Some users have been reaching us with questions about ending or removing the cpx.exe process. Some have become conflicted whether the process is actually genuine or it’s malicious, given the fact that it usually refuses to close when the user tries to select End Process in Task Manager. Typically, the user will discover several different background processes named Google Embedded Application after inspecting the processes called by cpx.exe.
What is cpx.exe?
Cpx.exe is generally regarded as a PUP (potentially unwanted program). The cpx.exe executable is not a system file and it’s not essential to the well-being of your operating system in any way. A quick investigation in Task manager reveals that the executable calls a single background process: Google Embedded Application.
Despite the name, Google Embedded Application isn’t related to Google in any way. It’s actually an adware process that is part of the s5Mark adware suite. This adware is commonly bundled with a lot of popular installers that are readily available from a lot of trusted download sites.
The CPX executable is known to eat up a lot of CPU resources and remain active despite some user’s best efforts to shut it down. Because of this, the general consensus is that the process is used to mine cryptocurrencies.
What is a Potentially Unwanted Program?
PUPs regularly arrive on a particular PC by getting bundled with other software. PUPs are often hidden inside the installers of popular software downloads on the internet and will get automatically installed along with the respective program.
PUPs can cause problems to your system for two different reasons:
- PUPs might contain adware or spyware.
- PUPs might “borrow” your system resources in order to mine cryptocurrencies – this will severely drain your system resources.
Should I remove cpx.exe?
The short answer is yes. There are very few reasons why you’d want to deliberately keep a software that is constantly eating a huge chunk of your CPU resources. However, it’s very likely that you won’t be able to only remove the cpx.exe executable.
Most users that were dealing with this particular problem have reported that they were only able to completely deal with the cpx.exe after reinstalling Chrome. Apparently, this malicious process is capable of altering Google Chrome and other derived builds (like Chromium). In this case, the only solution to remove it indefinitely is to reinstall a clean version of Chrome.
Potential security threat
As we previously established below, the cpx.exe is actually an adware process belonging to the s5Mark adware suite. You can confirm this by opening a Task Manager window (Ctrl + Shift + Esc) and checking for Google Embedded Application entries. If you find multiple entries that are all using a significant number of resources, you can be sure that this is being caused by the s5Mark adware suite.
The thing with adware is they kind of operate in a grey legality area. Because of this, most antivirus suites will not treat them as a security breach and consequently won’t deal with them. However, there are a few software that will.
One such a software is Malwarebytes. The security scanner is excellent at identifying adware that usually slips through other general scanners that are highly specialized on malware, spyware, and ransomware. If you’re having trouble using Malwarebytes, follow our in-depth article (here) about using the software to clean your system.
How to remove cpx.exe
If you used Malwarebytes, there’s a high chance that the software already quarantined the process that was hogging your system resources. However, it’s very likely that this process left quite a lot of residual files that were not automatically removed by the security scanner.
Use the two methods below to delete every trace of the s5Mark adware suite from your system:
Method 1: Deleting cpx-related keys from Registry Editor
Some users have been reportedly able to remove cpx.exe by deleting each and every registry key that refers to the process with Registry Editor. Here’s a quick guide on how to do this:
- Press Windows key + R to open up a Run window. Type “regedit” and hit Enter to open Registry Editor.
- Inside Registry Editor, click on Computer to make sure you’re in the root location, then press Ctrl + F to open the Find window.
- In the Find window, type “cpx” in the search box, then check the boxes associated with Keys, Values, and Data. Finally, check the box associated with Match whole string only and hit the Find Next button.
- Once the list begins to populate, delete each key that is referring to cpx.exe (located in Program Files x86).
- Once you manage to remove every occurrence, close Registry Editor and reboot your PC. After your pc boots back up, you should no longer be able to spot the cpx.exe process inside Task Manager.
If you’re still seeing the cpx.exe process or if this method wasn’t applicable, move over to Method 2.
Method 2: Uninstalling the s5Mark adware
Once you manage to clean your Windows Registry of keys belonging to cpx.exe, it’s time to eliminate the application suite that is responsible for regenerating the adware files.
Removing the adware suite is as simple as uninstalling s5Mark from Program Files. But in case the uninstallation fails we will remove the leftover files manually. Here’s a quick guide on how to do this:
- Press Windows key + R to open up a Run command. Type “appwiz.cpl” and hit Enter to open Programs and Features.
- In Programs and Features, scroll down through the application list and uninstall the s5Mark software.
Note: If the uninstallation fails, navigate to C: > Program Files (x86) and delete the cxp folder entirely.
- Reboot your computer and see if the issue has been resolved.
In the event that you weren’t able to uninstall the s5Mark suite from Programs and Files, continue with the final method. Even if you no longer see traces of the cxp.exe process, it’s highly recommended to follow up with Method 3.
Method 3: Reinstalling a clean version of Chrome (or Chromium)
As it turns out, the cpx.exe is not only accommodated by the s5Mark adware suite. Some users have discovered that this malicious process can also reside inside an infected Chrome or Chromium version. These modified versions of Chrome are usually available in shady download places.
Regardless if you were able to uninstall the s5Mark suite or not using Method 2, please open up a Run window (Windows key + R) and type “appwiz.cpl” to open Programs and Features again. Then, browse through the application list and uninstall every entry that mentions Chrome or Chromium.
Note: Keep in mind that if your Chrome is indeed malicious, it’ likely to have a different publisher than Google Inc.
Once you remove Chrome or Chromium, uninstall a clean version for one of the following links: