Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

VersionsAdditional versions

1.0.0.2522 66.67%
1.0.0.2405 16.67%
1.0.0.1982 16.67%

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
ConvertStringSidToSidW, AdjustTokenPrivileges, DuplicateTokenEx, LookupPrivilegeValueW, SetTokenInformation, CreateProcessAsUserW, GetTokenInformation, OpenProcessToken, RegQueryValueExW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, ControlService, ReportEventW, QueryServiceStatusEx, SetServiceStatus, ChangeServiceConfigW, StartServiceW, ChangeServiceConfig2W, DeregisterEventSource, RegisterServiceCtrlHandlerExW, RegCreateKeyW, EnumDependentServicesW, StartServiceCtrlDispatcherW, DeleteService, RegisterEventSourceW, CreateServiceW, RegSetValueExW, RegOpenKeyExW, OpenServiceW, OpenSCManagerW, CloseServiceHandle, RegCloseKey, RegCreateKeyExW
comctl32.dll
InitCommonControls
kernel32.dll
GetSystemWindowsDirectoryW, GetCurrentThread, WideCharToMultiByte, LoadLibraryW, SetThreadPriority, LocalAlloc, GetShortPathNameW, LocalFree, GlobalAlloc, CreateFileW, DeviceIoControl, GetVolumeInformationW, GetSystemDefaultLangID, GetFileSize, SetFilePointer, SetEndOfFile, CreateDirectoryW, WriteFile, ReadFile, GetLocalTime, DeleteFileW, GetCurrentProcessId, SetFileAttributesW, GetFileAttributesW, FlushFileBuffers, GetQueuedCompletionStatus, RaiseException, InterlockedExchange, ResetEvent, GetExitCodeThread, PostQueuedCompletionStatus, GetSystemInfo, WaitForMultipleObjects, CreateIoCompletionPort, lstrlenW, GetLogicalDriveStringsW, OpenProcess, GetSystemDirectoryW, ProcessIdToSessionId, QueryDosDeviceW, WriteConsoleW, SetStdHandle, GetEnvironmentVariableW, GetCurrentThreadId, GetProcessHeap, GetTickCount, OutputDebugStringW, HeapFree, HeapAlloc, GlobalFree, MultiByteToWideChar, CreateThread, CreateEventW, GetLastError, TerminateThread, SetEvent, SetPriorityClass, WaitForSingleObject, Sleep, MoveFileExW, CloseHandle, GetProcAddress, GetModuleFileNameW, GetModuleHandleW, GetCurrentProcess, DeleteCriticalSection, LockResource, EnterCriticalSection, LeaveCriticalSection, GetVersionExW, SizeofResource, InitializeCriticalSectionAndSpinCount, FindResourceExW, InitializeCriticalSection, LoadResource, FindResourceW, ReadConsoleW, GetConsoleMode, GetConsoleCP, SetFilePointerEx, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetFileType, GetStdHandle, GetModuleHandleExW, ExitProcess, GetOEMCP, GetACP, IsValidCodePage, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, GetStartupInfoW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, TerminateProcess, SetLastError, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCPInfo, RtlUnwind, LoadLibraryExW, ExitThread, IsProcessorFeaturePresent, IsDebuggerPresent, GetSystemTimeAsFileTime, GetCommandLineW, HeapSize, HeapReAlloc, HeapDestroy, GetStringTypeW, DecodePointer, EncodePointer, InterlockedDecrement, InterlockedIncrement, lstrcpy
psapi.dll
GetModuleFileNameExW, EnumProcessModules, EnumProcesses
sensapi.dll
IsNetworkAlive
shell32.dll
ShellExecuteExW, SHGetFolderPathW, SHChangeNotify
shlwapi.dll
StrChrW, SHDeleteKeyW, StrCpyW, StrTrimW
user32.dll
wsprintfW
userenv.dll
CreateEnvironmentBlock, DestroyEnvironmentBlock
version.dll
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
winhttp.dll
WinHttpOpenRequest, WinHttpReceiveResponse, WinHttpReadData, WinHttpCrackUrl, WinHttpGetProxyForUrl, WinHttpAddRequestHeaders, WinHttpOpen, WinHttpQueryDataAvailable, WinHttpQueryHeaders, WinHttpCloseHandle, WinHttpConnect, WinHttpWriteData, WinHttpSendRequest, WinHttpGetIEProxyConfigForCurrentUser, WinHttpSetOption, WinHttpSetTimeouts
wininet.dll
InternetCheckConnectionW, InternetOpenW, InternetOpenUrlW, HttpQueryInfoW, InternetCloseHandle, InternetCrackUrlW, InternetReadFile, InternetConnectW, HttpSendRequestW, InternetSetOptionW, HttpAddRequestHeadersW, HttpOpenRequestW

eGdpSvc.exe

eSafe Security Control by Banyan Tree Technology Limited (Signed)

