Dmitry Sokolov recommends UnHackMe!

UnHackMe quickly removes pop-up ads, search redirecting, browser hijack, spyware, keyloggers, PC slowdown issues. Download Now!

Download free e-book [PDF]: "How to Easily Remove Malware with UnHackMe"

Join us on Facebook
Click to Download
Solved! The issue has been fixed!
5 Stars (5 / 5)

Share This:

Is the file EGDPSVC.EXE located on your computer? Then your computer is infected.
We do suggest you should remove EGDPSVC.EXE from your computer as soon as possible.
EGDPSVC.EXE is Trojan/Backdoor.
Kill the process EGDPSVC.EXE and remove EGDPSVC.EXE from the Windows startup.

Malware Analysis of EGDPSVC.EXE
Full path on a computer: %Common Appdata%\eSafe\eGdpSvc.exe

Detected by UnHackMe:

Default location: %Common Appdata%\eSafe\eGdpSvc.exe

Your Vote?
0 0

Removal Results: Success
Number of reboot: 1

EGDPSVC.EXE is known as:

Trojan.AMN (A), Win32.DH{AB41DCcoXSA}


  • MD5: f31572c8035eeb5cfecfe406925ebadd
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect EGDPSVC.EXE presence?

  • HKLM\System\CurrentControlSet\Services\desksvc\ImagePath: “%Program Files%\Desk 365\deskSvc.exe”
  • HKLM\System\CurrentControlSet\Services\desksvc\DisplayName: “Desk 365 service”
  • HKLM\System\CurrentControlSet\Services\desksvc\Group: “SchedulerGroup”
  • HKLM\System\CurrentControlSet\Services\desksvc\ObjectName: “LocalSystem”
  • HKLM\System\CurrentControlSet\Services\desksvc\Description: “Desk 365 service”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\ImagePath: “%Common Appdata%\eSafe\eGdpSvc.exe”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\DisplayName: “eSafe Service”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\Group: “SchedulerGroup”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\ObjectName: “LocalSystem”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\Description: “System eSafe update service”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Desk 365: “”%Program Files%\Desk 365\desk365.exe” /autorun”
  • HKLM\Software\Clients\StartMenuInternet\chrome.exe\shell\open\command\: “”%Local Appdata%\Google\Chrome\Application\chrome.exe”″
  • HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “%Program Files%\Mozilla Firefox\firefox.exe″
  • HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Local Appdata%\Google\Chrome\Application\chrome.exe”″
  • HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe″
  • HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe”″
  • HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sources: ‘WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSSetup VSS vmtools VBRuntime Userinit Userenv TPVCGateway Tlntsvr System.ServiceModel System.Runtime.Serialization System.IO.Log System.IdentityModel SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge Microsoft H.323 Telephony Service Provider Microsoft (R) Visual C# 2005 Compiler LoadPerf HelpSvc Folder Redirection File Deployment EventSystem ESENT eSafeSvc DrWatson Dot3Svc DiskQuota desksvc crypt32 COM+ COM Ci Chkdsk CardSpace AutoEnrollment Autochk ASP.NET 4.0.30319.0 ASP.NET 2.0.50727.0 Application Management Application Hang Application Error .NET Runtime Optimization Service .NET Runtime 4.0 Error Reporting .NET Runtime 2.0 Error Reporting .NET Runtime Application’
  • %Appdata%\Desk 365
  • %Appdata%\eIntaller
  • %Temp%\Desk365
  • %Temp%\Desk365\eInstall
  • %Common Appdata%\eSafe
  • %Common Startmenu%\Programs\Desk 365
  • %Program Files Common%\337
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\Config.ini
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\Desk365.exe
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\eGdpSvc.exe
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\eXQ.exe
  • %Temp%\Desk365\Desk_365\Desk365.exe
  • %Temp%\Desk365\Desk_365\DeskSvc.exe
  • %Temp%\Desk365\Desk_365\ebase.dll
  • %Temp%\Desk365\Desk_365\edeskcmn.dll
  • %Temp%\Desk365\Desk_365\eDhelper.exe
  • %Temp%\Desk365\Desk_365\eDhelper64.exe
  • %Temp%\Desk365\Desk_365\edis.dll
  • %Temp%\Desk365\Desk_365\edis64.dll
  • %Temp%\Desk365\Desk_365\ElexDbg.dll
  • %Temp%\Desk365\Desk_365\eUninstall.exe
  • %Sendto%\Desk 365.lnk
  • %Common Appdata%\eSafe\eGdpSvc.exe
  • %Common Startmenu%\Programs\Desk 365\Desk 365.lnk
  • %Common Startmenu%\Programs\Desk 365\eUninstall.lnk
  • C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat
  • %Program Files%\Mozilla Firefox\searchplugins\portaldosites.xml
  • %Program Files%\Desk 365\desk365.exe
  • %Program Files%\Desk 365\deskSvc.exe
  • %WinDir%\Fonts\segoeui.ttf
  • %WinDir%\Fonts\segoeuib.ttf
  • %SysDir%\msvcp100.dll
  • %SysDir%\msvcr100.dll

1. Download UnHackMe free 30-day version

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

2. Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed has installed the first Scan will start automatically

Review the detected threats

3. Carefully review the detected threats!

Click Remove button or False Positive.

What to do if you are unable to solve a problem?

UnHackMe Remote Assistant
  1. Open UnHackMe main screen.
  2. Click on a Remote Assistant button.
  3. Follow instructions on a screen.
  4. We will contact you and send a solution of your problem.
  5. Remote assistance is free during trial period.


Dmitry Sokolov - author of UnHackMe