home

ezwatch64.sys

EzBackup File Watcher Driver

Data Protection Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The file ezwatch64.sys by Data Protection Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Data Protection Solutions by Arco  (signed by Data Protection Solutions)

Product:
EzBackup File Watcher Driver

Description:
EzWatch Driver

Version:
1, 0, 0, 59

MD5:
f9a7fd03c6727c2c3d0bfd79f5a2ee2a

SHA-1:
8e01547f34ad8d1e97b14160c7b139f0709126d1

SHA-256:
90b1fe228d65ca5fff7d533bd5732b2641f00630587182b04cbbe6bfadecf7e3

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 11:30:00 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt.DataProt (M)
16.5.24.19

File size:
85.2 KB (87,288 bytes)

Product version:
1, 0, 0, 59

Copyright:
Copyright (C) 2001-2010

Trademarks:
EzBackup

Original file name:
EzWatch.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Program Files\dps\ezbackup 5.0\system32\x64\ezwatch64.sys

Digital Signature
Signed by:
Data Protection Solutions

Authority:
VeriSign, Inc.

Valid from:
7/13/2011 8:00:00 AM

Valid to:
6/2/2012 7:59:59 AM

Subject:
CN=Data Protection Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Data Protection Solutions, L=Hollywood, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44EB7C831EAB6F108628776BD16D247B

File PE Metadata
Compilation timestamp:
3/7/2012 1:29:34 AM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
1536:W9E9kT7qbNFsFmXXDukZD0tBc2vc2wVfreZ5uLMsq99oR/:Z92mDuk90LU59eZ5uU99oh

Entry address:
0x16224

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, CE, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 50, 61, 73, 73, 54, 68, 72, 6F, 75, 67, 68, 21, 44, 72, 69, 76, 65, 72, 45, 6E, 74, 72, 79, 3A, 20, 45, 6E, 74, 65, 72, 65, 64, 0A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 63, 3A, 5C, 70, 72, 6F, 6A, 65, 63, 74, 73, 5C, 64, 72, 69, 76, 65, 72, 73, 5C, 65, 7A, 73, 70, 79, 5C, 73, 79, 73, 5C, 65, 7A, 73, 70, 79, 2E...
 
[+]

Entropy:
5.8233

Code size:
69.5 KB (71,168 bytes)

Remove ezwatch64.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.