Samsung utility.
Try using task manager to view the running process, right click it and open file location, once found you should be able to view properties to find out what and who the process belongs to.
EFUPDATER.EXE could be part of bundled software installed by Samsung if you never installed it yourself.
Yeah,already checked task manager and i can’t find anything there.
I think you might be right about it be part of the Samsung bundle because
it does have a software updater program.
Maybe it’s ok and i’m just being paranoid.
If you cant view it in program files it might be hidden, open explorer and go to file options/view and tick show hidden files.
I already had view hidden files checked but it does’nt show anywhere.
Hmmm! strange, is there a Samsung folder in program files? it might be in there if it is bundled Samsung junk :-\
If you don’t end up having any luck with it you could run a OTL scan http://forum.avast.com/index.php?topic=53253.msg451454 and attach the log file back here for one of the malware specialists to look over
In start menu there’s a Samsung bundle folder and two of the bundles are Samsung
update plus and SW update but no sign of EFUpdater.exe or express files update.
Here’s the OTL logs.
I wonder if it is this service starting it
SRV - [2013/04/09 17:00:02 | 002,921,520 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] – C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe – (SWUpdateService)
It may be worth putting the start for this to manual, rebooting and seeing if the other file appears
I changed it to manual and rebooted,what do i check for now?
Check to see whether the EFUPDATER.EXE is running
Still can’t see EFUPDATER.EXE anywhere.
I would expect it to be part of the system updater, now you have disabled that service there should be no more instances of it running. There was no indication of malware in your logs
Thanks for your help essexboy. 
Let me know if it returns (it shouldn’t) and I will look deeper
Run OTL and press the clean-up button to remove it and its associated files
OK will do,thanks again for your help.