» updatetask.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Network (28)

updatetask.exe

Ask.com

This is the updater scheduled task run by the Ask.com branded toolbar that runs every 24 hours and suggests updates to the browser add-on (and the web browser) and will perform automatic updates to the toolbar with new functionality. The application updatetask.exe by Ask.com has been detected as a potentially unwanted program by 36 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including Ask Toolbar by Ask.com and Support.com Toolbar by Ask.com, both potentially unwanted software.

File name:

updatetask.exe

Publisher:

Ask.com (signed and verified)

MD5:

14426438eda546f331650854f4cd63a8

SHA-1:

ece358c9edc7ee77906bc5a045d110710038b5c6

SHA-256:

42132ab7db6047df5f3a6f7dcaceb3c5fbfd2e4aa30f6b49587b31bcd61f5267

Scanner detections:

36 / 68

Status:

Potentially unwanted

Analysis date:

5/5/2024 4:31:01 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Expiro.Gen.3

781

AegisLab AV Signature

W32.Expiro

2.1.4+

AhnLab V3 Security

Win32/Expiro5.Gen

2014.10.19

Avira AntiVirus

TR/Patched.Gen

7.11.30.172

avast!

Win32:Xpirat-A

2014.9-141215

AVG

Win32/Expiro

2015.0.3259

Bitdefender

Win32.Expiro.Gen.3

1.0.20.1745

Bkav FE

W32.FamVT.ExpiroPC.PE

1.3.0.4959

Boost by Reason

Optional.Task.Ask.K

188838

Comodo Security

Virus.Win32.Expiro.SR

19838

Dr.Web

Win32.Expiro.80

9.0.1.0349

Emsisoft Anti-Malware

Win32.Expiro.Gen

8.14.12.15.02

ESET NOD32

Win32/Expiro.AY virus

8.7.0.302.0

Fortinet FortiGate

W32/Expiro.W

12/15/2014

F-Prot

W32/Expiro.BG

v6.4.6.5.141

F-Secure

Win32.Expiro.Gen.3

11.2014-15-12_2

G Data

Win32.Expiro.Gen

14.12.24

IKARUS anti.virus

Virus.Win32.Expiro

t3scan.1.7.8.0

K7 AntiVirus

Virus

13.184.13727

Kaspersky

Virus.Win32.Expiro

14.0.0.2792

McAfee

W32/Expiro.gen.p

5600.6915

Microsoft Security Essentials

Threat.Undefined

1.185.3625.0

MicroWorld eScan

Win32.Expiro.Gen.3

15.0.0.1047

NANO AntiVirus

Virus.Win32.Expiro.clnvwd

0.28.2.62671

Norman

Expiro.YJ

11.20141215

nProtect

Win32.Expiro.Gen.3

14.10.17.01

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Quick Heal

W32.Expiro.NR

12.14.14.00

Reason Heuristics

PUP.Task.Ask.K

14.8.8.2

Sophos

W32/Expiro-S

4.98

Total Defense

Win32/Expiro.AO

37.0.11234

Trend Micro House Call

PE_EXPIRO.AR

7.2.349

Trend Micro

PE_EXPIRO.AR

10.465.15

Vba32 AntiVirus

Virus.Expiro.2414

3.12.26.3

VIPRE Antivirus

Threat.4799707

33706

Zillya! Antivirus

Virus.Expiro.Win32.42

2.0.0.1959

File size:

131.7 KB (134,824 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ask.com\updatetask.exe

Digital Signature

Signed by:

Ask.com

Authority:

VeriSign, Inc.

