We received the file EGDPSVC.EXE and detected that EGDPSVC.EXE is not good.
EGDPSVC.EXE is Adware. You should remove the file EGDPSVC.EXE.
Kill the process EGDPSVC.EXE and remove EGDPSVC.EXE from Windows.
Malware Analysis of EGDPSVC.EXE
Full path on a computer: %Common Appdata%\eSafe\eGdpSvc.exe
Detected by UnHackMe:
Item Name: WsysSvc
Author: Wsys Co., Ltd.
Related File: %Common Appdata%\eSafe\eGdpSvc.exe
Type: Auto Services
Item Name: eGdpSvc.exe
Author: Wsys Co., Ltd.
Related File: %COMMON APPDATA%\ESAFE\EGDPSVC.EXE
Type: Running Processes
Item Name: %Common Appdata%\ESAFE\
Author:
Current Setting: %Common Appdata%\ESAFE\
Type: Unwanted Software Files
Item Name: EGDPSVC.EXE
Author:
Related File: %COMMON APPDATA%\ESAFE\EGDPSVC.EXE
Type: Multi AV Detected Files
Removal Results: Success
Number of reboot: 1
EGDPSVC.EXE is known as:
Adware.WebSearch, SecurityRisk.exqWebSearch, a variant of Win32.ELEX.M
EGDPSVC.EXE hash:
- MD5: 9AA537B86A28BAA3B2CBCB214240CBB1
The file tries to connect to the dangerous web site.
How to quickly detect EGDPSVC.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\Eventlog\Application\WsysSvc\TypesSupported: 0×00000007
- HKLM\System\CurrentControlSet\Services\WsysSvc\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\WsysSvc\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\WsysSvc\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\WsysSvc\ImagePath: “%Common Appdata%\eSafe\eGdpSvc.exe”
- HKLM\System\CurrentControlSet\Services\WsysSvc\DisplayName: “Wsys Service”
- HKLM\System\CurrentControlSet\Services\WsysSvc\Group: “SchedulerGroup”
- HKLM\System\CurrentControlSet\Services\WsysSvc\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\WsysSvc\Description: “Wsys update service”
- HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sources: ‘WsysSvc WSH WMIAdapter WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSS VMUpgradeHelper vmtools VBRuntime Userinit Userenv TPVCGateway Tlntsvr SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft H.323 Telephony Service Provider Microsoft (R) Visual C# 2005 Compiler LoadPerf HelpSvc Folder Redirection File Deployment EventSystem ESENT DrWatson Dot3Svc DiskQuota crypt32 COM+ COM Ci Chkdsk AutoEnrollment Autochk ASP.NET 2.0.50727.0 Application Management Application Hang Application Error .NET Runtime Optimization Service .NET Runtime 2.0 Error Reporting .NET Runtime Application’
Folders:- %Common Appdata%\eSafe
- %Common Appdata%\eSafe\log
- C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies
- C:\Documents and Settings\LocalService\Local Settings\Temp\History
Files:- %Common Appdata%\eSafe\eDelayinfo.edb
- %Common Appdata%\eSafe\eGdpSvc.exe
- %Common Appdata%\eSafe\log\eGdpSvc.LOG
- C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat
- C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\desktop.ini
- C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat