eGdpSvc.exe
eSafe Security Control by Banyan Tree Technology Limited (Signed)
Warning 30 antivirus scanners has detected malware in various versions of eGdpSvc.exe.
Overview
egdpsvc.exe has 3 known versions, the most recent one is 1.0.0.2522. It is started as a Windows Service called 'eSafeSvc' with the name 'eSafeSvc' and described as “System eSafe update service”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). The average file size is about 550.56 KB. It is an authenticode code-signed executable issued to Banyan Tree Technology Limited by the certification authority GlobalSign nv-sa. The programs eSafe Security Control 1.0.0.2522, Wsys Control 1.0.0.2557 and Wsys Control 10.2.1.2634 have been observed as installing specific variations of egdpsvc.exe. During the process's lifecycle, the typical CPU resource utilization is about 0.0020% including both foreground and background operations, the average private memory consumption is about 4.6 MB with the maximum memory reaching around 7.36 MB.
 Details
|
| File name: | egdpsvc.exe |
| Publisher: | eSafe Security Co., Ltd. |
| Product name: | eSafe Security Control |
| Description: | eSafe Security Control 1.0.0.2522 |
| Typical file path: | C:\ProgramData\esafe\egdpsvc.exe |
| Certificate |
| Issued to: | Banyan Tree Technology Limited |
| Authority (CA): | GlobalSign nv-sa |
| Windows Service |
| Service name: | eSafeSvc |
| Display name: | eSafeSvc |
| Description: | “System eSafe update service” |
| Type: | Win32OwnProcess |
Programs installed in
(Note, the programs listed below are for all versions of eSafe Security Control.)
|
Banyan Tree Technology Limited |
|
eSafe is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.
|
Banyan Tree Technology Limited |
|
Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web brows...
Behaviors
(Note, the behaviors below are for all versions of egdpsvc.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- eSafeSvc
- 'eSafeSvc' (eSafe Service)
Malware detections
Based on 40+ industry antivirus scanners, 30 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| AhnLab V3 Internet Security |
2013.08.26 |
Trojan/Win32.Staser |
1.0.0.2522 |
| AhnLab V3 Internet Security |
2013.09.18 |
Trojan/Win32.Staser |
1.0.0.1982 |
| AhnLab V3 Internet Security |
2013.09.20 |
Trojan/Win32.Staser |
1.0.0.2405 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Staser |
1.0.0.2522 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Staser |
1.0.0.2405 |
| AVG |
13.0.0.3169 |
Generic34.AWYH |
1.0.0.1982 |
| AVG |
13.0.0.3169 |
Banan.B |
1.0.0.2405 |
| Bkav Security |
1.3.0.4246 |
HW32.CDB.Cd20 |
1.0.0.1982 |
| Dr.Web |
8.13.10.5 |
Adware.Mutabaha.14 |
1.0.0.2522 |
| Dr.Web |
8.13.10.5 |
Adware.Siggen.25992 |
1.0.0.2405 |
| ESET NOD32 |
7.8727 |
a variant of Win32/ELEX.M |
1.0.0.2522 |
| ESET NOD32 |
7.8813 |
Win32/ELEX.F |
1.0.0.1982 |
| ESET NOD32 |
7.8821 |
a variant of Win32/ELEX.M |
1.0.0.2405 |
| Fortinet |
5.1.146.0 |
W32/Staser.FV!tr |
1.0.0.2522 |
| Ikarus |
T3.1.5.4.0 |
Trojan.Win32.Staser |
1.0.0.2522 |
| Jiangmin |
16.0.100 |
Trojan/Generic.bgmke |
1.0.0.2405 |
| Kaspersky |
9.0.0.837 |
Trojan.Win32.Staser.fv |
1.0.0.2522 |
| Kaspersky |
9.0.0.837 |
Trojan.Win32.Staser.fv |
1.0.0.1982 |
| Kaspersky |
9.0.0.837 |
Trojan.Win32.Staser.fv |
1.0.0.2405 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
1.0.0.1982 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
1.0.0.2405 |
| McAfee |
5.600.1067 |
PUP-FCT!E536D1CDE3F6 |
1.0.0.2405 |
| McAfee Gateway Anti-Malware |
v2013-dat |
PUP-FCT!E536D1CDE3F6 |
1.0.0.2405 |
| PC Tools |
9.0.0.2 |
SecurityRisk.exqWebSearch |
1.0.0.2522 |
| PC Tools |
9.0.0.2 |
SecurityRisk.exqWebSearch |
1.0.0.2405 |
| Symantec |
20131.1.0.101 |
exqWebSearch |
1.0.0.2522 |
| Symantec |
20131.1.5.61 |
exqWebSearch |
1.0.0.2405 |
| VIPRE Antivirus |
20888 |
Elex Installer (fs) |
1.0.0.2522 |
| VIPRE Antivirus |
21586 |
Elex Installer (fs) |
1.0.0.1982 |
| VIPRE Antivirus |
21646 |
Elex Installer (fs) |
1.0.0.2405 |
All file variations of egdpsvc.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
50.00% |
|
| Windows 7 Home Premium |
33.33% |
|
| Microsoft Windows XP |
16.67% |
|
Distribution by country
Argentina installs about 33.33% of eSafe Security Control.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
50.00% |
|
| ASUS |
50.00% |
|
