Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

10.2.1.2634 36.36%
10.2.1.2612 54.55%
1.0.0.2539 9.09%

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegOpenKeyExW, AdjustTokenPrivileges, DuplicateTokenEx, LookupPrivilegeValueW, ConvertStringSidToSidW, SetTokenInformation, CreateProcessAsUserW, GetTokenInformation, OpenProcessToken, RegQueryValueExW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, ControlService, ReportEventW, QueryServiceStatusEx, SetServiceStatus, ChangeServiceConfigW, StartServiceW, ChangeServiceConfig2W, DeregisterEventSource, RegisterServiceCtrlHandlerExW, RegCreateKeyW, EnumDependentServicesW, StartServiceCtrlDispatcherW, DeleteService, RegisterEventSourceW, CreateServiceW, RegSetValueExW, OpenServiceW, OpenSCManagerW, CloseServiceHandle, RegCloseKey, RegCreateKeyExW
kernel32.dll
GetSystemWindowsDirectoryW, GetCurrentThread, WideCharToMultiByte, LoadLibraryW, SetThreadPriority, LocalAlloc, GetShortPathNameW, LocalFree, GlobalAlloc, CreateFileW, DeviceIoControl, GetVolumeInformationW, GetSystemDefaultLangID, GetFileSize, SetFilePointer, SetEndOfFile, CreateDirectoryW, WriteFile, ReadFile, GetLocalTime, DeleteFileW, GetCurrentProcessId, SetFileAttributesW, InterlockedDecrement, FindFirstFileW, GetFileAttributesW, FlushFileBuffers, FindClose, FindNextFileW, lstrlenW, GetQueuedCompletionStatus, RaiseException, InterlockedExchange, ResetEvent, GetExitCodeThread, PostQueuedCompletionStatus, GetSystemInfo, WaitForMultipleObjects, CreateIoCompletionPort, GetLogicalDriveStringsW, OpenProcess, GetSystemDirectoryW, ProcessIdToSessionId, QueryDosDeviceW, EncodePointer, DecodePointer, GetEnvironmentVariableW, GetCurrentThreadId, GetProcessHeap, GetTickCount, OutputDebugStringW, FindResourceExW, HeapFree, HeapAlloc, GlobalFree, MultiByteToWideChar, CreateThread, CreateEventW, GetLastError, TerminateThread, SetEvent, SetPriorityClass, WaitForSingleObject, Sleep, MoveFileExW, CloseHandle, GetProcAddress, GetModuleFileNameW, GetModuleHandleW, GetCurrentProcess, DeleteCriticalSection, LockResource, EnterCriticalSection, LeaveCriticalSection, GetVersionExW, SizeofResource, InitializeCriticalSectionAndSpinCount, InitializeCriticalSection, LoadResource, FindResourceW, GetStringTypeW, HeapDestroy, lstrlenA, WriteConsoleW, SetStdHandle, ReadConsoleW, HeapReAlloc, GetConsoleMode, HeapSize, GetCommandLineW, GetSystemTimeAsFileTime, IsDebuggerPresent, GetConsoleCP, SetFilePointerEx, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetFileType, GetStdHandle, GetModuleHandleExW, ExitProcess, GetOEMCP, GetACP, IsValidCodePage, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, GetStartupInfoW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, TerminateProcess, SetLastError, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCPInfo, RtlUnwind, LoadLibraryExW, ExitThread, IsProcessorFeaturePresent, InterlockedIncrement, GetModuleHandleA, LoadLibraryA, GetModuleFileNameA
ole32.dll
CoSetProxyBlanket, CoUninitialize, CoInitializeEx, CoInitialize, CoInitializeSecurity, CoCreateInstance
psapi.dll
EnumProcesses, EnumProcessModules, GetModuleFileNameExW
sensapi.dll
IsNetworkAlive
shell32.dll
SHGetFolderPathW, ShellExecuteExW, SHChangeNotify
shlwapi.dll
PathAppendW, SHDeleteKeyW, StrTrimW, StrChrW, StrCpyW, PathFindExtensionW, PathFindFileNameW, StrCmpIW, PathFileExistsW
user32.dll
wsprintfW
userenv.dll
DestroyEnvironmentBlock, CreateEnvironmentBlock
version.dll
VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
winhttp.dll
WinHttpQueryDataAvailable, WinHttpQueryHeaders, WinHttpOpenRequest, WinHttpConnect, WinHttpWriteData, WinHttpSendRequest, WinHttpGetIEProxyConfigForCurrentUser, WinHttpSetOption, WinHttpSetTimeouts, WinHttpReceiveResponse, WinHttpGetProxyForUrl, WinHttpCrackUrl, WinHttpReadData, WinHttpAddRequestHeaders, WinHttpOpen, WinHttpCloseHandle
wininet.dll
InternetCheckConnectionW, InternetOpenW, InternetOpenUrlW, HttpQueryInfoW, InternetCloseHandle, InternetCrackUrlW, InternetReadFile, InternetConnectW, HttpOpenRequestW, HttpAddRequestHeadersW, InternetSetOptionW, HttpSendRequestW

eGdpSvc.exe

Wsys Control by Banyan Tree Technology Limited (Signed)

Remove eGdpSvc.exe
Version:   10.2.1.2634
MD5:   256f569179d786680cd216c0240a42d3
SHA1:   f584b2ca7a53d135bbc6c7eab6c43e439bf3a9da
SHA256:   ac6d61858cb68a5bff6f42106dd11648981d3f8eae3b558b66bb44f014d4ab6e
Warning 23 antivirus scanners has detected malware.

