home

internetupdaterservice.exe

The application internetupdaterservice.exe has been detected as adware by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Internet Updater”. This file is typically installed with the program Internet Updater by Parallel Lines Development, LLC which is a potentially unwanted software program.
Version:
1.0.0.0

MD5:
e3efa45e92b7f0b3dd9ddbb0b11cb24a

SHA-1:
662b9923f7c796c1766af1488302447f9216061a

SHA-256:
d9f120779d1b9beaeaad5363466210eae6dfd593b4967a53a8d83761dedd08a2

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
4/26/2024 2:40:04 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Plugin.128
9.0.1.03

Malwarebytes
PUP.Optional.InternetUpdater.A
v2013.12.20.11

Reason Heuristics
Adware.WebShield.Service.W
14.3.3.10

File size:
39.5 KB (40,448 bytes)

Product version:
1.0.0.0

Original file name:
WebShieldService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\internetupdater\internetupdaterservice.exe

File PE Metadata
Compilation timestamp:
12/6/2013 11:46:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:unrtQfGkaLueewsXLm6H/B5g3J1DwrYYp8QGYm3vCupscj4LZH19uZ//y:unrynTK6H/B5WDU8QgfCupszLZH19qXy

Entry address:
0xB34E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7193

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
37 KB (37,888 bytes)

Service
Display name:
Internet Updater

Service name:
InternetUpdater

Description:
Provides system level support for Internet Updater.

Type:
Win32OwnProcess


The file internetupdaterservice.exe has been discovered within the following programs.

Internet Updater  by Parallel Lines Development, LLC
Also known as WebShield, Internet Updater is a potentially unwanted software program. It is bundled by third party download manager including the Conduit Toolbar. It connects to the domain pullupdate.com to download various software updates as well as command data.
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-50-112-218-190.us-west-2.compute.amazonaws.com  (50.112.218.190:80)

TCP (HTTP):
Connects to ec2-54-186-84-255.us-west-2.compute.amazonaws.com  (54.186.84.255:80)

TCP (HTTP):
Connects to ec2-54-218-62-24.us-west-2.compute.amazonaws.com  (54.218.62.24:80)

TCP (HTTP):
Connects to ec2-52-32-118-15.us-west-2.compute.amazonaws.com  (52.32.118.15:80)

TCP (HTTP):
Connects to ec2-52-10-180-179.us-west-2.compute.amazonaws.com  (52.10.180.179:80)

TCP (HTTP):
Connects to ec2-52-42-90-80.us-west-2.compute.amazonaws.com  (52.42.90.80:80)

TCP (HTTP):
Connects to ec2-54-213-104-242.us-west-2.compute.amazonaws.com  (54.213.104.242:80)

Remove internetupdaterservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.