home

mtpc.exe

MyTurboPC

MyTurboPC LLC

The executable mtpc.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program MyTurboPC by MyTurboPC.com which is a potentially unwanted software program.
Publisher:
MyTurboPC.com  (signed by MyTurboPC LLC)

Product:
MyTurboPC

Version:
3.3.23.0

MD5:
9abd2bd40f765a7f118ced9064ccbb22

SHA-1:
be5331e28be47a47d0005fc0d26587cf6a1dd6b5

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/27/2024 4:08:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
17.3.1.23

File size:
5.6 MB (5,872,064 bytes)

Product version:
3.3.23.0

Copyright:
Copyright © 2017 MyTurboPC.com

Original file name:
mtpc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\myturbopc.com\myturbopc\mtpc.exe

Digital Signature
Signed by:
MyTurboPC LLC

Authority:
Symantec Corporation

Valid from:
3/14/2016 8:00:00 PM

Valid to:
3/15/2017 7:59:59 PM

Subject:
CN=MyTurboPC LLC, O=MyTurboPC LLC, L=Elkhart, S=Indiana, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
47FEB1362892142E48C59A37E851814A

File PE Metadata
Compilation timestamp:
2/24/2017 1:46:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x359FBE

Entry point:
E8, 28, 5F, 01, 00, E9, 7F, FE, FF, FF, 3B, 0D, C0, 35, 91, 00, 75, 02, F3, C3, E9, 61, 29, 00, 00, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 6D, 8B, 45, 08, 85, C0, 75, 13, E8, B4, 6F, 00, 00, 6A, 16, 5E, 89, 30, E8, 49, 04, 01, 00, 8B, C6, EB, 53, 57, 8B, 7D, 10, 85, FF, 74, 14, 39, 75, 0C, 72, 0F, 56, 57, 50, E8, EB, 81, 00, 00, 83, C4, 0C, 33, C0, EB, 36, FF, 75, 0C, 6A, 00, 50, E8, 29, 88, 00, 00, 83, C4, 0C, 85, FF, 75, 09, E8, 73, 6F, 00, 00, 6A, 16, EB, 0C, 39, 75, 0C, 73, 13, E8, 65...
 
[+]

Entropy:
6.6393

Code size:
4.1 MB (4,290,048 bytes)

Scheduled Task
Task name:
MyTurboPC Startup

Path:
C:\WINDOWS\Tasks\MyTurboPC Startup.job

Trigger:
Logon (Runs on logon)

Description:
Runs MyTurboPC at startup.


The file mtpc.exe has been discovered within the following program.

MyTurboPC  by MyTurboPC.com
Publisher's description - “MyTurboPC is a comprehensive diagnostic program that increases the speed, performance and security of your Windows based personal computer. It cleans your registry, defrag your PC or manage startup items to increase overall speed and performance.”
www.MyTurboPC.com
64% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-21-146-119.compute-1.amazonaws.com  (52.21.146.119:80)

TCP (HTTP):
Connects to ec2-54-152-186-3.compute-1.amazonaws.com  (54.152.186.3:80)

TCP (HTTP):
Connects to h66-38-130-217.gtcust.grouptelecom.net  (66.38.130.217:80)

TCP (HTTP):
Connects to a23-47-144-26.deploy.static.akamaitechnologies.com  (23.47.144.26:80)

TCP (HTTP):
Connects to a23-47-144-24.deploy.static.akamaitechnologies.com  (23.47.144.24:80)

TCP (HTTP):
Connects to ec2-52-73-217-72.compute-1.amazonaws.com  (52.73.217.72:80)

TCP (HTTP):
Connects to server-52-84-25-51.sea32.r.cloudfront.net  (52.84.25.51:80)

TCP (HTTP):
Connects to server-52-84-25-104.sea32.r.cloudfront.net  (52.84.25.104:80)

TCP (HTTP):
Connects to server-54-230-5-105.dfw3.r.cloudfront.net  (54.230.5.105:80)

TCP (HTTP):
Connects to server-52-84-25-76.sea32.r.cloudfront.net  (52.84.25.76:80)

TCP (HTTP):
Connects to server-52-84-25-253.sea32.r.cloudfront.net  (52.84.25.253:80)

TCP (HTTP SSL):
Connects to ec2-52-22-119-8.compute-1.amazonaws.com  (52.22.119.8:443)

TCP (HTTP):
Connects to a23-47-144-19.deploy.static.akamaitechnologies.com  (23.47.144.19:80)

TCP (HTTP):
Connects to a23-47-144-17.deploy.static.akamaitechnologies.com  (23.47.144.17:80)

TCP (HTTP):
Connects to a23-34-63-144.deploy.static.akamaitechnologies.com  (23.34.63.144:80)

TCP (HTTP):
Connects to a23-34-63-106.deploy.static.akamaitechnologies.com  (23.34.63.106:80)

Remove mtpc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.