Mar 25, 2016  Download Temporary File Cleaner - Effortlessly erase all temporary files that take a lot of space on your computer and gain more space using this simple software solution.

Temp File Cleaner is a software program developed by Addpcs. The most common release is 4.3.0, with over 98% of all installations currently using this version.

A scheduled task is added to Windows Task Scheduler in order to launch the program at various scheduled times (the schedule varies depending on the version). The primary executable is named tempfilecleaner.exe. The setup package generally installs about 5 files and is usually about 2.6 MB (2,723,884 bytes). Relative to the overall usage of users who have this installed on their PCs, most are running Windows 7 (SP1) and Windows 10. While about 59% of users of Temp File Cleaner come from the United States, it is also popular in United Kingdom and India.Program details.

. Name. Virtual Size.

Virtual Address. Size Of Raw Data. Pointer To Raw Data. Pointer To Relocations.

Pointer To Linenumbers. Number Of Relocations. Number Of Linenumbers. Characteristics. SECTION #6.rdata.

0x00000039. 0x000A4000. 0x00000200. 0x0009FC00. 0x00000000.

0x00000000. 0x00000000. 0x00000000. 0x50000040.

Autodata.v5.8.0.0.multilanguage. iso tbe. SECTION #7.reloc. 0x0000A980. 0x000A5000. 0x0000AA00. 0x0009FE00.

0x00000000. 0x00000000. 0x00000000.

0x00000000. 0x50000040. SECTION #8.rsrc. 0x0005FDA4. 0x000B0000. 0x0005FE00.

0x000AA800. 0x00000000.

0x00000000. 0x00000000.

0x00000000. 0x50000040. Tip: There is something I must emphasize. The file names listed above are infected by malicious code. It does not mean that all files named by these names are malicious files. Generate malicious files in the system folder or in the installation folder of some well-known software, and even name their own folder with an antivirus software name (actually the user did not install this antivirus software). In fact, these malicious files are not system files, nor part of the famous software.For example, one of the most common system file names is: explorer.exe, and under normal circumstances, the system only has an explorer.exe process. When you open the Task Manager and find that there are two or more explorer.exe processes, it is likely the camouflage of some malicious viruses.

As shown in the following figure, there are two explorer.exe processes in Task Manager.When I find the path where the file is located, it will be clear that the real explorer.exe system file is located under ' C: Windows', and the malicious file that pretends to be system process is under the other path. The kernel32.dll dynamic link library is loaded and the functions in the file are called: ( Kernel32.dll is a very important 32-bit dynamic link library file in the Windows operating system.

It is a kernel-level file. It controls the system's memory management, data input and output operations and interrupt handling. When the Windows operating system starts, kernel32.dll resides in a specific write-protected area of memory, so that other programs cannot occupy this memory area. ). GetTickCount: Retrieves the number of milliseconds that have elapsed since the system was started, up to 49.7 days. QueryPerformanceCounter: Retrieves the current value of the performance counter, which is a high resolution (.

The advapi32.dll dynamic link library is loaded and the functions in the file are called: ( Advapi32.dll is part of a high-level API application interface service library that contains functions related to object security, registry manipulation, and event logging. It is generally located in the system directory: WINDOWSsystem32 ). RegQueryValueExA: Retrieves the data associated with the default or unnamed value of a specified registry key. RegOpenKeyExA: Opens the specified registry key.

Note that key names are not case sensitive. The kernel32.dll dynamic link library is loaded and the functions in the file are called: ( Kernel32.dll is a very important 32-bit dynamic link library file in the Windows operating system. It is a kernel-level file. It controls the system's memory management, data input and output operations and interrupt handling. When the Windows operating system starts, kernel32.dll resides in a specific write-protected area of memory, so that other programs cannot occupy this memory area. ).

TlsSetValue: Stores a value in the calling thread's thread local storage (TLS) slot for the specified TLS index. Each thread of a process has its own slot for each TLS index.

TlsGetValue: Retrieves the value in the calling thread's thread local storage (TLS) slot for the specified TLS index. Each thread of a process has its own slot for each TLS index. GetModuleHandleA: Retrieves a module handle for the specified module. The module must have been loaded by the calling process. The advapi32.dll dynamic link library is loaded and the functions in the file are called: ( Advapi32.dll is part of a high-level API application interface service library that contains functions related to object security, registry manipulation, and event logging. It is generally located in the system directory: WINDOWSsystem32 ). RegQueryValueExA: Retrieves the data associated with the default or unnamed value of a specified registry key.

RegOpenKeyExA: Opens the specified registry key. Note that key names are not case sensitive. OpenProcessToken: This function opens the access token associated with a process. LookupPrivilegeValueA: This function retrieves the locally unique identifier (LUID) used on a specified system to locally represent the specified privilege name.

