eGdpSvc.exe
Wsys Control by Banyan Tree Technology Limited (Signed)
Warning 70 antivirus scanners has detected malware in various versions of eGdpSvc.exe.
Overview
There are 3 versions of egdpsvc.exe in the wild, the latest version being 10.2.1.2634. It is started as a Windows Service called 'WsysSvc' with the name 'WsysSvc' and described as “Wsys update service”. . The average file size is about 493.4 KB. The file is a digitally signed and issued to Banyan Tree Technology Limited by GlobalSign nv-sa. The programs Wsys Control 10.2.1.2634, DProtect and Wsys Control 10.2.1.2612 have been observed as installing specific variations of egdpsvc.exe. During the process's lifecycle, the typical CPU resource utilization is about 0.0055% including both foreground and background operations, the average private memory consumption is about 6.42 MB with the maximum memory reaching around 10.1 MB.
 Details
|
| File name: | egdpsvc.exe |
| Publisher: | Wsys Co., Ltd. |
| Product name: | Wsys Control |
| Description: | Wsys Control 1.0.0.2539 |
| Typical file path: | C:\Documents and Settings\user\Application data\esafe\egdpsvc.exe |
| Certificate |
| Issued to: | Banyan Tree Technology Limited |
| Authority (CA): | GlobalSign nv-sa |
| Windows Service |
| Service name: | WsysSvc |
| Display name: | WsysSvc |
| Description: | “Wsys update service” |
| Type: | Win32OwnProcess |
Programs installed in
(Note, the programs listed below are for all versions of Wsys Control.)
|
Banyan Tree Technology Limited |
|
Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web brows...
DProtect is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings. In some cases, the program will monit...
Behaviors
(Note, the behaviors below are for all versions of egdpsvc.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- WsysSvc
- 'WsysSvc' (Wsys Service)
Malware detections
Based on 40+ industry antivirus scanners, 70 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Agnitum |
5.5.1.3 |
Trojan.Staser! |
10.2.1.2634 |
| AhnLab V3 Internet Security |
2013.10.10 |
Trojan/Win32.Staser |
10.2.1.2612 |
| AhnLab V3 Internet Security |
2013.10.15 |
Trojan/Win32.Staser |
10.2.1.2634 |
| Avira AntiVir |
7.11.107.160 |
TR/Staser.rfm |
10.2.1.2634 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Staser |
1.0.0.2539 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Staser |
10.2.1.2612 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Staser |
10.2.1.2634 |
| AVG |
13.0.0.3169 |
Generic34.BBYT |
1.0.0.2539 |
| AVG |
13.0.0.3169 |
Startpage.A |
10.2.1.2612 |
| Baidu Antivirus |
3.5.1.41473 |
Trojan.Win32.StartPage.34 |
10.2.1.2612 |
| BitDefender |
7.2 |
Adware.Generic.561930 |
1.0.0.2539 |
| BitDefender |
7.2 |
Application.ExqPage.F |
10.2.1.2612 |
| CAT Quick Heal |
10.13.12.00 |
Trojan.Agent.gen |
10.2.1.2612 |
| CAT Quick Heal |
10.13.12.00 |
Trojan.Staser.fv |
10.2.1.2634 |
| Commtouch |
5.4.1.7 |
W32/Clicker.GNDS-2449 |
1.0.0.2539 |
| Comodo Internet Security |
17007 |
Application.Win32.Agent.~WY |
1.0.0.2539 |
| Comodo Internet Security |
17077 |
Heur.Suspicious |
10.2.1.2612 |
| Comodo Internet Security |
17109 |
Heur.Suspicious |
10.2.1.2634 |
| Dr.Web |
8.13.10.8 |
Adware.Mutabaha.15 |
1.0.0.2539 |
| Dr.Web |
8.13.10.10 |
Adware.Mutabaha.20 |
10.2.1.2612 |
| Dr.Web |
8.13.10.15 |
Adware.Mutabaha.25 |
10.2.1.2634 |
| Emsisoft Anti-Malware |
3.0.0.589 |
Adware.Generic.561930 (B) |
1.0.0.2539 |
| ESET NOD32 |
7.8851 |
a variant of Win32/ELEX.M |
1.0.0.2539 |
| ESET NOD32 |
7.8896 |
a variant of Win32/ELEX.S |
