Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

2,6,1694,246 20.00%
2,6,1694,246 36.00%
2,6,1694,246 4.00%
2,6,1673,238 36.00%
2,6,1673,238 4.00%

Relationships

Parent process
Child process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
GetAclInformation, RegEnumValueW, CreateServiceW, ChangeServiceConfig2W, StartServiceW, ControlService, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, RegQueryInfoKeyW, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, GetTokenInformation, DuplicateTokenEx, CreateProcessAsUserW, OpenSCManagerW, OpenServiceW, QueryServiceConfigW, ChangeServiceConfigW, CloseServiceHandle, SetServiceStatus, RegEnumKeyW, RegSetValueExW, RegDeleteKeyW, RegCreateKeyExW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, RegQueryValueExW, RegCloseKey, RegOpenKeyExW, RegDeleteValueW, SetSecurityInfo, DeleteAce, GetAce, DeleteService, GetSecurityInfo, OpenProcessToken, OpenThreadToken, AddAce, InitializeAcl, GetLengthSid, ConvertSidToStringSidW, IsValidSid, DeregisterEventSource, ReportEventA, RegisterEventSourceA
crypt32.dll
CertFreeCertificateContext, CertGetNameStringW, CertFindCertificateInStore, CryptMsgClose, CertCloseStore, CryptMsgGetParam, CryptQueryObject
gdi32.dll
CreatePatternBrush, GetObjectW, DeleteObject, CreateDIBSection, CreateCompatibleBitmap, BitBlt, CreateCompatibleDC, CreateFontIndirectW, CreateSolidBrush, RoundRect, DeleteDC, CreatePen, Rectangle, SetTextColor, SetBkMode, SelectObject
kernel32.dll
DllMain
ole32.dll
CoUninitialize, CoInitializeEx, CoCreateInstance, CoInitializeSecurity, CoInitialize, StringFromGUID2, CoSetProxyBlanket
rpcrt4.dll
UuidFromStringA
shell32.dll
CommandLineToArgvW, SHGetSpecialFolderPathW
shlwapi.dll
PathIsDirectoryW, PathFindFileNameW, StrCmpW, StrCpyW, PathFileExistsW, PathAppendW, PathStripToRootW, PathStripPathW, PathRemoveExtensionW, PathFindExtensionW, PathAddExtensionW, PathRemoveFileSpecW, SHGetValueW, PathIsRootW, StrCmpNIW
user32.dll
DrawTextW, SetWindowLongW, GetWindowTextW, GetWindowTextLengthW, GetSystemMetrics, LoadImageW, GetCursorPos, GetTopWindow, TrackMouseEvent, ChildWindowFromPoint, KillTimer, ScreenToClient, GetClassInfoExW, LoadCursorW, IsWindow, FindWindowW, DestroyWindow, RegisterClassExW, CreateWindowExW, GetUserObjectInformationW, GetProcessWindowStation, GetDesktopWindow, MessageBoxA, MessageBoxW, SetFocus, SetWindowPos, MapWindowPoints, GetMonitorInfoW, MonitorFromWindow, GetWindow, GetClientRect, LoadStringA, DefWindowProcW, GetWindowLongW, CallWindowProcW, ShowWindow, GetWindowRect, MoveWindow, DialogBoxParamW, GetActiveWindow, SystemParametersInfoW, DispatchMessageW, EndDialog, GetDlgItem, SendMessageW, SetWindowTextW, SetTimer, PeekMessageW, GetMessageW, UnregisterClassA, SetLayeredWindowAttributes, FillRect, ReleaseDC, GetDC, GetSysColor, GetSysColorBrush, GetParent, InvalidateRect, EndPaint, BeginPaint, TranslateMessage
userenv.dll
CreateEnvironmentBlock
uxtheme.dll
DrawThemeBackground, DrawThemeParentBackground, IsThemeBackgroundPartiallyTransparent, OpenThemeData, CloseThemeData
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
winhttp.dll
WinHttpConnect, WinHttpOpen, WinHttpSetStatusCallback, WinHttpGetIEProxyConfigForCurrentUser, WinHttpCloseHandle, WinHttpGetProxyForUrl, WinHttpSetOption, WinHttpReceiveResponse, WinHttpAddRequestHeaders, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpSendRequest, WinHttpOpenRequest, WinHttpQueryHeaders
wtsapi32.dll
WTSQueryUserToken

bitguard.exe

Application Manager by MediaTechSoft Inc. (Signed)

Remove bitguard.exe
Version:   2,6,1673,238
MD5:   2d89abac9d439abad1e427a467f0687d
SHA1:   079198b91dbfe57701508b46cb8dd10e3319f508
SHA256:   73b439d781905ec65c8ea8314ca05bbbfbe0fb22fa2913c19ab0d059bf03712d
Warning 16 antivirus scanners has detected malware.

Overview

bitguard.exe is malware that runs as a service under the name BitGuard within the local user context as a shared service. This is typically installed with the program BitGuard published by MediaTechSoft Inc. and is most likely removed by most users once installed (81% removed). The file is digitally signed by MediaTechSoft Inc. which was issued by the GoDaddy.com certificate authority (CA).