GetUserNameA: Retrieves the name of the user associated with the current thread. AdjustTokenPrivileges: The AdjustTokenPrivileges function enables or disables privileges in the specified access token. The kernel32.dll dynamic link library is loaded and the functions in the file are called: ( Kernel32.dll is a very important 32-bit dynamic link library file in the Windows operating system.

It is a kernel-level file. It controls the system's memory management, data input and output operations and interrupt handling. When the Windows operating system starts, kernel32.dll resides in a specific write-protected area of memory, so that other programs cannot occupy this memory area. ). WaitForSingleObject: Waits until the specified object is in the signaled state or the time-out interval elapses. TerminateProcess: Ends the calling process and all its threads. SetEvent: Sets the specified event object to the signaled state. SetErrorMode: Controls whether the system will handle the specified types of serious errors or whether the process will handle them.

ResumeThread: Decrements a thread's suspend count. When the suspend count is decremented to zero, the execution of the thread is resumed. OpenProcess: Opens an existing local process object. LoadLibraryA: Loads the specified module into the address space of the calling process.

The specified module may cause other modules to be loaded. GetTickCount: Retrieves the number of milliseconds that have elapsed since the system was started, up to 49.7 days. GetSystemInfo: Retrieves information about the current system. GetStdHandle: Retrieves a handle to the specified standard device (standard input, standard output, or standard error).

GetProcAddress: Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). GetModuleHandleA: Retrieves a module handle for the specified module. The user32.dll dynamic link library is loaded and the functions in the file are called: ( User32.dlll is a Windows user interface related application program interface for Windows processing, basic user interface and other features, such as creating windows and sending messages. ). MapVirtualKeyA: Translates (maps) a virtual-key code into a scan code or character value, or translates a scan code into a virtual-key code. GetWindowRect: Retrieves the dimensions of the bounding rectangle of the specified window. The shell32.dll dynamic link library is loaded and the functions in the file are called: ( Shell32.dll is an important file stored in the WindowsSystem32 folder.

Normally it is created automatically during the installation of the operating system and is critical to the normal operation of the system. Under normal circumstances, users are not advised to make arbitrary modifications to this type of file. Its existence plays an important role in maintaining the stability of the computer system. ). ShellExecuteExA: Performs an operation on a specified file. The following files have been identified as malicious files.

Some files are variants of tempcleaner.exe; some files are another type of malicious file, but use the same file name as tempcleaner.exe.It is a simple and effective way to determine whether a file is a malicious file by a hash value, which has lower false detection rate than the 'static signature' method. So, if the MD5 value of a file on the computer is the same as the MD5 value listed below, then it is sure that the file is a malicious file.This is my analysis results to the code of each malicious below, mainly provided to industry professionals who engage in the maintenance of computer security. If you are interested, you can also have a view, but it may require certain computer knowledge. Method 1: Manual Removal. Reboot the system and then enter safe mode (Click here to see how each Windows version (XP/Vista/7/8/10) goes into safe mode). Open Task Manager and if tempcleaner.exe is running, end this program. Show all hidden files.Step: 'My Computer' - 'Floder Options' -'View' - 'Show hidden files, folders, and drives'. Malicious code used to generate or infect files on the following paths, so you need to one by one go into the following path, and delete all files tempcleaner.exe, tempcleaner.txt. Method 2: Automatic Removal Using Tools (Recommended)This is free virus detection software, and it can be well compatible with many well-known anti-virus software, so users do not have to uninstall anti-virus software on the computer.It is 'environmentally friendly' for computers. After downloading, it can be used by decompression and without installation.

In the process of running, it will not write any information to the registry, nor create any new files to the Windows folder of the system disk. When you do not need it, you can delete it. It will not leave any spam information on your computer.When you find your operating system is abnormal, and the file name listed above appears in the Task Manager, or there are several processes in running with the same name as the core file name, it is best to download the anti-virus software to check your system. Enter the file name, or file MD5, for the query. You can also scan a file online. Click the 'Upload File' button, and then click the 'submit' button, to immediately detect whether the file is a virus. (Tip: The maximum size of the file uploaded cannot exceed 8MB)How do I use the T21 engine for online scanning?T21 can detect unknown files online, mainly using 'behavior-based' judgment mechanism.

It is very simple to use T21.1. Click the ' Upload File' button, select the file you want to detect, and then click ' Submit'.2.

The next step is to wait for the system to check, which may take a little time, so please be patient.3. When the T21 scan engine finishes detection, the test results are immediately fed back, as shown below:. If you suspect that there are malicious files on your computer, but you cannot find where they are, or if you want to make a thorough check on your computer, you can download the automatic scanning tool.If you want to know what kind of T21 system is, you can to view the introduction of T21. You can also to read the original intention and philosophy of my development of T21 system.Other captured malicious files.