Overview

egdpsvc.exe is malware that runs as a service under the name WsysSvc (WsysSvc) with extensive SYSTEM privileges (full administrator access). It is installed with a couple of know programs including Wsys Control 10.2.1.2634 published by Banyan Tree Technology Limited and DProtect published by DProtect Lab. The file is digitally signed by Banyan Tree Technology Limited which was issued by the GlobalSign nv-sa certificate authority (CA).

DetailsDetails

File name:egdpsvc.exe
Publisher:Wsys Co., Ltd.
Product name:Wsys Control
Description:Wsys Control 1.0.0.2539
Typical file path:C:\Documents and Settings\user\Application data\esafe\egdpsvc.exe
File version:10.2.1.2634
Size:806.56 KB (825,920 bytes)
Build date:9/9/2013 12:20 AM
Certificate
Issued to:Banyan Tree Technology Limited
Authority (CA):GlobalSign nv-sa
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Wsys Control
 Banyan Tree Technology Limited
  66% remove
Wsys Control also known as Delta-homes.com is a potentially unwanted web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser. In addition it will modify the user's browser home and search pages as well as 'New Tab' pages to push advertising and search. It is typically defined as a unwanted application by various malware vendors.
DProtect
 DProtect Lab
  78% remove
DProtect is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings. In some cases, the program will monitor a user's behavior and will inject rival advertisements over existing one or just inject new ones all together. As part of the installation process the publisher may offer changes to your Internet Browser settings. These changes if app...

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • WsysSvc
  • 'WsysSvc' (Wsys Service)

MalwareMalware detections

Based on 40+ industry antivirus scanners, 23 of them detected the following malware.
Antivirus engineEngine versionDetection
Agnitum 5.5.1.3 Trojan.Staser!
AhnLab V3 Internet Security 2013.10.15 Trojan/Win32.Staser
Avira AntiVir 7.11.107.160 TR/Staser.rfm
Antiy Labs AVL 2.0.3.7 Trojan/Win32.Staser
CAT Quick Heal 10.13.12.00 Trojan.Staser.fv
Comodo Internet Security 17109 Heur.Suspicious
Dr.Web 8.13.10.15 Adware.Mutabaha.25
ESET NOD32 7.8917 a variant of Win32/ELEX.S
Fortinet 5.1.147.0 W32/Staser.FV!tr
Jiangmin 16.0.100 Trojan/Staser.ax
Kaspersky 9.0.0.837 Trojan.Win32.Staser.fv
Kingsoft 2013.4.9.267 Win32.Troj.Staser.fv.(kcloud)
Malwarebytes 1.75.0.1 PUP.Optional.DProtect.A
McAfee 5.600.1067 Adware-Bprotect
McAfee Gateway Anti-Malware v2013-dat Adware-Bprotect
Panda Antivirus 10.0.3.5 Trj/Staser.A
Sophos 4.93.0 Mal/VMProtBad-A
Symantec 20131.1.5.61 SecurityRisk.BL
Trend Micro 9.740.0.1012 TROJ_STASER.AB
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.R0CBB01JD13
Vba32 AntiVirus 3.12.24.3 Trojan.Staser
VIPRE Antivirus 22398 Elex Installer (fs)
ViRobot 2011.4.7.4223 Trojan.Win32.S.Agent.825920

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00959053%
0.028634%
Kernel CPU:0.00861450%
0.013761%
User CPU:0.00097603%
0.014873%
Kernel CPU time:4,375 ms/min
100,923,805ms/min
Memory
Private memory:7.38 MB
21.59 MB
Private (maximum):9.95 MB
Private (minimum):9.92 MB
Non-paged memory:7.38 MB
21.59 MB
Virtual memory:52.61 MB
140.96 MB
Virtual memory (peak):62.4 MB
169.69 MB
Working set:9.93 MB
18.61 MB
Working set (peak):12.38 MB
37.95 MB
Resource allocations
Threads:13
12
Handles:193
600
GUI GDI count:4
103
GUI USER count:4
49

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command line:"C:\Documents and Settings\user\Application data\esafe\egdpsvc.exe"
Owner:SYSTEM
Windows Service
Service name:WsysSvc
Display name:WsysSvc
Description:“Wsys update service”
Type:Win32OwnProcess

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 27.27%
Microsoft Windows XP 27.27%
Windows 7 Professional 27.27%
Windows 8 Pro 9.09%
Windows 8 9.09%

Distribution by countryDistribution by country

Brazil installs about 18.18% of Wsys Control.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
MSI 28.57%
American Megatrends 14.29%
Acer 14.29%
GIGABYTE 14.29%
Dell 14.29%
Hewlett-Packard 7.14%
Samsung 7.14%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE