winsys

Publisher Information

winsys is a software publisher located in Gangnam-gu, Seoul in Korea*. The company is a primary distributor of unwanted software. Thre are 2 additional code signing certificates issued to this publisher.
Remove winsys Malware - Powered by Reason Core Security
Authority:
Thawte, Inc.

Valid from:
9/4/2013 9:00:00 AM

Valid to:
9/5/2015 8:59:59 AM

Subject:
CN=winsys, OU=Dev. Team, O=winsys, L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
53e706a67c7d616dd8a05245e798a712

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.winsys.F, PUP.winsys.R, PUP.BHO.winsys.H, PUP.Task.winsys.I, PUP.Installer.winsys.I, PUP.winsys.H, PUP.Installer.winsys.J, PUP.winsys.P, PUP.winsys (M)
100.00%

F-Prot
W32/Themida_Packed
70.00%

VIPRE Antivirus
Backdoor.Win32.Ircbot.gen, Threat.4412848, Backdoor.Graybird
50.00%

ESET NOD32
Generik.IVAGLZN (variant), Win32/AdWare.KeywordFind (variant)
46.67%

Trend Micro House Call
TROJ_GEN.F47V0114, TROJ_GEN.F47V1028, TROJ_GEN.F47V0416, TROJ_GEN.F47V0125, Suspicious_GEN.F47V0801, Suspicious_GEN.F47V0730
43.33%

AhnLab V3 Security
PUP/Win32.WindoGuide, PUP/Win32.Helper, PUP/Win32.Addenbar, PUP/Win32.Addendum, PUP/Win32.WindViewer
40.00%

IKARUS anti.virus
Trojan.Win32.Spy, Win32.SuspectCrc
36.67%

Comodo Security
UnclassifiedMalware, ApplicUnwnt, TrojWare.Win32.Agent.~v010
33.33%

McAfee
Artemis!ADAE25AB2AD9, Artemis!553C101075B9, Artemis!7EDFD3B969F3, Artemis!4B014DBAC755, Artemis!C5F50BAAC550, Artemis!7D5D278E4615, Artemis!7FC10C2D2A57
30.00%

Avira AntiVirus
TR/Spy.889936, TR/Spy.1117256, TR/Crypt.TPM.8986, TR/Crypt.TPM.Gen, Adware/KeywordFind.974896, Adware/KeywordFind.926256
30.00%

1 / 68      (Adware)
windgdoj.dll  (ed6f2cc5f39078fa50bedc7d49f984f3)

1 / 68      (Adware)
windgdoj.dll  (97056d787a3c124f2e6c16100eafe6a5)

1 / 68      (Adware)
windgdo.dll  (a9cd0e7fb50195abb7889cf8dc2ae9a4)

1 / 68      (Adware)
windgdoj.dll  (20f414871d547d11d4d61dcfc6f3fa7b)

7 / 68      (Adware)
windgdotmp3_8027  (88d0cfac77ad5d01e05da0cbf3d11770)

16 / 68    (Adware)
windgdotm4_217  (7fc10c2d2a577e558b6665f4d9fa578b)

7 / 68      (Adware)
windgdotmp3_1911  (332a4d83e797e5c06d9f55ac2cb6bd06)

19 / 68    (Adware)
setup_wdg.exe  (06abd694f5a55a5b15ea92f693fb553d)

26 / 68    (Adware)
windgdo_uninstall.exe  (0d18883e175635551ece3dc9ff9f5371)

20 / 68    (Adware)
windgdotmp_1692  (7d5d278e46151e036bdee09d523adfb3)

19 / 68    (Adware)
windgdotm7_1692  (c5f50baac5503cc04607595a488a9d3c)

18 / 68    (Adware)
windgdotm4_1692  (4b014dbac7553fb08fc7e797fb322ce9)

5 / 68      (Adware)
windgdo.dll  (b3a6f7dad47f78be1959a3c1ee57a96f)

4 / 68      (Adware)
setup_wdg.exe  (0788dec4760911ada4a910a0a087a45e)

8 / 68      (Adware)
windgdotmp_8611  (5530148c25f11066eff6d605ba42dca4)

11 / 68    (Adware)
windgdo_uninstall.exe  (e930cac9d6cec7ca84aaee59ea4ef821)

8 / 68      (Adware)
windgdo.dll  (7edfd3b969f318fb7c8191c20dfc6287)

5 / 68      (Adware)
setup_wdg.exe  (7222242324c0a0322b8176d21d097ecb)

6 / 68      (Adware)
windgdo.dll  (7aeeeeb63996ec6cdc40476bbe1973da)

7 / 68      (Adware)
windgdou.dll  (21cea6606ca3460c3cbf51e2c62adbad)

4 / 68      (Adware)
setup_wdg.exe  (7c03b232db1523369cd7a7a39c23937b)

7 / 68      (Adware)
setup_wdg.exe  (30601477a0b3bab4d3d7a98cd3461fb9)

5 / 68      (Adware)
windgdo.dll  (cda9869eae8d4ad900c22d4ffa82e4ba)

1 / 68      (Adware)
setup_up.exe  (d2e1f35c6dc0231d835a12ec89afadb7)

13 / 68    (Adware)
windgdo_uninstall.exe  (8e0969302525e2f4d59ba0a66ce4e573)

13 / 68    (Adware)
windgdo_uninstall.exe  (78ee3ecfe0123f8287c9a0bc49728235)

2 / 68      (Adware)
windgdou.dll  (4cd5802db88027e98da272ffceb56508)

18 / 68    (Adware)
windgdo.dll  (553c101075b9f615dcebf26fcec7133a)

17 / 68    (Adware)
windgdo_uninstall.exe  (adae25ab2ad90b72b7c00bf79cfee09a)

5 / 68      (Adware)
setup.exe  (2fc9352962360695f0c28acec7a2b453)

 
Latest 30 of 30 files

The certificates below are also signed by winsys.

2263D93DBFB27B138E40B4C84C6F627E  (Aug 07, 2013 to Sep 07, 2014)

0ED81EA1C6AD38AAF7D1D6B65E23E6F2  (Aug 03, 2012 to Aug 04, 2013)

The following publishers (by Authenticode signature organization name) are related.

Remove winsys Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to winsys by Thawte, Inc. on September 04, 2013 with the serial number '53e706a67c7d616dd8a05245e798a712'.