winsys

Publisher Information

winsys is a software publisher located in Gangnam-gu, Seoul in Korea*. The company is a primary distributor of unwanted software. Thre are 2 additional code signing certificates issued to this publisher.
Remove winsys Malware - Powered by Reason Core Security
Authority:
Thawte, Inc.

Valid from:
8/3/2012 9:00:00 AM

Valid to:
8/4/2013 8:59:59 AM

Subject:
CN=winsys, O=winsys, L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0ed81ea1c6ad38aaf7d1d6b65e23e6f2

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.winsys.T, PUP.Startup.winsys.K, PUP.Startup.winsys.P, PUP.BHO.winsys.F, PUP.Task.winsys.J, PUP.Startup.winsys.O, PUP.winsys.Installer (M)
100.00%

AhnLab V3 Security
Win-PUP/Helper.WindoGuide.233032, PUP/Win32.WindViewer, PUP/Win32.WindoGuide, PUP/Win32.Addenbar
50.00%

Malwarebytes
Adware.KorAd
41.67%

Trend Micro House Call
ADW_KRADDARE, TROJ_GEN.F47V0330, TROJ_GEN.F47V0408
41.67%

ViRobot
Adware.Agent.233032, Adware.Agent.195136, Adware.Agent.87616, Trojan.Win32.Fosniw.Gen
33.33%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
33.33%

Dr.Web
Adware.Shopper.342
25.00%

Trend Micro
ADW_KRADDARE
25.00%

F-Prot
W32/Themida_Packed
25.00%

Bkav FE
W32.Clod1e6.Trojan, W32.Clodc85.Trojan
16.67%

1 / 68      (Adware)
lnkdo_uninstall.exe  (646daf6aa2450890d69d6ce5fd9bdc63)

2 / 68      (Adware)
windgdo_uninstall.exe  (9da6d68d444c64d307b17c3f6ed36ddb)

8 / 68      (Adware)
windgdotmp_351  (090109be314ca2f8ee8de5903794730f)

10 / 68    (Adware)
lnkdo.dll  (ec618363a2c49561f965faea4b0f7b95)

18 / 68    (Adware)
windgdo_uninstall.exe  (df093dd7b711842dc7da46778bd88863)

2 / 68      (Adware)
linkdoumiagent.exe  (c1f09ee0d63da28a2693f90de2ef0845)

2 / 68      (Adware)
linkdoumi.exe  (a55aa38c0fefdc81da16e7d1d73e7bbc)

3 / 68      (Adware)
wgbho.dll  (964a580efd6ddf5e693714db9a5d7df3)

3 / 68      (Adware)
wgbho.dll  (3c2ae688eca6b9cf464c2ff518e744e8)

6 / 68      (Adware)
windoguideagent.exe  (76047f3fa9343752d9ff0271ce5df9e6)

9 / 68      (Adware)
windoguide.exe  (ff3d83e858494f48fa16aae6d3905986)

13 / 68    (Adware)
setup_kid001_silent.exe  (4f144325add3e90259f008c513db722b)

The certificates below are also signed by winsys.

53E706A67C7D616DD8A05245E798A712  (Sep 04, 2013 to Sep 05, 2015)

2263D93DBFB27B138E40B4C84C6F627E  (Aug 07, 2013 to Sep 07, 2014)

The following publishers (by Authenticode signature organization name) are related.

Remove winsys Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to winsys by Thawte, Inc. on August 03, 2012 with the serial number '0ed81ea1c6ad38aaf7d1d6b65e23e6f2'.