updatezebar.exe

Zebar

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for Zebar will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatezebar.exe by Zebar has been detected as adware by 5 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Zebar”. This file is typically installed with the program Zebar by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Remove updatezebar.exe - Powered by Reason Core Security
Publisher:
Zebar  (signed and verified)

Version:
1.0.5273.25316

MD5:
f61bdee802cde3b22b0b3bd57e8c715b

SHA-1:
1b946a08a78a7830f6050b638de8bfcc5cca9313

SHA-256:
f1197c11774e60a291294807f79209839948645ef8314a0e1078d138379c1a77

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Part of the Yontoo adware web browser extension update process.

Analysis date:
12/8/2016 9:16:54 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Zebrar
2015.0.3447

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14610

ESET NOD32
Win32/BrowseFox (variant)
8.9921

Malwarebytes
PUP.Optional.Zebar.A
v2014.06.10.02

Reason Heuristics
Adware.Yontoo.Zebar.L
14.6.10.14

Remove updatezebar.exe - Powered by Reason Core Security
File size:
310.3 KB (317,720 bytes)

Product version:
1.0.5273.25316

Original file name:
Zebar.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\zebar\updatezebar.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/9/2014 7:00:00 PM

Valid to:
3/10/2015 6:59:59 PM

Subject:
CN=Zebar, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Zebar, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
443A7E0E2025885A74F146162C4BEE38

File PE Metadata
Compilation timestamp:
6/9/2014 10:04:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:GCBn8/yPRW8nQkOxCQ7R5loqYXG37QIO5h9ub0JQ7:GCBCyQ8nsdoL2CdTQ7

Entry address:
0x4D5BA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, C8, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
301.5 KB (308,736 bytes)

Service
Display name:
Update Zebar

Type:
Win32OwnProcess


The file updatezebar.exe has been discovered within the following programs.

Zebar  by Yontoo Technology, Inc.
The Yontoo Zebar adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links and some popup/pop-under advertisements.
metalzebar.com/support
84% remove it
 
Powered by Should I Remove It?

Remove updatezebar.exe - Powered by Reason Core Security