uninstall.exe

Updater

It runs as a scheduled task under the Windows Task Scheduler named TheUpdater triggered daily at a specified time. The file has been seen being downloaded from install.xvidly.com.
Product:
Updater

Version:
1, 0, 0, 1

MD5:
ce79a3d9c304098d8756dcabd19ff85b

SHA-1:
6ce2bc3f67f3fe6b429270e6fab645e776ffa2f9

SHA-256:
065cfdc595a8852bd2416e583eeb9a9bbe59465dee06bf38beba4081096dc163

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/23/2024 11:41:32 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.989
9.0.1.020

File size:
121 KB (123,904 bytes)

Product version:
1, 0, 0, 0

Copyright:
Copyright 2012

Original file name:
Updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\xvidly\uninstall.exe

File PE Metadata
Compilation timestamp:
1/5/2013 11:10:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:pPf1Odm481AyHqbV71p3GGLVa/fG5Ivns8v/vcd1cYv/PDYMGHd4pFauZeI:Vo81AjphjMvP/+Vv/+Hd4p0yt

Entry address:
0x7B59

Entry point:
E8, 89, 42, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74, 13, 8B, 55, 0C, 85, D2, 74, 0C, 8B, 4D, 10, 85, C9, 75, 19, 33, C0, 66, 89, 06, E8, F8, 13, 00, 00, 6A, 16, 5E, 89, 30, E8, A3, 18, 00, 00, 8B, C6, 5E, 5D, C3, 57, 8B, FE, 2B, F9, 0F, B7, 01, 66, 89, 04, 0F, 8D, 49, 02, 66, 85, C0, 74, 03, 4A, 75, EE, 33, C0, 5F, 85, D2, 75, DF, 66, 89, 06, E8, C3, 13, 00, 00, 6A, 22, EB, C9, 55, 8B, EC, 33, D2, 8B, C2, 39, 45, 0C, 76, 11, 8B, 4D, 08, 66, 39, 11, 74, 09, 40, 83, C1, 02, 3B, 45...
 
[+]

Entropy:
6.2281

Code size:
74.5 KB (76,288 bytes)

Scheduled Task
Task name:
TheUpdater

Trigger:
Daily (Runs daily at 12:46 PM)


The file uninstall.exe has been discovered within the following program.

xVidly  by Jottix
Bundles the xVidly Toolbar, an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monitization platforms during installation.
www.jottix.com
68% remove it
 
Powered by Should I Remove It?

The file uninstall.exe has been seen being distributed by the following URL.

Scan uninstall.exe - Powered by Reason Core Security