» Updater.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (10)

Updater.exe

Updater

Ask.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application Updater.exe by Ask.com has been detected as a potentially unwanted program by 35 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ApnUpdater’. Additionally, the file is typically installed by a number of programs including KMPlayer Toolbar Updater by Ask.com and atualizador MP3 Rocket Toolbar Updater by Ask.com, both potentially unwanted software.

File name:

Updater.exe

Publisher:

Ask (signed by Ask.com)

Product:

Updater

Description:

Ask Updater

Version:

1.4.452828

MD5:

183dd00f1e062bd08616f0052b3d3b29

SHA-1:

bcfcb3d2969dff714edc9cd2c037b724bec543c5

SHA-256:

3bdc1b6137365fee414d1fb58dcb9c918823dbeeacfec46e680d8bed61671ede

Scanner detections:

35 / 68

Status:

Potentially unwanted

Analysis date:

5/4/2024 1:13:08 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Expiro.Gen.3

360

AegisLab AV Signature

W32.Expiro

2.1.4+

AhnLab V3 Security

Win32/Expiro5.Gen

2014.10.19

Avira AntiVirus

TR/Patched.Gen

7.11.30.172

avast!

Win32:Xpirat-A

2014.9-160209

AVG

Win32/Expiro

2017.0.2838

Bitdefender

Win32.Expiro.Gen.3

1.0.20.200

Bkav FE

W32.FamVT.ExpiroPC.PE

1.3.0.4959

Comodo Security

Virus.Win32.Expiro.SR

19838

Dr.Web

Win32.Expiro.80

9.0.1.040

Emsisoft Anti-Malware

Win32.Expiro.Gen

8.16.02.09.06

ESET NOD32

Win32/Expiro.AY virus

10.7.0.302.0

Fortinet FortiGate

W32/Expiro.W

2/9/2016

F-Prot

W32/Expiro.BG

v6.4.6.5.141

F-Secure

Win32.Expiro.Gen.3

11.2016-09-02_3

G Data

Win32.Expiro.Gen

16.2.24

IKARUS anti.virus

Virus.Win32.Expiro

t3scan.1.7.8.0

K7 AntiVirus

Virus

13.184.13727

Kaspersky

Virus.Win32.Expiro

14.0.0.686

McAfee

W32/Expiro.gen.p

5600.6494

Microsoft Security Essentials

Threat.Undefined

1.185.3625.0

MicroWorld eScan

Win32.Expiro.Gen.3

17.0.0.120

NANO AntiVirus

Virus.Win32.Expiro.clnvwd

0.28.2.62671

Norman

Expiro.YJ

11.20160209

nProtect

Win32.Expiro.Gen.3

14.10.17.01

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Quick Heal

W32.Expiro.NR

2.16.14.00

Reason Heuristics

PUP.Ask (M)

16.2.9.18

Sophos

W32/Expiro-S

4.98

Total Defense

Win32/Expiro.AO

37.0.11234

Trend Micro House Call

PE_EXPIRO.AR

7.2.40

Trend Micro

PE_EXPIRO.AR

10.465.09

Vba32 AntiVirus

Virus.Expiro.2414

3.12.26.3

VIPRE Antivirus

Threat.4799707

33706

Zillya! Antivirus

Virus.Expiro.Win32.42

2.0.0.1959

File size:

1.6 MB (1,721,776 bytes)

Product version:

1.4.452828

Original file name:

Updater.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ask.com\updater\updater.exe

Digital Signature

Signed by:

Ask.com

Authority:

VeriSign, Inc.

Valid from:

6/20/2011 1:00:00 AM

Valid to:

6/19/2014 12:59:59 AM

Subject:

CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata

Compilation timestamp:

1/28/2014 10:35:48 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:tL8P0Pw/1XFhXMHcR8LVAf9EEE/EEEUEFlRJExEkEEE/EEEq4FJ:tL8MI/1XFh8jLVYU

Entry address:

0xBB221

Entry point:

E8, 73, E5, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 80, DD, 50, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 8E, 80, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, A4, B3, 4B, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83... 
[+]

Entropy:

6.1116

Code size:

868 KB (888,832 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ApnUpdater

Command:

"C:\Program Files\ask.com\updater\updater.exe"

The file Updater.exe has been discovered within the following programs.

Ask Toolbar Updater by Ask.com

The Ask Toolbar Updater is designed to periodically (once a day) check for an install updates to the toolbar without the interaction of the user. The Ask Toolbar and other applications are increasingly being bundled with programs; most notably freeware.

help.ask.com/link/portal/30015/30018/Article/1/How-do-I-remove-the-Ask-com-Toolbar

75% remove it

atualizador Ask Toolbar Updater by Ask.com

The Ask Toolbar and other applications are increasingly being bundled with programs; most notably freeware. It's usually installed during the installation of a program, and it's easy to miss the step where you can uncheck the Ask Toolbar option.

sp.ask.com/toolbar

69% remove it

atualizador MP3 Rocket Toolbar Updater by Ask.com

70% remove it

Foxit PDF Creator Toolbar Updater by Ask.com

Foxit PDF Creator Updater installs with the Ask.com internet browser toolbar and keeps it automatically updated. Avira SearchFree Toolbar gets installed through bundled software.

73% remove it

KMPlayer Toolbar by Ask.com

This toolbar is typiclaly bundled with the installation of the free KMPlayer software. KMPlayer Toolbar gets installed through bundled software. The default settings will automatically install the KMPlayer Toolbar as soon as you install the host bundler software on your PC.

www.kmpmedia.net

74% remove it

KMPlayer Toolbar Updater by Ask.com

KMPlayer Toolbar Updater is a software utility that installs with the Ask.com internet browser toolbar and keeps it automatically updated. KMPlayer Toolbar gets installed through bundled software.

80% remove it

MP3 Rocket Toolbar by Ask.com

MP3 Rocket Toolbar , powered by ASK, is a web-browser add-on that can appear as an extra bar added to the browser's window and/or menu. It is often installed (sometimes without warning) during the installation of other software.

87% remove it

MP3 Rocket Toolbar Updater by Ask.com

MP3 Rocket Toolbar Updater installs with the Ask.com internet browser toolbar and keeps it automatically updated. The Toolbar gets installed through bundled software.

82% remove it

programma di aggiornamento Ask Toolbar Updater by Ask.com

programma di aggiornamento Ask Toolbar Updater is an Ask.com powered toolbar update mechanism that is designed to keep the branded toolbar up to date. The Ask Toolbar is a web-browser add-on that can appear as an extra bar added to the browser's window and/or menu.

81% remove it

Support.com Toolbar Updater by Ask.com

Support.com Toolbar Updater is a software utility that installs with the Ask.com internet browser toolbar and keeps it automatically updated. The toolbar gets installed through bundled software.

74% remove it

Latest 20 of 19 programs

Remove Updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.