I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Is the file EGDPSVC.EXE located on your computer? Then your computer is infected.
We do suggest you should remove EGDPSVC.EXE from your computer as soon as possible.
EGDPSVC.EXE is Trojan/Backdoor.
Kill the process EGDPSVC.EXE and remove EGDPSVC.EXE from the Windows startup.

Malware Analysis of EGDPSVC.EXE
Full path on a computer: %Common Appdata%\eSafe\eGdpSvc.exe

Detected by UnHackMe:

Default location: %Common Appdata%\eSafe\eGdpSvc.exe

Removal Results: Success
Number of reboot: 1

EGDPSVC.EXE is known as:

Trojan.AMN (A), Win32.DH{AB41DCcoXSA}

Will you remove it?
0 0

Download Removal Tool for Free

People say

Visitor post


  • MD5: f31572c8035eeb5cfecfe406925ebadd
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect EGDPSVC.EXE presence?

  • HKLM\System\CurrentControlSet\Services\desksvc\ImagePath: “%Program Files%\Desk 365\deskSvc.exe”
  • HKLM\System\CurrentControlSet\Services\desksvc\DisplayName: “Desk 365 service”
  • HKLM\System\CurrentControlSet\Services\desksvc\Group: “SchedulerGroup”
  • HKLM\System\CurrentControlSet\Services\desksvc\ObjectName: “LocalSystem”
  • HKLM\System\CurrentControlSet\Services\desksvc\Description: “Desk 365 service”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\ImagePath: “%Common Appdata%\eSafe\eGdpSvc.exe”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\DisplayName: “eSafe Service”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\Group: “SchedulerGroup”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\ObjectName: “LocalSystem”
  • HKLM\System\CurrentControlSet\Services\eSafeSvc\Description: “System eSafe update service”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Desk 365: “”%Program Files%\Desk 365\desk365.exe” /autorun”
  • HKLM\Software\Clients\StartMenuInternet\chrome.exe\shell\open\command\: “”%Local Appdata%\Google\Chrome\Application\chrome.exe”″
  • HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\: “%Program Files%\Mozilla Firefox\firefox.exe″
  • HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command\: “”%Local Appdata%\Google\Chrome\Application\chrome.exe”″
  • HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\: “%Program Files%\Internet Explorer\iexplore.exe″
  • HKLM\Software\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command\: “”%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe”″
  • HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sources: ‘WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSSetup VSS vmtools VBRuntime Userinit Userenv TPVCGateway Tlntsvr System.ServiceModel System.Runtime.Serialization System.IO.Log System.IdentityModel SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge Microsoft H.323 Telephony Service Provider Microsoft (R) Visual C# 2005 Compiler LoadPerf HelpSvc Folder Redirection File Deployment EventSystem ESENT eSafeSvc DrWatson Dot3Svc DiskQuota desksvc crypt32 COM+ COM Ci Chkdsk CardSpace AutoEnrollment Autochk ASP.NET 4.0.30319.0 ASP.NET 2.0.50727.0 Application Management Application Hang Application Error .NET Runtime Optimization Service .NET Runtime 4.0 Error Reporting .NET Runtime 2.0 Error Reporting .NET Runtime Application’
  • %Appdata%\Desk 365
  • %Appdata%\eIntaller
  • %Temp%\Desk365
  • %Temp%\Desk365\eInstall
  • %Common Appdata%\eSafe
  • %Common Startmenu%\Programs\Desk 365
  • %Program Files Common%\337
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\Config.ini
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\Desk365.exe
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\eGdpSvc.exe
  • %Appdata%\eIntaller\ADBBDE5F4EEF4d7286D6A4CCBFA75094\eXQ.exe
  • %Temp%\Desk365\Desk_365\Desk365.exe
  • %Temp%\Desk365\Desk_365\DeskSvc.exe
  • %Temp%\Desk365\Desk_365\ebase.dll
  • %Temp%\Desk365\Desk_365\edeskcmn.dll
  • %Temp%\Desk365\Desk_365\eDhelper.exe
  • %Temp%\Desk365\Desk_365\eDhelper64.exe
  • %Temp%\Desk365\Desk_365\edis.dll
  • %Temp%\Desk365\Desk_365\edis64.dll
  • %Temp%\Desk365\Desk_365\ElexDbg.dll
  • %Temp%\Desk365\Desk_365\eUninstall.exe
  • %Sendto%\Desk 365.lnk
  • %Common Appdata%\eSafe\eGdpSvc.exe
  • %Common Startmenu%\Programs\Desk 365\Desk 365.lnk
  • %Common Startmenu%\Programs\Desk 365\eUninstall.lnk
  • C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat
  • %Program Files%\Mozilla Firefox\searchplugins\portaldosites.xml
  • %Program Files%\Desk 365\desk365.exe
  • %Program Files%\Desk 365\deskSvc.exe
  • %WinDir%\Fonts\segoeui.ttf
  • %WinDir%\Fonts\segoeuib.ttf
  • %SysDir%\msvcp100.dll
  • %SysDir%\msvcr100.dll

I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.

STEP 1: Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

STEP 2: Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed the first Scan will start automatically

Review the detected threats

STEP 3: Carefully review the detected threats!

Click Remove button or False Positive.


7 votes, average: 5.00 out of 57 votes, average: 5.00 out of 57 votes, average: 5.00 out of 57 votes, average: 5.00 out of 57 votes, average: 5.00 out of 5 (7 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.