DProtectSvc.exe
eBP Security Protection by Banyan Tree Technology Limited (Signed)
Warning 36 antivirus scanners has detected malware in various versions of DProtectSvc.exe.
Overview
dprotectsvc.exe has 2 known versions, the most recent one is 1.0.0.1. It is started as a Windows Service with the name 'DPService' and described as “DProtect Service”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). The average file size is about 335.81 KB. It is an authenticode code-signed executable issued to Banyan Tree Technology Limited by the certification authority GlobalSign nv-sa. Some variations of the file have been seen to be installed with the program DProtect from DProtect Lab. During the process's lifecycle, the typical CPU resource utilization is about 0.0031% including both foreground and background operations, the average private memory consumption is about 4.99 MB. Addionally, typically read and write I/O disk operations is about 1.27 MB per minute for reads and 21.1 KB per minute for writes.
 Details
|
| File name: | dprotectsvc.exe |
| Publisher: | Woodtale Technology Inc |
| Product name: | eBP Security Protection |
| Description: | eBPSvc |
| Typical file path: | C:\users\user\appdata\local\dprotect\dprotectsvc.exe |
| Certificate |
| Issued to: | Banyan Tree Technology Limited |
| Authority (CA): | GlobalSign nv-sa |
| Effective date: | Tuesday, October 1, 2013 |
| Expiration date: | Sunday, November 1, 2015 |
| Windows Service |
| Service name: | DPService |
| Description: | “DProtect Service” |
| Type: | Win32OwnProcess |
Programs installed in
(Note, the programs listed below are for all versions of eBP Security Protection.)
DProtect is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings. In some cases, the program will monit...
Behaviors
(Note, the behaviors below are for all versions of dprotectsvc.exe, select a unique version for details.)
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Malware detections
Based on 40+ industry antivirus scanners, 36 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Staser |
1.0.0.1 |
| avast! |
8.0.1489.320 |
Win32:Staser-A [Trj] |
1.0.0.1 |
| avast! |
8.0.1489.320 |
Win32:Staser-A [Trj] |
1.0.0.1 |
| CAT Quick Heal |
10.13.12.00 |
Trojan.Staser.fv |
1.0.0.1 |
| CAT Quick Heal |
10.13.12.00 |
Trojan.Staser.fv |
1.0.0.1 |
| Comodo Internet Security |
17072 |
UnclassifiedMalware |
1.0.0.1 |
| Comodo Internet Security |
17053 |
UnclassifiedMalware |
1.0.0.1 |
| Dr.Web |
8.13.10.10 |
Adware.Mutabaha.24 |
1.0.0.1 |
| Dr.Web |
8.13.10.15 |
Adware.Mutabaha.28 |
1.0.0.1 |
| ESET NOD32 |
7.8889 |
a variant of Win32/ELEX.T |
1.0.0.1 |
| Fortinet |
5.1.147.0 |
W32/Staser.FV!tr |
1.0.0.1 |
| Fortinet |
5.1.147.0 |
W32/Staser.FV!tr |
1.0.0.1 |
| G Data |
13.10.22 |
Win32.Trojan.Agent.IX3DHN |
1.0.0.1 |
| Ikarus |
T3.1.5.4.0 |
Trojan.Win32.Staser |
1.0.0.1 |
| Kaspersky |
9.0.0.837 |
Trojan.Win32.Staser.fv |
1.0.0.1 |
| Kaspersky |
9.0.0.837 |
Trojan.Win32.Staser.fv |
1.0.0.1 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Staser.fv.(kcloud) |
1.0.0.1 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Staser.fv.(kcloud) |
1.0.0.1 |
| Malwarebytes |
1.75.0.1 |
Trojan.Staser |
1.0.0.1 |
| Malwarebytes |
1.75.0.1 |
Trojan.Staser |
1.0.0.1 |
| McAfee |
5.600.1067 |
Adware-Bprotect |
1.0.0.1 |
| McAfee |
5.600.1067 |
Adware-Bprotect |
1.0.0.1 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Adware-Bprotect |
1.0.0.1 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Adware-Bprotect |
1.0.0.1 |
| Panda Antivirus |
10.0.3.5 |
Generic Malware |
1.0.0.1 |
| Sophos |
4.93.0 |
Generic PUA FN |
1.0.0.1 |
| Sophos |
4.93.0 |
Generic PUA HA |
1.0.0.1 |
| Symantec |
20131.1.5.61 |
WS.Reputation.1 |
1.0.0.1 |
| Trend Micro |
9.740.0.1012 |
ADW_BPROTECT |
1.0.0.1 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0904 |
1.0.0.1 |
| Trend Micro HouseCall |
9.700.0.1001 |
ADW_BPROTECT |
1.0.0.1 |
| Vba32 AntiVirus |
3.12.24.3 |
Trojan.Staser |
1.0.0.1 |
| Vba32 AntiVirus |
3.12.24.3 |
Trojan.Staser |
1.0.0.1 |
| VIPRE Antivirus |
22192 |
Elex Installer (fs) |
1.0.0.1 |
| VIPRE Antivirus |
22102 |
Elex Installer (fs) |
1.0.0.1 |
| ViRobot |
2011.4.7.4223 |
Trojan.Win32.S.Agent.345152 |
1.0.0.1 |
All file variations of dprotectsvc.exe
