EGDPSVC.EXE is Trojan AMN (A)

Is the file EGDPSVC.EXE located on your computer? Then your computer is infected.
We do suggest you should remove EGDPSVC.EXE from your computer as soon as possible.
EGDPSVC.EXE is Trojan/Backdoor.
Kill the process EGDPSVC.EXE and remove EGDPSVC.EXE from the Windows startup.

Malware Analysis of EGDPSVC.EXE
Full path on a computer: %Common Appdata%\eSafe\eGdpSvc.exe

Detected by UnHackMe:

EGDPSVC.EXE
Default location: %Common Appdata%\eSafe\eGdpSvc.exe

Removal Results: Success
Number of reboot: 1

EGDPSVC.EXE is known as:

Trojan.AMN (A), Win32.DH{AB41DCcoXSA}

EGDPSVC.EXE hash:

  • MD5: f31572c8035eeb5cfecfe406925ebadd
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect EGDPSVC.EXE presence?

Registry:
  • HKLM\System\CurrentControlSet\Services\desksvc\ImagePath: “%Program Files%\Desk 365\deskSvc.exe”
  • HKLM\System\CurrentControlSet\Services\desksvc\DisplayName: “Desk 365 service”
  • HKLM\System\CurrentControlSet\Services\desksvc\Group: “SchedulerGroup”
  • HKLM\System\CurrentControlSet\Services\desksvc\ObjectName: “LocalSystem”
  • HKLM\System\CurrentControlSet\Services\desksvc\Description: “Desk 365 service”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\ImagePath: “%Common Appdata%\eSafe\eGdpSvc.exe”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\DisplayName: “eSafe Service”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\Group: “SchedulerGroup”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\ObjectName: “LocalSystem”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\Description: “System eSafe update service”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Desk 365: “”%Program Files%\Desk 365\desk365.exe” /autorun”
  • HKLM\Software\Clients\StartMenuInternet\chrome.exe\shell\open\command\: “”%Local Appdata%\Google\Chrome\Application\chrome.exe” http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1367382575″
  • HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “%Program Files%\Mozilla Firefox\firefox.exe http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1367382575″
  • HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Local Appdata%\Google\Chrome\Application\chrome.exe” http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1367382575″
  • HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1367382575″
  • HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe” http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1367382575″
  • HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sources: ‘WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSSetup VSS vmtools VBRuntime Userinit Userenv TPVCGateway Tlntsvr System.ServiceModel 4.0.0.0 System.Runtime.Serialization 4.0.0.0 System.IO.Log 4.0.0.0 System.IdentityModel 4.0.0.0 SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 4.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 4.0.0.0 Microsoft H.323 Telephony Service Provider Microsoft (R) Visual C# 2005 Compiler LoadPerf HelpSvc Folder Redirection File Deployment EventSystem ESENT eSafeSvc DrWatson Dot3Svc DiskQuota desksvc crypt32 COM+ COM Ci Chkdsk CardSpace 4.0.0.0 AutoEnrollment Autochk ASP.NET 4.0.30319.0 ASP.NET 2.0.50727.0 Application Management Application Hang Application Error .NET Runtime Optimization Service .NET Runtime 4.0 Error Reporting .NET Runtime 2.0 Error Reporting .NET Runtime Application’
Folders:
  • %Appdata%\Desk 365
  • %Appdata%\eIntaller
  • %Temp%\Desk365
  • %Temp%\Desk365\eInstall
  • %Common Appdata%\eSafe
  • %Common Startmenu%\Programs\Desk 365
  • %Program Files Common%\337
Files:
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\Config.ini
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\Desk365.exe
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\eGdpSvc.exe
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\eXQ.exe
  • %Temp%\Desk365\Desk_365\Desk365.exe
  • %Temp%\Desk365\Desk_365\DeskSvc.exe
  • %Temp%\Desk365\Desk_365\ebase.dll
  • %Temp%\Desk365\Desk_365\edeskcmn.dll
  • %Temp%\Desk365\Desk_365\eDhelper.exe
  • %Temp%\Desk365\Desk_365\eDhelper64.exe
  • %Temp%\Desk365\Desk_365\edis.dll
  • %Temp%\Desk365\Desk_365\edis64.dll
  • %Temp%\Desk365\Desk_365\ElexDbg.dll
  • %Temp%\Desk365\Desk_365\eUninstall.exe
  • %Sendto%\Desk 365.lnk
  • %Common Appdata%\eSafe\eGdpSvc.exe
  • %Common Startmenu%\Programs\Desk 365\Desk 365.lnk
  • %Common Startmenu%\Programs\Desk 365\eUninstall.lnk
  • C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat
  • %Program Files%\Mozilla Firefox\searchplugins\portaldosites.xml
  • %Program Files%\Desk 365\desk365.exe
  • %Program Files%\Desk 365\deskSvc.exe
  • %WinDir%\Fonts\segoeui.ttf
  • %WinDir%\Fonts\segoeuib.ttf
  • %SysDir%\msvcp100.dll
  • %SysDir%\msvcr100.dll

Fix it immediately!

Free Download

UnHackMe removes malware invisible for your antivirus!

Leave a Reply