home

GoogleUpdaterService.exe

Google Updater

Google

The executable GoogleUpdaterService.exe has been detected as malware by 33 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Google Updater Service”. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware.
Publisher:
Google

Product:
Google Updater

Description:
gusvc

Version:
2.0.711.37800.beta

MD5:
40097f71d2212dc80f9caf04cff81282

SHA-1:
9934ba4a5395ee28e5d01a2a27857384351dc808

SHA-256:
4f68f04f0b073e3bea4eedf2c1560b04e47adae89fa65b88f105dbf24475e0ce

Scanner detections:
33 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/24/2024 1:47:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
1023

Agnitum Outpost
Win32.Sality.BL
7.1.1

Avira AntiVirus
W32/Sality.AT
7.11.144.52

avast!
Win32:Sality
2014.9-140418

AVG
Win32/Sality
2015.0.3501

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.14418

Bitdefender
Win32.Sality.3
1.0.20.540

Comodo Security
Virus.Win32.Sality.Gen
18125

Dr.Web
Win32.Sector.22
9.0.1.0108

Emsisoft Anti-Malware
Win32.Sality
8.14.04.18.10

ESET NOD32
Win32/Sality.NBA
8.9694

F-Prot
W32/Sality.E.gen
v6.4.7.1.166

F-Secure
Win32.Sality.3
11.2014-18-04_6

G Data
Win32.Sality
14.4.24

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.6.1.0

K7 AntiVirus
Virus
13.176.11806

Kaspersky
Virus.Win32.Sality
14.0.0.3998

McAfee
W32/Sality.gen.z
5600.7157

Microsoft Security Essentials
Virus:Win32/Sality.AT
1.10502

MicroWorld eScan
Win32.Sality.3
15.0.0.324

NANO AntiVirus
Virus.Win32.Sality.beygb
0.28.0.59288

Norman
Sality.ZHB
11.20140418

nProtect
Win32.Sality.3
14.04.18.01

Panda Antivirus
W32/Sality.AA
14.04.18.10

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Quick Heal
W32.Sality.U
4.14.12.00

Sophos
Mal/Sality-D
4.98

Total Defense
Win32/Sality.AA
37.0.10884

Trend Micro House Call
PE_SALITY.RL
7.2.108

Trend Micro
PE_SALITY.RL
10.465.18

Vba32 AntiVirus
Virus.Win32.Sality.bakc
3.12.26.0

VIPRE Antivirus
Virus.Win32.Sality.at
28352

ViRobot
Win32.Sality.N
2011.4.7.4223

File size:
200.9 KB (205,752 bytes)

Product version:
2.0.711.37800.beta

Copyright:
©2005-2006 Google. All Rights Reserved.

Original file name:
GoogleUpdaterService.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\google\common\google updater\googleupdaterservice.exe

File PE Metadata
Compilation timestamp:
12/13/2006 9:55:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:+GTiapwPDCZWLGQQ/ye6MqInJM1SVKfeZDY9JKwxls7odW8laaZDqPp:+76/yXRI4eZDY9JOkPEQqB

Entry address:
0xED14

Entry point:
87, EE, 3C, BC, 84, F5, F6, C2, D0, 0F, BF, D8, 88, C9, 69, CA, C2, 3E, D3, F6, BB, A6, 96, 3E, 2C, BF, D2, FF, 06, 88, 35, 71, AF, 00, 00, 41, 00, DD, 84, CC, 69, C7, 12, ED, 4B, 1A, 88, CD, 81, C2, 1F, 98, C6, AB, 81, FF, 05, 23, 00, 00, 71, 03, C6, C0, 89, 69, D6, 9E, A2, 10, 7D, F6, C0, C7, E8, 6A, 00, 00, 00, 3B, D8, 75, 02, 2B, FD, C6, C7, 92, 41, 3A, F7, 87, EF, 0F, AF, ED, 8A, EF, 85, FE, 85, F6, 73, 04, 8B, FF, B1, EE, 8B, D6, 8D, 0D, 71, 69, 5F, DB, 81, E7, 30, AF, EA, DF, 0F, B6, FF, 89, DF, 83...
 
[+]

Entropy:
7.2033

Code size:
94 KB (96,256 bytes)

Service
Display name:
Google Updater Service

Service name:
gusvc

Type:
Win32OwnProcess

Depends on:
RPCSS


Remove GoogleUpdaterService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.