updateconstasurf.exe

ConstaSurf

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for ConstaSurf will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updateconstasurf.exe by ConstaSurf has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update ConstaSurf”. Additionally, the file is typically installed by a number of programs including ConstaSurf by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software.
Publisher:
ConstaSurf  (signed and verified)

Version:
1.0.5309.25464

MD5:
eb0d497643144f93924f647340c5463b

SHA-1:
4ac378e2b165829d6df0c573b74f506d8655d1a1

SHA-256:
4372c63b0a8e3850638db7b032a4b66e70079e80fee74e2c77e554fa39cb0925

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo adware web browser extension update process.

Analysis date:
11/26/2024 10:47:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.3.10.8

File size:
314.3 KB (321,824 bytes)

Product version:
1.0.5309.25464

Original file name:
ConstaSurf.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\constasurf\updateconstasurf.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/18/2014 9:00:00 PM

Valid to:
3/19/2015 8:59:59 PM

Subject:
CN=ConstaSurf, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ConstaSurf, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
46A82C62F93896A2C29C94EC6C4D8A3D

File PE Metadata
Compilation timestamp:
7/15/2014 12:09:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x4E59E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, E0, 02...
 
[+]

Entropy:
6.0936

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
305.5 KB (312,832 bytes)

Service
Display name:
Update ConstaSurf

Type:
Win32OwnProcess


The file updateconstasurf.exe has been discovered within the following programs.

Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
ConstaSurf  by Yontoo Technology, Inc.
ConstaSurf is an adware web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.
constasurf.info/support
87% remove it
 
Powered by Should I Remove It?

Remove updateconstasurf.exe - Powered by Reason Core Security