updatetask.exe

Ask.com

This is the updater scheduled task run by the Ask.com branded toolbar that runs every 24 hours and suggests updates to the browser add-on (and the web browser) and will perform automatic updates to the toolbar with new functionality. The application updatetask.exe by Ask.com has been detected as a potentially unwanted program by 36 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including Ask Toolbar by Ask.com and Support.com Toolbar by Ask.com, both potentially unwanted software.
Publisher:
Ask.com  (signed and verified)

MD5:
14426438eda546f331650854f4cd63a8

SHA-1:
ece358c9edc7ee77906bc5a045d110710038b5c6

SHA-256:
42132ab7db6047df5f3a6f7dcaceb3c5fbfd2e4aa30f6b49587b31bcd61f5267

Scanner detections:
36 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 11:22:35 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Expiro.Gen.3
781

AegisLab AV Signature
W32.Expiro
2.1.4+

AhnLab V3 Security
Win32/Expiro5.Gen
2014.10.19

Avira AntiVirus
TR/Patched.Gen
7.11.30.172

avast!
Win32:Xpirat-A
2014.9-141215

AVG
Win32/Expiro
2015.0.3259

Bitdefender
Win32.Expiro.Gen.3
1.0.20.1745

Bkav FE
W32.FamVT.ExpiroPC.PE
1.3.0.4959

Boost by Reason
Optional.Task.Ask.K
188838

Comodo Security
Virus.Win32.Expiro.SR
19838

Dr.Web
Win32.Expiro.80
9.0.1.0349

Emsisoft Anti-Malware
Win32.Expiro.Gen
8.14.12.15.02

ESET NOD32
Win32/Expiro.AY virus
8.7.0.302.0

Fortinet FortiGate
W32/Expiro.W
12/15/2014

F-Prot
W32/Expiro.BG
v6.4.6.5.141

F-Secure
Win32.Expiro.Gen.3
11.2014-15-12_2

G Data
Win32.Expiro.Gen
14.12.24

IKARUS anti.virus
Virus.Win32.Expiro
t3scan.1.7.8.0

K7 AntiVirus
Virus
13.184.13727

Kaspersky
Virus.Win32.Expiro
14.0.0.2792

McAfee
W32/Expiro.gen.p
5600.6915

Microsoft Security Essentials
Threat.Undefined
1.185.3625.0

MicroWorld eScan
Win32.Expiro.Gen.3
15.0.0.1047

NANO AntiVirus
Virus.Win32.Expiro.clnvwd
0.28.2.62671

Norman
Expiro.YJ
11.20141215

nProtect
Win32.Expiro.Gen.3
14.10.17.01

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Quick Heal
W32.Expiro.NR
12.14.14.00

Reason Heuristics
PUP.Task.Ask.K
14.8.8.2

Sophos
W32/Expiro-S
4.98

Total Defense
Win32/Expiro.AO
37.0.11234

Trend Micro House Call
PE_EXPIRO.AR
7.2.349

Trend Micro
PE_EXPIRO.AR
10.465.15

Vba32 AntiVirus
Virus.Expiro.2414
3.12.26.3

VIPRE Antivirus
Threat.4799707
33706

Zillya! Antivirus
Virus.Expiro.Win32.42
2.0.0.1959

File size:
131.7 KB (134,824 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ask.com\updatetask.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/20/2011 3:00:00 AM

Valid to:
6/19/2014 2:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata
Compilation timestamp:
11/18/2011 6:27:51 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:U1xyzQPc5E813BJspP6WhNl0LPn56rI9kBPgBz9fh5bGmXg5fjlcLibK:nzQP6spPjlEn56sCufzCeg5f5c2bK

Entry address:
0xA5CF

Entry point:
E8, 7D, 4E, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, B0, A5, 41, 00, E8, D3, 1E, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 24, 05, 42, 00, 77, 22, 6A, 04, E8, C6, 13, 00, 00, 59, 83, 65, FC, 00, 56, E8, CD, 1B, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, DF, 1E, 00, 00, C3, 6A, 04, E8, C1, 12, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 8C, 71, 41, 00, 83, 3D, 54, EB, 41, 00, 00, 75, 18, E8, FE, 44, 00...
 
[+]

Entropy:
6.4906

Code size:
87.5 KB (89,600 bytes)

Scheduled Task
Task name:
Scheduled Update for Ask Toolbar

Trigger:
Daily (Runs daily at 10:22 م)


The file updatetask.exe has been discovered within the following programs.

Ask Toolbar  by Ask.com
The Ask Toolbar is a web-browser add-on that can appear as an extra bar added to the browser's window and/or menu. It is often installed (sometimes without warning) during the installation of other software. Ask.
help.ask.com/link/portal/30015/30018/Article/1/How-do-I-remove-the-Ask-com-Toolbar
81% remove it
Support.com Toolbar  by Ask.com
Support.com Toolbar is an Ask.com powered toolbar. The Ask Toolbar is a web-browser add-on that can appear as an extra bar added to the browser's window and/or menu. It is often installed (sometimes without warning) during the installation of other software. Ask.
sp.ask.com/toolbar
81% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-50-181-163.deploy.static.akamaitechnologies.com  (23.50.181.163:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to host-213.158.175.98.tedata.net  (213.158.175.98:80)

TCP (HTTP):

TCP (HTTP):

Remove updatetask.exe - Powered by Reason Core Security