home

protectservice.exe

XTab

Giner Tech Inc

The application protectservice.exe by Giner Tech Inc has been detected as adware by 28 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “IHProtect Service”. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
XTab system  (signed by Giner Tech Inc)

Product:
XTab

Description:
ProtectSvc.exe

Version:
4.0.1.2072

MD5:
1ee51bb92d9705e16b6aca5a8ccdd49d

SHA-1:
e03227337c5160fd5fb0f30577663d728f21deaf

SHA-256:
ba9e7a1bd04928e3a86e7be4bcfa287db2f334833839f4598a6f872df26cf231

Scanner detections:
28 / 68

Status:
Adware

Analysis date:
11/30/2024 8:55:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SearchProtect.W
659

AhnLab V3 Security
PUP/Win32.SearchProtect
2015.04.24

Avira AntiVirus
PUA/SearchProtect.Gen
3.6.1.96

AVG
Generic
2016.0.3137

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.15416

Bitdefender
Adware.SearchProtect.W
1.0.20.530

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.266
9.0.1.0106

Emsisoft Anti-Malware
Adware.SearchProtect.W
8.15.04.16.04

ESET NOD32
Win32/ELEX.BM potentially unwanted
9.11525

Fortinet FortiGate
Riskware/Elex
4/16/2015

F-Prot
W32/SearchProtect.C.gen
v6.4.7.1.166

F-Secure
Adware.SearchProtect.W
11.2015-16-04_5

G Data
Adware.SearchProtect
15.4.25

K7 AntiVirus
Trojan
13.202.15594

Malwarebytes
PUP.Optional.XTab.A
v2015.04.16.04

McAfee
Artemis!B9A70A43F46F
5600.6793

MicroWorld eScan
Adware.SearchProtect.W
16.0.0.318

NANO AntiVirus
Riskware.Win32.SearchProtect.dpvtwk
0.30.16.1110

nProtect
Adware.SearchProtect.W
15.04.14.01

Panda Antivirus
Trj/Genetic.gen
15.07.18.08

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Thinknice.GinerTech
15.4.16.12

Sophos
Generic PUA KF
4.98

Trend Micro House Call
Suspicious_GEN.F47V0402
7.2.106

Vba32 AntiVirus
AdWare.SearchProtect
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38994

Zillya! Antivirus
Adware.SearchProtect.Win32.20
2.0.0.2139

File size:
155.1 KB (158,816 bytes)

Product version:
4.0.1.2072

Copyright:
Copyright (C) 2014

Original file name:
ProtectSvc.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\xtab\protectservice.exe

Digital Signature
Signed by:
Giner Tech Inc

Authority:
GlobalSign nv-sa

Valid from:
3/24/2015 2:10:38 PM

Valid to:
12/2/2015 9:53:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112167537F02B71858D5AA3FC5D6CBB4265C

File PE Metadata
Compilation timestamp:
4/10/2015 4:53:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:bUBSk9KzH+b1qXoa9tAy+B9KCGWm0GxIH1LCD4xeyLD:bUBSjXoa7+BACGW5Gxk5CDxWD

Entry address:
0x18D5A

Entry point:
E8, C2, 03, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 44, B3, 41, 00, 6A, 0C, 68, 00, D3, 41, 00, E8, 5A, 01, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7, 8B, 75, 08, 03, F0, 89, 75, 08, 83, 65, FC, 00, 4F, 89, 7D, 10, 78, 0C, 2B, F3, 89, 75, 08, 8B, CE, FF, 55, 14, EB, EE, 33, C0, 40, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 14, 00, 00, 00, E8, 5B, 01, 00, 00, C2, 10, 00, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, 45, E4, 85, C0, 75, 0B, FF, 75, 14, 57, 53, 56, E8, 01, 00, 00, 00, C3, 6A...
 
[+]

Entropy:
6.2507

Code size:
103.5 KB (105,984 bytes)

Service
Display name:
IHProtect Service

Type:
Win32OwnProcess


Remove protectservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.