Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

10.2.1.2634 36.36%
10.2.1.2612 54.55%
1.0.0.2539 9.09%

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegOpenKeyExW, AdjustTokenPrivileges, DuplicateTokenEx, LookupPrivilegeValueW, ConvertStringSidToSidW, SetTokenInformation, CreateProcessAsUserW, GetTokenInformation, OpenProcessToken, RegQueryValueExW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, ControlService, ReportEventW, QueryServiceStatusEx, SetServiceStatus, ChangeServiceConfigW, StartServiceW, ChangeServiceConfig2W, DeregisterEventSource, RegisterServiceCtrlHandlerExW, RegCreateKeyW, EnumDependentServicesW, StartServiceCtrlDispatcherW, DeleteService, RegisterEventSourceW, CreateServiceW, RegSetValueExW, OpenServiceW, OpenSCManagerW, CloseServiceHandle, RegCloseKey, RegCreateKeyExW
kernel32.dll
GetSystemWindowsDirectoryW, GetCurrentThread, WideCharToMultiByte, LoadLibraryW, SetThreadPriority, LocalAlloc, GetShortPathNameW, LocalFree, GlobalAlloc, CreateFileW, DeviceIoControl, GetVolumeInformationW, GetSystemDefaultLangID, GetFileSize, SetFilePointer, SetEndOfFile, CreateDirectoryW, WriteFile, ReadFile, GetLocalTime, DeleteFileW, GetCurrentProcessId, SetFileAttributesW, InterlockedDecrement, FindFirstFileW, GetFileAttributesW, FlushFileBuffers, FindClose, FindNextFileW, lstrlenW, GetQueuedCompletionStatus, RaiseException, InterlockedExchange, ResetEvent, GetExitCodeThread, PostQueuedCompletionStatus, GetSystemInfo, WaitForMultipleObjects, CreateIoCompletionPort, GetLogicalDriveStringsW, OpenProcess, GetSystemDirectoryW, ProcessIdToSessionId, QueryDosDeviceW, EncodePointer, DecodePointer, GetEnvironmentVariableW, GetCurrentThreadId, GetProcessHeap, GetTickCount, OutputDebugStringW, FindResourceExW, HeapFree, HeapAlloc, GlobalFree, MultiByteToWideChar, CreateThread, CreateEventW, GetLastError, TerminateThread, SetEvent, SetPriorityClass, WaitForSingleObject, Sleep, MoveFileExW, CloseHandle, GetProcAddress, GetModuleFileNameW, GetModuleHandleW, GetCurrentProcess, DeleteCriticalSection, LockResource, EnterCriticalSection, LeaveCriticalSection, GetVersionExW, SizeofResource, InitializeCriticalSectionAndSpinCount, InitializeCriticalSection, LoadResource, FindResourceW, GetStringTypeW, HeapDestroy, lstrlenA, WriteConsoleW, SetStdHandle, ReadConsoleW, HeapReAlloc, GetConsoleMode, HeapSize, GetCommandLineW, GetSystemTimeAsFileTime, IsDebuggerPresent, GetConsoleCP, SetFilePointerEx, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetFileType, GetStdHandle, GetModuleHandleExW, ExitProcess, GetOEMCP, GetACP, IsValidCodePage, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, GetStartupInfoW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, TerminateProcess, SetLastError, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCPInfo, RtlUnwind, LoadLibraryExW, ExitThread, IsProcessorFeaturePresent, InterlockedIncrement, GetModuleHandleA, LoadLibraryA, GetModuleFileNameA
ole32.dll
CoSetProxyBlanket, CoUninitialize, CoInitializeEx, CoInitialize, CoInitializeSecurity, CoCreateInstance
psapi.dll
EnumProcesses, EnumProcessModules, GetModuleFileNameExW
sensapi.dll
IsNetworkAlive
shell32.dll
SHGetFolderPathW, ShellExecuteExW, SHChangeNotify
shlwapi.dll
PathAppendW, SHDeleteKeyW, StrTrimW, StrChrW, StrCpyW, PathFindExtensionW, PathFindFileNameW, StrCmpIW, PathFileExistsW
user32.dll
wsprintfW
userenv.dll
DestroyEnvironmentBlock, CreateEnvironmentBlock
version.dll
VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
winhttp.dll
WinHttpQueryDataAvailable, WinHttpQueryHeaders, WinHttpOpenRequest, WinHttpConnect, WinHttpWriteData, WinHttpSendRequest, WinHttpGetIEProxyConfigForCurrentUser, WinHttpSetOption, WinHttpSetTimeouts, WinHttpReceiveResponse, WinHttpGetProxyForUrl, WinHttpCrackUrl, WinHttpReadData, WinHttpAddRequestHeaders, WinHttpOpen, WinHttpCloseHandle
wininet.dll
InternetCheckConnectionW, InternetOpenW, InternetOpenUrlW, HttpQueryInfoW, InternetCloseHandle, InternetCrackUrlW, InternetReadFile, InternetConnectW, HttpOpenRequestW, HttpAddRequestHeadersW, InternetSetOptionW, HttpSendRequestW

eGdpSvc.exe

Wsys Control by Banyan Tree Technology Limited (Signed)