10.2.1.2612 |
| ESET NOD32 |
7.8917 |
a variant of Win32/ELEX.S |
10.2.1.2634 |
| Fortinet |
5.1.147.0 |
Adware/Agent |
1.0.0.2539 |
| Fortinet |
5.1.147.0 |
Adware/Agent |
10.2.1.2612 |
| Fortinet |
5.1.147.0 |
W32/Staser.FV!tr |
10.2.1.2634 |
| F-Prot |
v6.4.7.1.166 |
W32/Clicker.CI |
1.0.0.2539 |
| F-Secure |
11.0.19100.45 |
Adware.Generic.561930 |
1.0.0.2539 |
| F-Secure |
11.0.19100.45 |
Application.ExqPage.F |
10.2.1.2612 |
| G Data |
13.10.22 |
Adware.Generic.561930 |
1.0.0.2539 |
| G Data |
13.10.22 |
Application.ExqPage.F |
10.2.1.2612 |
| Ikarus |
T3.1.5.4.0 |
Trojan.Win32.Staser |
10.2.1.2612 |
| Jiangmin |
16.0.100 |
Trojan/Staser.x |
10.2.1.2612 |
| Jiangmin |
16.0.100 |
Trojan/Staser.ax |
10.2.1.2634 |
| K7 AntiVirus |
9.173.9818 |
Unwanted-Program |
10.2.1.2612 |
| K7GW |
12.7.0.14 |
Unwanted-Program |
10.2.1.2612 |
| Kaspersky |
9.0.0.837 |
Trojan.Win32.Staser.fv |
1.0.0.2539 |
| Kaspersky |
9.0.0.837 |
Trojan.Win32.Staser.fv |
10.2.1.2612 |
| Kaspersky |
9.0.0.837 |
Trojan.Win32.Staser.fv |
10.2.1.2634 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Staser.fv.(kcloud) |
1.0.0.2539 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
10.2.1.2612 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Staser.fv.(kcloud) |
10.2.1.2634 |
| Malwarebytes |
1.75.0.1 |
Adware.Elex |
1.0.0.2539 |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.DProtect.A |
10.2.1.2634 |
| McAfee |
5.600.1067 |
PUP-FCT!640D75DC77F6 |
1.0.0.2539 |
| McAfee |
5.600.1067 |
Adware-Bprotect |
10.2.1.2612 |
| McAfee |
5.600.1067 |
Adware-Bprotect |
10.2.1.2634 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Adware-Bprotect |
10.2.1.2612 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Adware-Bprotect |
10.2.1.2634 |
| eScan by MicroWorld |
12.0.250.0 |
Adware.Generic.561930 |
1.0.0.2539 |
| eScan by MicroWorld |
12.0.250.0 |
Application.ExqPage.F |
10.2.1.2612 |
| Panda Antivirus |
10.0.3.5 |
Trj/Staser.A |
10.2.1.2634 |
| PC Tools |
9.0.0.2 |
SecurityRisk.exqWebSearch |
1.0.0.2539 |
| Sophos |
4.93.0 |
Mal/VMProtBad-A |
10.2.1.2634 |
| Symantec |
20131.1.5.61 |
SecurityRisk.BL |
10.2.1.2634 |
| Trend Micro |
9.740.0.1012 |
TROJ_GEN.R0CBC0PIS13 |
10.2.1.2612 |
| Trend Micro |
9.740.0.1012 |
TROJ_STASER.AB |
10.2.1.2634 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.R0CBH05IO13 |
10.2.1.2612 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.R0CBB01JD13 |
10.2.1.2634 |
| Vba32 AntiVirus |
3.12.24.3 |
Trojan.Staser |
1.0.0.2539 |
| Vba32 AntiVirus |
3.12.24.3 |
Trojan.Staser |
10.2.1.2612 |
| Vba32 AntiVirus |
3.12.24.3 |
Trojan.Staser |
10.2.1.2634 |
| VIPRE Antivirus |
21884 |
Elex Installer (fs) |
1.0.0.2539 |
| VIPRE Antivirus |
22226 |
Elex Installer (fs) |
10.2.1.2612 |
| VIPRE Antivirus |
22398 |
Elex Installer (fs) |
10.2.1.2634 |
| ViRobot |
2011.4.7.4223 |
Trojan.Win32.S.Agent.386112 |
1.0.0.2539 |
| ViRobot |
2011.4.7.4223 |
Trojan.Win32.S.Staser.303680 |
10.2.1.2612 |
| ViRobot |
2011.4.7.4223 |
Trojan.Win32.S.Agent.825920 |
10.2.1.2634 |
All file variations of egdpsvc.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
27.27% |
|
| Microsoft Windows XP |
27.27% |
|
| Windows 7 Professional |
27.27% |
|
| Windows 8 Pro |
9.09% |
|
| Windows 8 |
9.09% |
|
Distribution by country
Brazil installs about 18.18% of Wsys Control.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| MSI |
28.57% |
|
| American Megatrends |
14.29% |
|
| Acer |
14.29% |
|
| GIGABYTE |
14.29% |
|
| Dell |
14.29% |
|
| Hewlett-Packard |
7.14% |
|
| Samsung |
7.14% |
|
