toolbarupdaterservice.exe

Zugo Ltd

The application toolbarupdaterservice.exe by Zugo has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Updater Service for StartNow Toolbar”. This file is typically installed with the program StartNow Toolbar by StartNow.com which is a potentially unwanted software program.
Publisher:
Zugo Ltd  (signed and verified)

MD5:
1e9993ac255b3220bce71fe9e056bbc9

SHA-1:
3fc92b8918bbda0125b460ef97102323aab58793

SHA-256:
4f651236f6b69ee5cd6bd7f48bee28f52998ea76695a37a4d0e7af56cf5438b7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/12/2024 7:12:31 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Zugo (M)
17.2.25.19

File size:
259.7 KB (265,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\startnow toolbar\toolbarupdaterservice.exe

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
1/28/2011 3:00:00 AM

Valid to:
1/28/2013 2:59:59 AM

Subject:
CN=Zugo Ltd, O=Zugo Ltd, STREET=PO Box 36, STREET=1st Floor, STREET=37 Broad St., L=St Helier, S=Jersey, PostalCode=JE4 9NU, C=JE

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
46241CDE5C7B500B51C5F1328228F2A9

File PE Metadata
Compilation timestamp:
5/24/2012 4:43:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x15667

Entry point:
E8, AB, 7A, 00, 00, E9, 79, FE, FF, FF, FF, 35, AC, 31, 43, 00, E8, 4C, 2C, 00, 00, 59, 85, C0, 74, 02, FF, D0, 6A, 19, E8, F1, 52, 00, 00, 6A, 01, 6A, 00, E8, 31, 7C, 00, 00, 83, C4, 0C, E9, 12, 7B, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 83, 38, 00, 53, 56, 57, 74, 2A, 8B, 5D, 0C, 0F, B7, 3B, 8B, D3, 66, 85, FF, 74, 15, 0F, B7, 30, 0F, B7, CF, 66, 3B, CE, 74, 12, 42, 42, 0F, B7, 0A, 66, 85, C9, 75, F1, 40, 40, 66, 83, 38, 00, 75, DC, 2B, 45, 08, 5F, 5E, D1, F8, 5B, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45...
 
[+]

Entropy:
6.2771

Code size:
157 KB (160,768 bytes)

Service
Display name:
Updater Service for StartNow Toolbar

Description:
The startup of this service enables the periodic checking of software updates for the StartNow Toolbar and the download and installation of such updates if applicable. Disabling this service will stop

Type:
Win32OwnProcess


The file toolbarupdaterservice.exe has been discovered within the following programs.

StartNow Toolbar  by StartNow.com
StartNow is a web browser toolbar that changes your homepage and redirects valid searches.
about.startnow.com
79% remove it
 
Powered by Should I Remove It?

Remove toolbarupdaterservice.exe - Powered by Reason Core Security