home

updatetask.exe

Ask.com

This is the updater scheduled task run by the Ask.com branded toolbar that runs every 24 hours and suggests updates to the browser add-on (and the web browser) and will perform automatic updates to the toolbar with new functionality. The application updatetask.exe by Ask.com has been detected as a potentially unwanted program by 18 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This file is typically installed with the program Ask Toolbar by Ask.com which is a potentially unwanted software program.
Publisher:
Ask.com  (signed and verified)

MD5:
4b0c042ed1a81301895379bbe9676e83

SHA-1:
2950fe678e26c39519aff4411cd18be414d94361

SHA-256:
30b05a92626c8ade66d6c4f68cc9e4063c8225c913c3e4c71f297bae1cbca4d9

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 2:16:59 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Patched
2014.01.21

avast!
Win32:Oncer
2014.9-140930

Boost by Reason
Optional.Task.Ask.K
188838

Clam AntiVirus
WIN.Worm.Brontok
0.98/19279

Comodo Security
EmailWorm.Win32.Runonce.~v001
19178

Dr.Web
Win32.Runonce.6652
9.0.1.0273

F-Prot
W32/Thecid.B@mm
v6.4.6.5.141

IKARUS anti.virus
Email-Worm.Win32.Runouce
t3scan.1.7.5.0

K7 AntiVirus
EmailWorm
13.183.13043

Malwarebytes
Virus.Chir
v2014.09.30.03

Microsoft Security Essentials
Threat.Undefined
1.179.2859.0

Norman
Malware
11.20140930

Qihoo 360 Security
Virus.Win32.CNHacker.C
1.0.0.1015

Quick Heal
W32.Runouce.B
9.14.14.00

Reason Heuristics
PUP.Task.Ask.K
14.8.8.2

Rising Antivirus
PE:Trojan.Win32.Generic.134BD6A6!323737254
23.00.65.14928

Vba32 AntiVirus
Virus.Win32.Chur.A
3.12.26.3

VIPRE Antivirus
Threat.219451
31208

File size:
90.9 KB (93,064 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ask.com\updatetask.exe

Digital Signature
Signed by:
Ask.com

Authority:
VeriSign, Inc.

Valid from:
6/17/2008 2:00:00 AM

Valid to:
6/18/2011 1:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
286F8A30E2EAC6965B936F826A05305D

File PE Metadata
Compilation timestamp:
7/11/2009 2:26:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:5lwQVj+/Tjbvo8uJ8Z6E2s0kUpRBp85lImmXqeb68:VL8udELApRf85lvmX/bb

Entry address:
0x763F

Entry point:
E8, 77, 49, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 68, 27, 41, 00, E8, 53, 1C, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 44, 5E, 41, 00, 77, 22, 6A, 04, E8, 46, 11, 00, 00, 59, 83, 65, FC, 00, 56, E8, 4D, 19, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 5F, 1C, 00, 00, C3, 6A, 04, E8, 41, 10, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, CC, 00, 41, 00, 83, 3D, E4, 54, 41, 00, 00, 75, 18, E8, F8, 3F, 00...
 
[+]

Entropy:
6.3328

Code size:
57 KB (58,368 bytes)

Scheduled Task
Task name:
Scheduled Update for Ask Toolbar

Trigger:
Daily (Runs daily at 07:05 م)


The file updatetask.exe has been discovered within the following program.

Ask Toolbar  by Ask.com
The Ask Toolbar is a web-browser add-on that can appear as an extra bar added to the browser's window and/or menu. It is often installed (sometimes without warning) during the installation of other software. Ask.
help.ask.com/link/portal/30015/30018/Article/1/How-do-I-remove-the-Ask-com-Toolbar
81% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-50-155-27.deploy.static.akamaitechnologies.com  (23.50.155.27:80)

TCP (HTTP):
Connects to a23-50-149-163.deploy.static.akamaitechnologies.com  (23.50.149.163:80)

TCP (HTTP):
Connects to a23-57-219-27.deploy.static.akamaitechnologies.com  (23.57.219.27:80)

TCP (HTTP):
Connects to a23-50-91-27.deploy.static.akamaitechnologies.com  (23.50.91.27:80)

TCP (HTTP):
Connects to a23-50-187-27.deploy.static.akamaitechnologies.com  (23.50.187.27:80)

TCP (HTTP):
Connects to a23-50-181-163.deploy.static.akamaitechnologies.com  (23.50.181.163:80)

TCP (HTTP):
Connects to host-213.158.175.41.tedata.net  (213.158.175.41:80)

TCP (HTTP):
Connects to a23-55-155-27.deploy.static.akamaitechnologies.com  (23.55.155.27:80)

TCP (HTTP):
Connects to a23-37-43-27.deploy.static.akamaitechnologies.com  (23.37.43.27:80)

TCP (HTTP):
Connects to a23-55-149-163.deploy.static.akamaitechnologies.com  (23.55.149.163:80)

TCP (HTTP):
Connects to a23-50-203-27.deploy.static.akamaitechnologies.com  (23.50.203.27:80)

TCP (HTTP):
Connects to a23-37-187-27.deploy.static.akamaitechnologies.com  (23.37.187.27:80)

TCP (HTTP):
Connects to a23-51-123-27.deploy.static.akamaitechnologies.com  (23.51.123.27:80)

TCP (HTTP):
Connects to a23-41-75-27.deploy.static.akamaitechnologies.com  (23.41.75.27:80)

TCP (HTTP):
Connects to a23-35-43-27.deploy.static.akamaitechnologies.com  (23.35.43.27:80)

TCP (HTTP):
Connects to a23-15-155-27.deploy.static.akamaitechnologies.com  (23.15.155.27:80)

TCP (HTTP):
Connects to static-182-18-172-226.ctrls.in  (182.18.172.226:80)

TCP (HTTP):
Connects to a23-7-139-27.deploy.static.akamaitechnologies.com  (23.7.139.27:80)

TCP (HTTP):
Connects to a23-59-133-163.deploy.static.akamaitechnologies.com  (23.59.133.163:80)

TCP (HTTP):
Connects to a23-58-43-27.deploy.static.akamaitechnologies.com  (23.58.43.27:80)

Remove updatetask.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.