» protectservice.exe
Overview
Analysis
File Details
Behaviors (1)

protectservice.exe

XTab

Giner Tech Inc

The application protectservice.exe by Giner Tech Inc has been detected as adware by 20 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “IHProtect Service”. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.

File name:

protectservice.exe

Publisher:

XTab system (signed by Giner Tech Inc)

Product:

XTab

Description:

ProtectSvc.exe

Version:

4.0.1.1716

MD5:

03b3ab64fe8d2627fdab1f79422a722f

SHA-1:

9b0a54fc2156e4c864d3d33c4fa181de2b177162

SHA-256:

bff85ec95c0e7c5e484dca6db22e47be6d74ef25cc4e87d1c19539e6349885c1

Scanner detections:

20 / 68

Status:

Adware

Analysis date:

6/19/2025 3:00:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SearchProtect.W

700

AhnLab V3 Security

PUP/Win32.SearchProtect

2015.03.11

Avira AntiVirus

PUA/SearchProtect.EH

7.11.215.206

AVG

Generic

2016.0.3175

Baidu Antivirus

PUA.Win32.ELEX

4.0.3.1536

Bitdefender

Adware.SearchProtect.W

1.0.20.325

Bkav FE

W32.HfsAdware

1.3.0.6379

Emsisoft Anti-Malware

Adware.SearchProtect.W

8.15.03.06.03

ESET NOD32

Win32/ELEX.BM potentially unwanted

9.11268

F-Secure

Adware.SearchProtect.W

11.2015-06-03_6

G Data

Adware.SearchProtect

15.3.25

K7 AntiVirus

Trojan

13.200.15187

Malwarebytes

PUP.Optional.XTab.A

v2015.03.06.03

MicroWorld eScan

Adware.SearchProtect.W

16.0.0.195

nProtect

Adware.SearchProtect.W

15.03.06.01

Reason Heuristics

PUP.Service.Thinknice

15.3.11.17

Sophos

Generic PUA BP

4.98

Vba32 AntiVirus

AdWare.SearchProtect

3.12.26.3

VIPRE Antivirus

Threat.5063632

37788

Zillya! Antivirus

Adware.SearchProtect.Win32.20

2.0.0.2090

File size:

155.1 KB (158,848 bytes)

Product version:

4.0.1.1716

Original file name:

ProtectSvc.exe

File type:

Executable application (Win32 EXE)

Language:

Chinees (Vereenvoudigd, China)

Common path:

C:\Program Files\xtab\protectservice.exe

Digital Signature

Signed by:

Giner Tech Inc

Authority:

GlobalSign nv-sa

Valid from:

12/1/2014 5:23:38 AM

Valid to:

12/2/2015 5:23:38 AM

Subject:

CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112199DB8C96B8094D068EB2A83A0074BF32

File PE Metadata

Compilation timestamp:

1/15/2015 7:18:11 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:VUBSk9KzH+b1qXoa9tAy+B9KCGWm0GxIr1DCD4xeEVm+:VUBSjXoa7+BACGW5GxQZCDx69

Entry address:

0x18D5A

Entry point:

E8, C2, 03, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 44, B3, 41, 00, 6A, 0C, 68, 00, D3, 41, 00, E8, 5A, 01, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7, 8B, 75, 08, 03, F0, 89, 75, 08, 83, 65, FC, 00, 4F, 89, 7D, 10, 78, 0C, 2B, F3, 89, 75, 08, 8B, CE, FF, 55, 14, EB, EE, 33, C0, 40, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 14, 00, 00, 00, E8, 5B, 01, 00, 00, C2, 10, 00, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, 45, E4, 85, C0, 75, 0B, FF, 75, 14, 57, 53, 56, E8, 01, 00, 00, 00, C3, 6A... 
[+]

Code size:

103.5 KB (105,984 bytes)

Service

Display name:

IHProtect Service

Type:

Win32OwnProcess

Remove protectservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.