Valid from:

6/20/2011 3:00:00 AM

Valid to:

6/19/2014 2:59:59 AM

Subject:

CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata

Compilation timestamp:

11/18/2011 6:27:51 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:U1xyzQPc5E813BJspP6WhNl0LPn56rI9kBPgBz9fh5bGmXg5fjlcLibK:nzQP6spPjlEn56sCufzCeg5f5c2bK

Entry address:

0xA5CF

Entry point:

E8, 7D, 4E, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, B0, A5, 41, 00, E8, D3, 1E, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 24, 05, 42, 00, 77, 22, 6A, 04, E8, C6, 13, 00, 00, 59, 83, 65, FC, 00, 56, E8, CD, 1B, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, DF, 1E, 00, 00, C3, 6A, 04, E8, C1, 12, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 8C, 71, 41, 00, 83, 3D, 54, EB, 41, 00, 00, 75, 18, E8, FE, 44, 00... 
[+]

Entropy:

6.4906

Code size:

87.5 KB (89,600 bytes)

Scheduled Task

Task name:

Scheduled Update for Ask Toolbar

Trigger:

Daily (Runs daily at 10:22 م)

The file updatetask.exe has been discovered within the following programs.

Ask Toolbar by Ask.com

The Ask Toolbar is a web-browser add-on that can appear as an extra bar added to the browser's window and/or menu. It is often installed (sometimes without warning) during the installation of other software. Ask.

help.ask.com/link/portal/30015/30018/Article/1/How-do-I-remove-the-Ask-com-Toolbar

81% remove it

Support.com Toolbar by Ask.com

Support.com Toolbar is an Ask.com powered toolbar. The Ask Toolbar is a web-browser add-on that can appear as an extra bar added to the browser's window and/or menu. It is often installed (sometimes without warning) during the installation of other software. Ask.

sp.ask.com/toolbar

81% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-43-75-27.deploy.static.akamaitechnologies.com (23.43.75.27:80)

TCP (HTTP):

Connects to a23-52-91-27.deploy.static.akamaitechnologies.com (23.52.91.27:80)

TCP (HTTP):

Connects to a23-50-187-27.deploy.static.akamaitechnologies.com (23.50.187.27:80)

TCP (HTTP):

Connects to a23-15-155-27.deploy.static.akamaitechnologies.com (23.15.155.27:80)

TCP (HTTP):

Connects to a23-4-43-27.deploy.static.akamaitechnologies.com (23.4.43.27:80)

TCP (HTTP):

Connects to a23-50-91-27.deploy.static.akamaitechnologies.com (23.50.91.27:80)

TCP (HTTP):

Connects to a23-55-155-27.deploy.static.akamaitechnologies.com (23.55.155.27:80)

TCP (HTTP):

Connects to a23-50-181-163.deploy.static.akamaitechnologies.com (23.50.181.163:80)

TCP (HTTP):

Connects to a23-57-219-27.deploy.static.akamaitechnologies.com (23.57.219.27:80)

TCP (HTTP):

Connects to a23-51-235-27.deploy.static.akamaitechnologies.com (23.51.235.27:80)

TCP (HTTP):

Connects to a23-50-155-27.deploy.static.akamaitechnologies.com (23.50.155.27:80)

TCP (HTTP):

Connects to a23-41-75-27.deploy.static.akamaitechnologies.com (23.41.75.27:80)

TCP (HTTP):

Connects to a23-37-43-27.deploy.static.akamaitechnologies.com (23.37.43.27:80)

TCP (HTTP):

Connects to a23-60-139-27.deploy.static.akamaitechnologies.com (23.60.139.27:80)

TCP (HTTP):

Connects to a23-58-43-27.deploy.static.akamaitechnologies.com (23.58.43.27:80)

TCP (HTTP):

Connects to a23-51-123-27.deploy.static.akamaitechnologies.com (23.51.123.27:80)

TCP (HTTP):

Connects to a23-35-91-27.deploy.static.akamaitechnologies.com (23.35.91.27:80)

TCP (HTTP):

Connects to host-213.158.175.98.tedata.net (213.158.175.98:80)

TCP (HTTP):

Connects to a23-64-171-27.deploy.static.akamaitechnologies.com (23.64.171.27:80)

TCP (HTTP):

Connects to a23-53-91-27.deploy.static.akamaitechnologies.com (23.53.91.27:80)

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.