ETD Control Helper in System32 - Should I delete it?
MisteryBean Posted messages 8946 Registration date Status Modérateur Last intervention -
Hello,
I have a program that prevents my PC from shutting down:
ETD Control Helper, location C:\ WINDOWS\system32\ETDCtrl.exe
In Properties, here's what it says:
File version: 22.0.0.15
Copyright: ELAN Microelectronics Corp. Copyright(C) 2003-2020
Size: 1.20 MB
Language: Chinese (Traditional, Taiwan)
Original file: ETDCtrl.exe
It is accompanied by several files, all in system32.
It cannot be deleted without administrative rights.
Is this a malicious program? I've read conflicting information about this file, particularly about its normal location. Is it legitimate for it to be in WINDOWS System32, or should it be in a different location?
Can I delete it?
Thank you in advance.
8 réponses
Hello,
This is a pre-installed Asus program that relates to the touchpad. You should not touch anything in System32, as it is an essential and protected folder in Windows, and you risk crashing your PC.
-
We will start with a diagnosis of the PC :
Be sure to read the entire procedure before posting the reports
Do not post them directly in messages as they are unreadable and incomplete
The reports FRST.txt and Addition.txt are expected
All reports must be hosted on https://security-x.fr/up/ and you must include the links obtained in your response
---------------------------------------------------------------------------------------------
--> The SmartScreen filter may trigger an alert. Click on Actions or More Information then on Run anyway
---------------------------------------------------------------------------------------------
--> Download the FRST version of Farbar, compatible with your system and save the file on your Desktop
--> For a 32-bit system
--> For a 64-bit system
How to know which version 32 bits or 64 bits is running on my system?
--> Wait for your browser to offer you the download to save, without clicking anywhere, especially not on the sponsors of the page.
--> Close all applications, including your browser
--> Double-click on FRST.exe and click Yes to accept the Disclaimer
--> Under Vista, Windows 7 / 8 and 10, you need to run the file by right-clicking -> Run as administrator
--> Wait for it to indicate The tool is ready to work
--> In the main menu, click on Scan and wait for the analysis to complete
--> At the end of the scan, the reports FRST.txt and Addition.txt are created. Post these reports in your next response.
--> The reports are saved in the same location as the tool and under C:\FRST\Logs
RE_
- Last week, I was infected by the Trojan ICED ID, which I was able to remove thanks to MalwareBytes detection during a manual scan.
Can you post the report where this detection is found?
Open Malwarebytes then :
=> Click on the Report tab
=> Select the corresponding file --> Click on view report
=> Click on export --> Text File (TXT)
=> The Save file dialog opens
=> Give it a name and save it on the Desktop
=> Host the report at https://security-x.fr/up/ and include the link in your next reply.
THEN :
=> Open FRST as administrator, in the Search window, copy/paste searchall: ETDCtrl.exe;ETD Control Helper
=> Click on search files
=> A search.txt file is created, post it on https://up.security-x.fr/ and provide the obtained link
RE_
Malwarebytes detected a false positive. This DLL belongs to EDGE.
This is an issue that has been recurring with CCleaner for a long time and has not been fixed:
Regarding ETDCtrl.exe, try updating the related program and see what happens:
Hello,
I'm following up on this subject after several weeks because I have this ETDCtrl.exe that has reactivated after the Windows 11 22h2 update.
There are 2 processes in the task manager:
- ETD Control Helper
- ETD Control Center Helper
The location of these files is C:\Windows\System32
I know that MisteryBean said that files in System32 should not be deleted.
But when I check certain sites like file.net or others, it says that if ETDCtrl.exe is in System32, its danger level is 84% and it could be a virus/trojan.
It is also said that these files should normally be found in the C:\Program files.... folder under normal circumstances.
Hence my question:
Should I delete ETD something or is it still legitimate?
I should mention that I scanned these files with MalwareBytes and BitDefender, and there were no detections...
Thank you in advance for any help provided.
RE_
I know that MisteryBean said that the files in System32 should not be deleted.
Yes, I confirm, unless you know exactly what you are doing.
But when I visit certain sites like file.net or others, it says that if ETDCtrl.exe is in System32, its danger level is 84% and it could be a virus/trojan.
We can find better sites for info!!!!!!!
If in doubt, have it analyzed on Virustotal.
**********************
This EXE is part (as already said) of the PAD drivers, but Elan should not be as empty as Windows for its updates and that causes a problem.
Download r18vu36w.exe, install it and see what happens.
Hello, okay thanks.
I'll check with Virus Total, thanks.
However, I have the impression that these files are unnecessary: When I do "End Task" in the task manager, my PAD still works, which means these files are not "vital" for my PAD.
Can I disable them? If so, how do I do that with the Registry Editor please?
Thanks in advance.