Remove eGdpSvc.exe
Version:   1.0.0.2522
MD5:   7d8dd3520a5b113a248b4867492e7dfe
SHA1:   8157d0c50cdad9f608fcc1698d945a9c16114b35
SHA256:   c22379672bf9062d10a197b93046d5c8bf18edb26f9e654699f840c91b6c6edb
Warning 10 antivirus scanners has detected malware.

Overview

egdpsvc.exe is malware that runs as a service under the name eSafeSvc (eSafeSvc) within the local user context. It is installed with a couple of know programs including eSafe Security Control 1.0.0.2522 published by Banyan Tree Technology Limited and Wsys Control 1.0.0.2557 published by Banyan Tree Technology Limited. The file is digitally signed by Banyan Tree Technology Limited which was issued by the GlobalSign nv-sa certificate authority (CA).

DetailsDetails

File name:egdpsvc.exe
Publisher:eSafe Security Co., Ltd.
Product name:eSafe Security Control
Description:eSafe Security Control 1.0.0.2522
Typical file path:C:\ProgramData\esafe\egdpsvc.exe
File version:1.0.0.2522
Size:353.06 KB (361,536 bytes)
Build date:6/20/2013 12:20 AM
Certificate
Issued to:Banyan Tree Technology Limited
Authority (CA):GlobalSign nv-sa
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Banyan Tree Technology Limited
  83% remove
eSafe is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser.
Banyan Tree Technology Limited
  68% remove
Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser. In addition it will modify the user's browser home and search pages as well as 'New Tab' pages to push advertising and search. It is typically defined as a unwanted application by various malware vendors.

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • eSafeSvc
  • 'eSafeSvc' (eSafe Service)

MalwareMalware detections

Based on 40+ industry antivirus scanners, 10 of them detected the following malware.
Antivirus engineEngine versionDetection
AhnLab V3 Internet Security 2013.08.26 Trojan/Win32.Staser
Antiy Labs AVL 2.0.3.7 Trojan/Win32.Staser
Dr.Web 8.13.10.5 Adware.Mutabaha.14
ESET NOD32 7.8727 a variant of Win32/ELEX.M
Fortinet 5.1.146.0 W32/Staser.FV!tr
Ikarus T3.1.5.4.0 Trojan.Win32.Staser
Kaspersky 9.0.0.837 Trojan.Win32.Staser.fv
PC Tools 9.0.0.2 SecurityRisk.exqWebSearch
Symantec 20131.1.0.101 exqWebSearch
VIPRE Antivirus 20888 Elex Installer (fs)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00294835%
0.028634%
Kernel CPU:0.00239089%
0.013761%
User CPU:0.00055746%
0.014873%
Kernel CPU time:1,334,195 ms/min
100,923,805ms/min
Memory
Private memory:3.47 MB
21.59 MB
Private (maximum):7.23 MB
Private (minimum):316 KB
Non-paged memory:3.47 MB
21.59 MB
Virtual memory:64.03 MB
140.96 MB
Virtual memory (peak):66.79 MB
169.69 MB
Working set:3.11 MB
18.61 MB
Working set (peak):7.24 MB
37.95 MB
Resource allocations
Threads:14
12
Handles:162
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:C:\ProgramData\esafe\egdpsvc.exe
Owner:User
Windows Service
Service name:eSafeSvc
Display name:eSafeSvc
Description:“System eSafe update service”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 50.00%
Windows 7 Home Premium 33.33%
Microsoft Windows XP 16.67%

Distribution by countryDistribution by country

Argentina installs about 33.33% of eSafe Security Control.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 50.00%
ASUS 50.00%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE