Should I block it?

98%

Yes, 98% block recommendation.

Possible reasons:

Multiple malware detections

Performance resource utilization

Additional versions

2,6,1694,246	20.00%
2,6,1694,246	36.00%
2,6,1694,246	4.00%
2,6,1673,238	36.00%
2,6,1673,238	4.00%

Relationships

Parent process

services.exe (Services and Controller app by Microsoft)

Child process

schtasks.exe (Manages scheduled tasks by Microsoft)

Related files

PE file structure

Show functions

Import table

advapi32.dll

GetAclInformation, RegEnumValueW, CreateServiceW, ChangeServiceConfig2W, StartServiceW, ControlService, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, RegQueryInfoKeyW, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, GetTokenInformation, DuplicateTokenEx, CreateProcessAsUserW, OpenSCManagerW, OpenServiceW, QueryServiceConfigW, ChangeServiceConfigW, CloseServiceHandle, SetServiceStatus, RegEnumKeyW, RegSetValueExW, RegDeleteKeyW, RegCreateKeyExW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, RegQueryValueExW, RegCloseKey, RegOpenKeyExW, RegDeleteValueW, SetSecurityInfo, DeleteAce, GetAce, DeleteService, GetSecurityInfo, OpenProcessToken, OpenThreadToken, AddAce, InitializeAcl, GetLengthSid, ConvertSidToStringSidW, IsValidSid, DeregisterEventSource, ReportEventA, RegisterEventSourceA

crypt32.dll

CertFreeCertificateContext, CertGetNameStringW, CertFindCertificateInStore, CryptMsgClose, CertCloseStore, CryptMsgGetParam, CryptQueryObject

gdi32.dll

CreatePatternBrush, GetObjectW, DeleteObject, CreateDIBSection, CreateCompatibleBitmap, BitBlt, CreateCompatibleDC, CreateFontIndirectW, CreateSolidBrush, RoundRect, DeleteDC, CreatePen, Rectangle, SetTextColor, SetBkMode, SelectObject

kernel32.dll

DllMain

ole32.dll

CoUninitialize, CoInitializeEx, CoCreateInstance, CoInitializeSecurity, CoInitialize, StringFromGUID2, CoSetProxyBlanket

rpcrt4.dll

UuidFromStringA

shell32.dll

CommandLineToArgvW, SHGetSpecialFolderPathW

shlwapi.dll

PathIsDirectoryW, PathFindFileNameW, StrCmpW, StrCpyW, PathFileExistsW, PathAppendW, PathStripToRootW, PathStripPathW, PathRemoveExtensionW, PathFindExtensionW, PathAddExtensionW, PathRemoveFileSpecW, SHGetValueW, PathIsRootW, StrCmpNIW

user32.dll

DrawTextW, SetWindowLongW, GetWindowTextW, GetWindowTextLengthW, GetSystemMetrics, LoadImageW, GetCursorPos, GetTopWindow, TrackMouseEvent, ChildWindowFromPoint, KillTimer, ScreenToClient, GetClassInfoExW, LoadCursorW, IsWindow, FindWindowW, DestroyWindow, RegisterClassExW, CreateWindowExW, GetUserObjectInformationW, GetProcessWindowStation, GetDesktopWindow, MessageBoxA, MessageBoxW, SetFocus, SetWindowPos, MapWindowPoints, GetMonitorInfoW, MonitorFromWindow, GetWindow, GetClientRect, LoadStringA, DefWindowProcW, GetWindowLongW, CallWindowProcW, ShowWindow, GetWindowRect, MoveWindow, DialogBoxParamW, GetActiveWindow, SystemParametersInfoW, DispatchMessageW, EndDialog, GetDlgItem, SendMessageW, SetWindowTextW, SetTimer, PeekMessageW, GetMessageW, UnregisterClassA, SetLayeredWindowAttributes, FillRect, ReleaseDC, GetDC, GetSysColor, GetSysColorBrush, GetParent, InvalidateRect, EndPaint, BeginPaint, TranslateMessage

userenv.dll

CreateEnvironmentBlock

uxtheme.dll

DrawThemeBackground, DrawThemeParentBackground, IsThemeBackgroundPartiallyTransparent, OpenThemeData, CloseThemeData

version.dll

GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

winhttp.dll

WinHttpConnect, WinHttpOpen, WinHttpSetStatusCallback, WinHttpGetIEProxyConfigForCurrentUser, WinHttpCloseHandle, WinHttpGetProxyForUrl, WinHttpSetOption, WinHttpReceiveResponse, WinHttpAddRequestHeaders, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpSendRequest, WinHttpOpenRequest, WinHttpQueryHeaders

wtsapi32.dll

WTSQueryUserToken

bitguard.exe

Application Manager by MediaTechSoft Inc. (Signed)

Remove bitguard.exe

Version:	2,6,1673,238
MD5:	7f8becfb26f2655e281406c6c341f416
SHA1:	a565b44a687c8e7050692c9249d56eb7711945b4
SHA256:	9d5fb2bac4bd9c579c5be6ef12ee916b2f029d49ab42a312a0007ee636d414bd

Warning 17 antivirus scanners has detected malware.

Overview

bitguard.exe is malware that runs as a service under the name BitGuard with extensive SYSTEM privileges (full administrator access) as a shared service. This is typically installed with the program BitGuard published by MediaTechSoft Inc. and is most likely removed by most users once installed (74% removed). The file is digitally signed by MediaTechSoft Inc. which was issued by the GoDaddy.com certificate authority (CA).

Details

File name:	bitguard.exe
Publisher:	PerformerSoft LLC
Product name:	Application Manager
Typical file path:	C:\ProgramData\bitguard\2.6.1673.238\{16cdff19-861d-48e3-a751-d99a27784753}\bitguard.exe
File version:	2,6,1673,238
Size:	2.89 MB (3,029,472 bytes)
Build date:	9/13/2013 5:01 PM
Certificate
Issued to:	MediaTechSoft Inc.
Authority (CA):	GoDaddy.com
Effective date:	Sunday, August 4, 2013
Expiration date:	Tuesday, March 29, 2016
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Programs

The following program will install this file

BitGuard

MediaTechSoft Inc.

74% remove

BitGuard also known as BProtector, Application Manager and Browser Protector is an application designed to prevent the removal of software installed by the provider and affiliates (including web browser extensions deployed by PerformerSoft). BitGuard and its variations are registered under the company name MediaTechSoft but actually are associated with PerformerSoft LLC. While the BitGuard service (BitGuard.exe) is signed with a digital...

Behaviors

Service

Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)

'BitGuard'

Network connections

[UDP] listens on port 3569

Malware detections

Based on 40+ industry antivirus scanners, 17 of them detected the following malware.

Antivirus engine	Engine version	Detection
Avira AntiVir	7.11.107.132	APPL/BProtector.Gen
avast!	8.0.1489.320	Win32:BProtect-A [PUP]
AVG	13.0.0.3169	Bprotect.C
Comodo Internet Security	17105	Application.Win32.Agent.~N
ESET NOD32	7.8914	a variant of Win32/bProtector.A
G Data	13.10.22	Win32.Application.BHO.A
K7 AntiVirus	9.173.9866	Unwanted-Program
K7GW	12.7.0.14	Unwanted-Program
Kaspersky	9.0.0.837	HEUR:Trojan.Win32.Generic
Malwarebytes	1.75.0.1	PUP.Optional.PerformerSoft.A
McAfee	5.600.1067	Artemis!7F8BECFB26F2
McAfee Gateway Anti-Malware	v2013-dat	Artemis!7F8BECFB26F2
Sophos	4.93.0	BProtector
Symantec	20131.1.5.61	Adware.GoonSquad
Trend Micro	9.740.0.1012	ADW_BPROTECT
Trend Micro HouseCall	9.700.0.1001	ADW_BPROTECT
VIPRE Antivirus	22376	InstallBrain (fs)

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00156875%	0.028634%
Kernel CPU:	0.00090648%	0.013761%
User CPU:	0.00066227%	0.014873%
Kernel CPU time:	76,243 ms/min	100,923,805ms/min
CPU cycles:	9,983,535/sec	17,470,203/sec
Context switches:	12/sec	284/sec
Memory
Private memory:	3.73 MB	21.59 MB
Private (maximum):	6.7 MB
Private (minimum):	3.92 MB
Non-paged memory:	3.73 MB	21.59 MB
Virtual memory:	167.52 MB	140.96 MB
Virtual memory (peak):	188.77 MB	169.69 MB
Working set:	5.13 MB	18.61 MB
Working set (peak):	6.75 MB	37.95 MB
Page faults:	20,308,940/min	2,039/min
I/O
I/O read transfer:	1.48 KB/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O write transfer:	0 Bytes/sec	274.99 KB/min
I/O write operations:	1/sec	227/min
I/O other transfer:	130 Bytes/sec	448.09 KB/min
I/O other operations:	10/sec	1,671/min
Resource allocations
Threads:	13	12
Handles:	275	600
GUI GDI count:	8	103
GUI GDI peak:	10	142
GUI USER count:	4	49
GUI USER peak:	5	71

Process properties

Integrety level:	System
Platform:	32-bit
Command lines:	C:\ProgramData\bitguard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.exe "C:\ProgramData\bitguard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.exe" /protect "C:\documents and settings\all users\datos de programa\bitguard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bitguard.exe" "C:\documents and settings\all users\datos de programa\bitguard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bitguard.exe" /protect C:\ProgramData\bitguard\2.6.1673.238\{16cdff19-861d-48e3-a751-d99a27784753}\bitguard.exe "C:\ProgramData\bitguard\2.6.1673.238\{16cdff19-861d-48e3-a751-d99a27784753}\bitguard.exe" /protect
Owner:	SYSTEM
Windows Service
Service name:	BitGuard
Description:	“Your browser protector service”
Type:	Win32ShareProcess
Parent processes:	services.exe (Services and Controller app by Microsoft) bitguard.exe (Application Manager by MediaTechSoft Inc.)

Threads

Averages

BitGuard.exe (main module)
Total CPU:	0.31512820%	0.272967%
Kernel CPU:	0.29416088%	0.107585%
User CPU:	0.02096732%	0.165382%
CPU cycles:	7,886,840/sec	5,741,424/sec
Context switches:	8/sec	79/sec
Memory:	2.97 MB	1.16 MB
sechost.dll
Total CPU:	0.00012335%
Kernel CPU:	0.00000000%
User CPU:	0.00012335%
CPU cycles:	23,091/sec
Context switches:	2/sec
Memory:	100 KB
BitGuard.dll (Application Manager by PerformerSoft LLC)
Total CPU:	0.00011957%
Kernel CPU:	0.00011957%
User CPU:	0.00000000%
CPU cycles:	9,138/sec
Memory:	2.7 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

BitGuard.dll (Application Manager by MediaTechSoft Inc.)

Distribution by Windows OS

OS version	distribution
Windows 7 Ultimate	44.00%
Microsoft Windows XP	20.00%
Windows 7 Home Premium	16.00%
Windows 8 Pro	8.00%
Windows 7 Professional	4.00%
Windows Vista Home Basic	4.00%
Windows 8	4.00%

Distribution by country

Saudi Arabia installs about 16.00% of Application Manager.

Distribution by PC manufacturer

PC Manufacturer	distribution
Lenovo	22.86%
ASUS	22.86%
Hewlett-Packard	14.29%
Dell	11.43%
Acer	8.57%
Samsung	8.57%
Compaq	5.71%
GIGABYTE	5.71%

Remove Adware and Spyware Programs, FREE Download!