Inactive Cpuz143 unmasked. Beware!


TS Rookie
I am passing along to your community what I have learned about the cpuz143 folder that may lurk in C:\Windows\Temp\. I recondition Dell laptops, and I have found this folder in both Windows 7 and Windows 10. Here are disturbing facts:

1) Simple attempts to delete this folder or the cpuz143_x64.sys contained within it are greeted by the message "Access denied." Very suspicious behavior in a Temp folder!

2) Rename and remove the file, and it will re-appear on your computer's next restart. A Zombie file that won't stay dead!

3) The file cpuz143_x64.sys appears to be a valid CPUID file, except it dates to 2008! As often as my browsers are getting security updates, I can't believe an 11 year old file is secure! The age and the strange location thoroughly belie it's innocence.

The software that I previously installed on all my laptops, and responsible for the appearance of the cpuz143 folder, is: Advanced SystemCare!

I have cleansed more than 8 computers of it. 1) start Windows in Safe Mode, 2) use IOBIT Uninstaller and "remove all traces", 3) restart the computer and 4) run MalwareBytes to remove final leftovers. It has stopped coming back!

MalwareBytes correctly, in my opinion, identifies Advanced SystemCare as a PUP (Potentially Unwanted Program.) I wholeheartedly agree! I don't know what Advanced SystemCare is doing with the cpuz143_x64.sys file, but I don't trust files that are secretly planted on my PC!

Even if the cpuz143_x64.sys is identical to the 11 year old CPUID original, the file is still suspect, because anyone might be using it as a backdoor.

I could find no claim on the internet about the cause of the presence of cpuz143_x64.sys in C:\Windows\Temp\cpuz143\ folder. I make the claim that Advanced SystemCare is responsible, based on my 100% success rate removing it and not installing it.

Don't adopt that PUP, it may become very dangerous!


TS Rookie
Is the advice to get rid of Advanced SystemCare old news?

I spent a lot of time looking at internet hits on “cpuz143”, reading Farbar Recovery Scan Tool dumps ad nauseum, until my eyes glazed over. Nobody knew how the file cpuz143_x64.sys got into the \Windows\temp\ folder.

The mystery is solved, and it is easy to confirm my findings.

I quote from the prior TechSpot thread started by a concern over cpuz143, “Possible malware, as well as a error given by 'registry' from a couple of scanning softwares.” (Please excuse a new member not knowing how to better reference another thread.)

“cpuz143_x64.sys is a legit file.
That driver is part of CPUID.”

To which my reply is:

Identifying a file does not make it legitimate. If a file is ancient, in the wrong place, and placed there by a hidden process unrelated to the file creators, it is Not legitimate, because the usage is not legitimate.