protectservice.exe

XTab

Giner Tech Inc

The application protectservice.exe by Giner Tech Inc has been detected as adware by 36 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “IHProtect Service”. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
XTab system  (signed by Giner Tech Inc)

Product:
XTab

Description:
ProtectSvc.exe

Version:
4.0.1.2349

MD5:
1a2bcd1b0cca7a0544bc9ac8a9e72c5a

SHA-1:
4f04b6275c7af06cd5a46d3715f4c06c277eae5b

SHA-256:
7f1947165724453c46e888465c9807001177e8c0f8d3d837237a28ced52bef4d

Scanner detections:
36 / 68

Status:
Adware

Analysis date:
12/28/2024 11:45:02 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SearchProtect.W
634

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.SearchProtect
2015.05.11

Avira AntiVirus
PUA/SearchProtect.Gen
3.6.1.96

AVG
Generic
2016.0.3112

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.15512

Bitdefender
Adware.SearchProtect.W
1.0.20.660

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.333
9.0.1.0132

Emsisoft Anti-Malware
Adware.SearchProtect.W
8.15.05.12.07

ESET NOD32
Win32/ELEX.BM potentially unwanted
9.11607

Fortinet FortiGate
W32/ELEX.BM
5/12/2015

F-Prot
W32/SearchProtect.C.gen
v6.4.7.1.166

F-Secure
Adware.SearchProtect.W
11.2015-12-05_3

G Data
Adware.SearchProtect
15.5.25

K7 AntiVirus
Unwanted-Program
13.203.15866

Kaspersky
not-a-virus:AdWare.Win32.SearchProtect
14.0.0.2054

Malwarebytes
PUP.Optional.XTab.A
v2015.05.12.07

McAfee
Artemis!5D19EABE1A5C
5600.6768

MicroWorld eScan
Adware.SearchProtect.W
16.0.0.396

NANO AntiVirus
Riskware.Win32.SearchProtect.dpvtwk
0.30.24.1357

nProtect
Adware.SearchProtect.W
15.05.08.01

Panda Antivirus
Trj/Genetic.gen
15.05.12.07

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Thinknice.GinerTech
15.5.12.3

Sophos
SearchProtect
4.98

Trend Micro House Call
Suspicious_GEN.F47V0420
7.2.132

Vba32 AntiVirus
AdWare.SearchProtect
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
39628

Zillya! Antivirus
Adware.SearchProtect.Win32.20
2.0.0.2174

File size:
155.1 KB (158,816 bytes)

Product version:
4.0.1.2349

Copyright:
Copyright (C) 2014

Original file name:
ProtectSvc.exe

File type:
Executable application (Win32 EXE)

Language:
Chinees (Vereenvoudigd, China)

Common path:
C:\Program Files\xtab\protectservice.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
4/20/2015 4:43:22 AM

Valid to:
12/2/2015 5:23:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112186B135D0152CD8EA8D04B67D2A0CCF34

File PE Metadata
Compilation timestamp:
5/8/2015 8:54:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:mUBSk9KzH+b1qXoa9tAy+B9KCGWm0GxIr10CD4xePOK:mUBSjXoa7+BACGW5GxIWCDxGK

Entry address:
0x18D5A

Entry point:
E8, C2, 03, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 44, B3, 41, 00, 6A, 0C, 68, 00, D3, 41, 00, E8, 5A, 01, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7, 8B, 75, 08, 03, F0, 89, 75, 08, 83, 65, FC, 00, 4F, 89, 7D, 10, 78, 0C, 2B, F3, 89, 75, 08, 8B, CE, FF, 55, 14, EB, EE, 33, C0, 40, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 14, 00, 00, 00, E8, 5B, 01, 00, 00, C2, 10, 00, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, 45, E4, 85, C0, 75, 0B, FF, 75, 14, 57, 53, 56, E8, 01, 00, 00, 00, C3, 6A...
 
[+]

Code size:
103.5 KB (105,984 bytes)

Service
Display name:
IHProtect Service

Type:
Win32OwnProcess


Remove protectservice.exe - Powered by Reason Core Security