DetailsDetails

File name:bitguard.exe
Publisher:PerformerSoft LLC
Product name:Application Manager
Typical file path:C:\ProgramData\bitguard\2.6.1673.238\{16cdff19-861d-48e3-a751-d99a27784753}\bitguard.exe
File version:2,6,1673,238
Size:2.71 MB (2,845,152 bytes)
Build date:9/10/2013 10:35 AM
Certificate
Issued to:MediaTechSoft Inc.
Authority (CA):GoDaddy.com
Effective date:Sunday, August 4, 2013
Expiration date:Tuesday, March 29, 2016
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
BitGuard
 MediaTechSoft Inc.
  81% remove
BitGuard also known as BProtector, Application Manager and Browser Protector is an application designed to prevent the removal of software installed by the provider and affiliates. It is designed to work with Internet Explorer, Chrome and Firefox. Versions of this software in distributed from numerous download co-bundle installers including One Installer LLC, FIRSERIA (downloadyourplayer.com), Tuguu SL, Somoto Ltd., Amonetize ltd. and C...

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
  • 'BitGuard'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 16 of them detected the following malware.
Antivirus engineEngine versionDetection
Avira AntiVir 7.11.110.74 APPL/BProtector.Gen
Antiy Labs AVL 2.0.3.7 Trojan/Win32.Generic
avast! 8.0.1489.320 Win32:BProtect-A [PUP]
AVG 13.0.0.3169 Dropper.Generic8.CJNR
Clam AntiVirus 0.97.3.0 Win.Adware.BProtector
Comodo Internet Security 17185 Application.Win32.bProtect.g
ESET NOD32 7.8987 a variant of Win32/bProtector.A
G Data 13.11.22 Win32.Application.BHO.A
Kaspersky 9.0.0.837 HEUR:Trojan.Win32.Generic
Kingsoft 2013.4.9.267 Win32.Troj.Undef.(kcloud)
Malwarebytes 1.75.0.1 PUP.Optional.PerformerSoft.A
Microsoft Security Essentials 1.10003.0 TrojanDropper:Win32/Rotbrow.A
Sophos 4.94.0 BProtector
Trend Micro 9.740.0.1012 ADW_BITBROWSE
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.R0CBH01JS13
VIPRE Antivirus 22872 InstallBrain (fs)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00014329%
0.028634%
Kernel CPU:0.00007626%
0.013761%
User CPU:0.00006703%
0.014873%
Kernel CPU time:936,833 ms/min
100,923,805ms/min
CPU cycles:15,069,713/sec
17,470,203/sec
Memory
Private memory:5.3 MB
21.59 MB
Private (maximum):8.2 MB
Private (minimum):1.66 MB
Non-paged memory:5.3 MB
21.59 MB
Virtual memory:207.85 MB
140.96 MB
Virtual memory (peak):227.57 MB
169.69 MB
Working set:3.38 MB
18.61 MB
Working set (peak):8.64 MB
37.95 MB
Page faults:96,819,030/min
2,039/min
I/O
I/O read transfer:781 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:48 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:194 Bytes/sec
448.09 KB/min
I/O other operations:5/sec
1,671/min
Resource allocations
Threads:14
12
Handles:328
600
GUI GDI count:9
103
GUI GDI peak:10
142
GUI USER count:5
49
GUI USER peak:7
71

BehaviorsProcess properties

Integrety level:High
Platform:64-bit
Command lines:
  • "C:\ProgramData\bitguard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.exe" /protect
  • C:\ProgramData\bitguard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.exe
Owner:User
Windows Service
Service name:BitGuard
Description:“Your browser protector service”
Type:Win32ShareProcess
Parent processes:

ResourcesThreads

Averages
 
BitGuard.exe (main module)
Total CPU:0.10808603%
0.272967%
Kernel CPU:0.10203463%
0.107585%
User CPU:0.00605139%
0.165382%
CPU cycles:2,505,903/sec
5,741,424/sec
Context switches:1/sec
79/sec
Memory:2.8 MB
1.16 MB
ntdll.dll
Total CPU:0.00271548%
Kernel CPU:0.00000000%
User CPU:0.00271548%
CPU cycles:28,051/sec
Memory:1.66 MB
wow64.dll
Total CPU:0.00003060%
Kernel CPU:0.00001530%
User CPU:0.00001530%
CPU cycles:8,492/sec
Memory:252 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 44.00%
Microsoft Windows XP 20.00%
Windows 7 Home Premium 16.00%
Windows 8 Pro 8.00%
Windows 7 Professional 4.00%
Windows Vista Home Basic 4.00%
Windows 8 4.00%

Distribution by countryDistribution by country

Saudi Arabia installs about 16.00% of Application Manager.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Lenovo 22.86%
ASUS 22.86%
Hewlett-Packard 14.29%
Dell 11.43%
Acer 8.57%
Samsung 8.57%
Compaq 5.71%
GIGABYTE 5.71%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE