Extended Update
by installCore
What is Extended Update?
Extended Update is software application developed by installCore. It is most commonly found on computers running Windows 7 with nearly 46.16% of installations running this operating system. Extended Update's installer is typically 664.00 KB in size and installs around 45 files.
Extended Update is most popular in the United States with 84.99% of installations residing in this country.
Extended Update adds 6 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times.
Multiple virus scanners have detected malware in Extended Update.
| Scanner Software | Version | Result |
|---|---|---|
| AVware | 1.5.0.16 | Trojan.Win32.Generic!BT |
| Baidu-International | 3.5.1.41473 | Adware.Win32.Visicom.81 |
| ESET-NOD32 | 10201 | a variant of Win32/Toolbar.Visicom.C |
| IKARUS anti.virus | T3.1.6.1.0 | PUA.SearchAndMedia |
| VIPRE Antivirus | 31916 | Trojan.Win32.Generic!BT |
| Scanner Software | Version | Result |
|---|---|---|
| AVware | 1.5.0.21 | Trojan.Win32.Generic!BT |
| ESET-NOD32 | 11432 | a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe |
| K7 AntiVirus | 9.202.15497 | Unwanted-Program ( 004b90b41 ) |
| K7GW | 9.202.15496 | Unwanted-Program ( 004b90b41 ) |
| Kaspersky | 15.0.1.10 | not-a-virus:WebToolbar.Win32.SearchSuite.w |
| VIPRE Antivirus | 39108 | Trojan.Win32.Generic!BT |
| Baidu-International | 3.5.1.41473 | Adware.Win32.Visicom.81 |
| IKARUS anti.virus | T3.1.6.1.0 | PUA.SearchAndMedia |
Software Behaviors
- Services:
-
- CVHSVC.EXE runs as a service named 'cvhsvc' (cvhsvc) "Client Virtualization Handler Service (unlocalized description)".
- CVHBS.EXE runs as a service named 'McAfee Application Installer Cleanup (0201661432130199)' (0201661432130199mcinstcleanup).
- Adobe AIR Updater.exe runs as a service named 'McAfee Application Installer Cleanup (0265021448337632)' (0265021448337632mcinstcleanup).
- atcliun.exe runs as a service named 'Optimizer Pro Crash Monitor' (70e6ca8c).
- Scheduled tasks:
-
- CVH.EXE is scheduled as a task with the class '{A39DACC4-31DF-466F-A88B-716DF45C2724}' (runs on registration).
- UpdateTask.exe is scheduled as a task named 'WSE_Vosteran' (runs daily at 3:32 PM).
- CVHBS.EXE is scheduled as a task named 'UpdaterEX' (runs daily at 3:07 PM).
- C2RICONS.EXE is scheduled as a task with the class '{C9D0AF2A-4179-4A5C-A53B-BA0FF5C4894F}' (runs on registration).
- CVHSVC.EXE is scheduled as a task with the class '{9CCF83FE-C6A1-43D4-AC4A-58785C8D2252}' (runs on registration).
- OFFICEVIRT.EXE is scheduled as a task with the class '{3B23BCDA-6BDB-437D-B180-6439CB4337D7}' (runs on registration).
Startup Entries
- Registry entries:
-
- CVH.EXE is loaded in the current user (HKCU) registry as an auto-starting executable named 'Microsoft Office Client Virtualization Handler' and executes as C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE.
Software Details
- URL:
- https://www.installcore.com
- Support:
- –
- Installation path:
- C:\users\user\appdata\roaming\updaterex\updateproc
- Uninstaller:
- C:\users\user\appdata\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe /Uninstall
- Size:
- 664.00 KB
- Language:
- English
Extended Update Executable Details
- Primary executable:
- UpdateTask.exe
- Name:
- Extended Update
- Path:
- C:\users\user\appdata\roaming\updaterex\updateproc\UpdateTask.exe
- MD5:
- 5f6f4ee3faa18ef7e386864cedf6dc06
- SHA-1:
- –
- SHA-256:
- –
| File Type | Filename | MD5 |
|---|---|---|
|
EXE
|
f2c82ba7e80c6054d5d20f3fbd4cfd34 | |
|
EXE
|
dtuser.exe
Malware
|
541d52441b96386fd1928fc8e831820a |
|
EXE
|
5f6f4ee3faa18ef7e386864cedf6dc06 | |
|
DLL
|
75e0f057c9fc088fdda0a751cc342d4b | |
|
DLL
|
fe6b5a67543c47a3ccbc41c459e850fb | |
|
EXE
|
4a58983547f4bb7877d082c6c0a7e92e | |
|
DLL
|
searchresultsDx64.dll
Malware
|
363eb0792c4bd7965184b542a5642f61 |
|
DLL
|
da234fa9f73a19a8cae52cfeaa2031ad | |
|
DLL
|
a26de78056e56baeb527cf3ccdcde63d | |
|
DLL
|
9274deb5715746f32f837c9330f96b65 |