Elcomsoft Forensic Disk Decryptor
Overview
Elcomsoft Forensic Disk Decryptor is a software program developed by ElcomSoft Co. The most common release is 1.00.110.1392, with over 98% of all installations currently using this version. It adds registry entry for the current user which will allow the program to automatically start each time it is rebooted. Upon being installed, the software adds a Windows Service which is designed to run continuously in the background. Manually stopping the service has been seen to cause the program to stop functing properly. It adds a background controller service that is set to automatically run. Delaying the start of this service is possible through the service manager. A scheduled task is added to Windows Task Scheduler in order to launch the program at various scheduled times (the schedule varies depending on the version). The setup package generally installs about 37 files and is usually about 4.18 MB (4,381,455 bytes). Relative to the overall usage of users who have this installed on their PCs, most are running Windows 7 (SP1) and Windows 10. While about 46% of users of Elcomsoft Forensic Disk Decryptor come from the United States, it is also popular in France and Canada.
Program details
URL: www.elcomsoft.ru
Installation folder: C:\Program Files\Elcomsoft Password Recovery\
Uninstaller: MsiExec.exe /X{F359F477-98B4-40BD-BDC7-2EA5C51A8BF9}
(The Windows Installer is used for the installation, maintenance, and removal.)
Estimated size: 4.18 MB
Language: English (United States)
Files installed by Elcomsoft Forensic Disk Decryptor
-
edpr_console.exe - Elcomsoft Distributed Password Recovery (Elcomsoft Distributed Password Recovery Console)
-
edpr_server.exe - Elcomsoft Distributed Password Recovery Server
-
epr_agent.exe - Elcomsoft Password Recovery Agent
-
GPUManager.exe - GPU Manager Utility
-
ARCHPR.exe - Advanced Archive Password Recovery (ARCHPR Application)
-
aopr.exe - Advanced Office Password Recovery (AOPR Application)
-
EFDD.exe - ElcomSoft Forensic Disk Decryptor
-
EPPB.exe - Elcomsoft Phone Password Breaker
-
wdeinfo.exe - Elcomsoft Password Recovery (Elcomsoft Distributed Password Recovery)
-
PPA.exe - Proactive Password Auditor
-
edei.exe - EDPR Disk Encryption Info
-
CalendarsPlugIn.dll - Elcomsoft Phone Viewer
-
CallsPlugIn.dll
-
ContactsPlugIn.dll
-
EPV.exe
-
epvMain.exe
-
EWSA.exe - ElcomSoft Co.Ltd. ewsa (Elcomsoft Wireless Security Auditor)
-
JournalPlugIn.dll
-
MessagesPlugIn.dll
-
NotesPlugIn.dll
-
ewsaserv.exe - PSPR Service (PSPRSERV)
-
ewsaserv64.exe
-
ewsaserv.dll - EWSASERV (EWSASERV dll)
-
ewsaserv64.dll
-
APDFPR.exe - Advanced PDF Password Recovery
Behaviors exhibited
Scheduled Task
- ARCHPR.exe is scheduled as a task with the class '{C576B535-174E-4058-A42E-B70F666368DE}' (runs on registration).
4 Services
- ewsaserv.exe runs as a service named 'EWSA Control Service' (EWSASERV).
- epr_agent.exe runs as a service named 'Elcomsoft Password Recovery Agent' (ElcomSoftDistributedAgent).
- edpr_server.exe runs as a service named 'Elcomsoft Distributed Password Recovery Server' (ElcomSoftDistributedPasswordRecoveryServer).
- ewsaserv64.exe runs as a service named 'EWSA Control Service' (EWSASERV).
2 Startup Files (User Run)
- epr_agent.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Elcomsoft Distributed Agent' and executes as "C:\Program Files\Elcomsoft Password Recovery\Distributed Password Recovery\epr_agent.exe" -s.
- edpr_server.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'ElcomSoft DPR Server' and executes as C:\Program Files\Elcomsoft Password Recovery\Distributed Password Recovery\edpr_server.exe.
How do I remove Elcomsoft Forensic Disk Decryptor?
You can uninstall Elcomsoft Forensic Disk Decryptor from your computer by using the Add/Remove Program feature in the Window's Control Panel.
- On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:
- Windows Vista/7/8/10: Click Uninstall a Program.
- Windows XP: Click Add or Remove Programs.
- When you find the program Elcomsoft Forensic Disk Decryptor, click it, and then do one of the following:
- Windows Vista/7/8/10: Click Uninstall.
- Windows XP: Click the Remove or Change/Remove tab (to the right of the program).
- Follow the prompts. A progress bar shows you how long it will take to remove Elcomsoft Forensic Disk Decryptor.
OS VERSIONS
Win 7 (SP1) 52%
Win Vista 2%
|
|
WHEN IT STARTS
Auto-starting? Yes
(Found in the run registry)
|
|
USER ACTIONS
 |
Uninstall it 7%
Keep it 93%
|
|
Windows
Which Windows OS versions does it run on?
| Windows 7 |
61.90% |
|
| Windows 10 |
34.92% |
|
| Windows Vista |
3.17% |
|
Which OS releases does it run on? |
| Windows 7 Ultimate |
22.95% |
|
| Windows 7 Professional |
18.03% |
|
| Windows 7 Home Premium |
13.11% |
|
| Windows 8.1 Pro |
9.84% |
|
| Windows 8.1 |
6.56% |
|
| Windows 8 Pro |
4.92% |
|
Geography
45.59% of installs come from the United States
Which countries install it?
| United States |
45.59% |
| France |
7.35% |
| Canada |
5.88% |
| Netherlands |
4.41% |
| Germany |
4.41% |
| South Africa |
2.94% |
| Brazil |
2.94% |
| Australia |
2.94% |
| Mexico |
2.94% |
| Iran |
2.94% |
| Singapore |
1.47% |
| Belgium |
1.47% |
| Russia |
1.47% |
| India |
1.47% |
PC manufacturers
What PC manufacturers (OEMs) have it installed?
| Dell |
22.73% |
|
| Hewlett-Packard |
20.45% |
|
| Acer |
11.36% |
|
| ASUS |
9.09% |
|
| Samsung |
6.82% |
|
| Sony |
6.82% |
|
| GIGABYTE |
4.55% |
|
| Toshiba |
4.55% |
|
| Medion |
4.55% |
|
| Lenovo |
4.55% |
|
| Alienware |
2.27% |
|
| MSI |
2.27% |
|
Common models |
| Samsung RV411/RV511/E3511... |
3.92% |
|
| Dell Latitude E6520 |
3.92% |
|
| Dell Dell System Vostro... |
1.96% |
|
| Dell Dell DXP061 |
1.96% |
|
| ASUSTeK K501LB |
1.96% |
|
| Positivo Informatica SA P... |
1.96% |
|
About ElcomSoft Co
ElcomSoft developes Windows security and productivity applications for business and private customers.
Publisher URL: www.elcomsoft.com