Remove eGdpSvc.exe
Version:   1.0.0.2539
MD5:   640d75dc77f6d0cfe654f7ea5bfe1421
SHA1:   e57a50583700651988e3659c5c608b191ffe1dbe
SHA256:   f5a809d066d21365dff7d62434ee17a2b9ef43475c0e086ad76d226ef0f892a4
Warning 21 antivirus scanners has detected malware.

Overview

egdpsvc.exe is malware that runs as a service under the name WsysSvc (WsysSvc) with extensive SYSTEM privileges (full administrator access). The file is digitally signed by Banyan Tree Technology Limited which was issued by the GlobalSign nv-sa certificate authority (CA).

DetailsDetails

File name:egdpsvc.exe
Publisher:Wsys Co., Ltd.
Product name:Wsys Control
Description:Wsys Control 1.0.0.2539
Typical file path:C:\Documents and Settings\user\Application data\esafe\egdpsvc.exe
File version:1.0.0.2539
Size:377.06 KB (386,112 bytes)
Build date:7/4/2013 10:16 AM
Certificate
Issued to:Banyan Tree Technology Limited
Authority (CA):GlobalSign nv-sa
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • WsysSvc
  • 'WsysSvc' (Wsys Service)

MalwareMalware detections

Based on 40+ industry antivirus scanners, 21 of them detected the following malware.
Antivirus engineEngine versionDetection
Antiy Labs AVL 2.0.3.7 Trojan/Win32.Staser
AVG 13.0.0.3169 Generic34.BBYT
BitDefender 7.2 Adware.Generic.561930
Commtouch 5.4.1.7 W32/Clicker.GNDS-2449
Comodo Internet Security 17007 Application.Win32.Agent.~WY
Dr.Web 8.13.10.8 Adware.Mutabaha.15
Emsisoft Anti-Malware 3.0.0.589 Adware.Generic.561930 (B)
ESET NOD32 7.8851 a variant of Win32/ELEX.M
Fortinet 5.1.147.0 Adware/Agent
F-Prot v6.4.7.1.166 W32/Clicker.CI
F-Secure 11.0.19100.45 Adware.Generic.561930
G Data 13.10.22 Adware.Generic.561930
Kaspersky 9.0.0.837 Trojan.Win32.Staser.fv
Kingsoft 2013.4.9.267 Win32.Troj.Staser.fv.(kcloud)
Malwarebytes 1.75.0.1 Adware.Elex
McAfee 5.600.1067 PUP-FCT!640D75DC77F6
eScan by MicroWorld 12.0.250.0 Adware.Generic.561930
PC Tools 9.0.0.2 SecurityRisk.exqWebSearch
Vba32 AntiVirus 3.12.24.3 Trojan.Staser
VIPRE Antivirus 21884 Elex Installer (fs)
ViRobot 2011.4.7.4223 Trojan.Win32.S.Agent.386112

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00652981%
0.028634%
Kernel CPU:0.00464424%
0.013761%
User CPU:0.00188556%
0.014873%
Kernel CPU time:500 ms/min
100,923,805ms/min
Memory
Private memory:5.38 MB
21.59 MB
Private (maximum):8.49 MB
Private (minimum):7.09 MB
Non-paged memory:5.38 MB
21.59 MB
Virtual memory:52.14 MB
140.96 MB
Virtual memory (peak):57.08 MB
169.69 MB
Working set:8.47 MB
18.61 MB
Working set (peak):8.61 MB
37.95 MB
Resource allocations
Threads:12
12
Handles:176
600
GUI GDI count:4
103

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command line:"C:\Documents and Settings\user\Application data\esafe\egdpsvc.exe"
Owner:SYSTEM
Windows Service
Service name:WsysSvc
Display name:WsysSvc
Description:“Wsys update service”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 27.27%
Microsoft Windows XP 27.27%
Windows 7 Professional 27.27%
Windows 8 Pro 9.09%
Windows 8 9.09%

Distribution by countryDistribution by country

Brazil installs about 18.18% of Wsys Control.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
MSI 28.57%
American Megatrends 14.29%
Acer 14.29%
GIGABYTE 14.29%
Dell 14.29%
Hewlett-Packard 7.14%
Samsung 7.14%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE