Welcome! Just a short note on a publisher called Giner Tech Inc. Did you find some processes called HPNotify.exe, CmdShell.exe or ProtectService.exe, located in folder called XTab, running in the Windows Task Manager?

You can view the digital signature for a file by looking at a file’s properties in Windows Explorer. Here’s a screenshot of the Giner Tech Inc certificate embedded in the CmdShell.exe file:

Giner Tech Inc seems to be located in Wilmington, Delaware, US according to the certificate.

So what’s VirusTotal‘s view on the Giner Tech Inc files? Avira detects ProtectService.exe as PUA/SearchProtect.EH, Baidu-International reports PUA.Win32.ELEX.BM, K7GW calls it Trojan ( 004b5c571 ), Malwarebytes classifies it as PUP.Optional.XTab.A and Sophos detects it as Generic PUA JL. The detection rate is 46%.

Hope that helped you figure out what those files are about. Thank you for reading.