bitguard.exe
Application Manager by MediaTechSoft Inc. (Signed)
Warning 95 antivirus scanners has detected malware in various versions of bitguard.exe.
Overview
bitguard.exe has 5 known versions, the most recent one is 2,6,1694,246. It is started as a Windows Service with the name 'BitGuard' and described as “Your browser protector service”. . This is executed as a shared service (which simply means that this service can share a process with other Win32 services). The average file size is about 2.85 MB. It is an authenticode code-signed executable issued to MediaTechSoft Inc. by the certification authority GoDaddy.com. Some variations of the file have been seen to be installed with the program BitGuard from MediaTechSoft Inc.. During the process's lifecycle, the typical CPU resource utilization is about 0.0075% including both foreground and background operations, the average private memory consumption is about 3.82 MB with the maximum memory reaching around 7.1 MB. Addionally, typically read and write I/O disk operations is about 1.35 KB per minute for reads and 571 Bytes per minute for writes.
 Details
|
| File name: | bitguard.exe |
| Publisher: | PerformerSoft LLC |
| Product name: | Application Manager |
| Typical file path: | C:\ProgramData\bitguard\2.6.1673.238\{16cdff19-861d-48e3-a751-d99a27784753}\bitguard.exe |
| Certificate |
| Issued to: | MediaTechSoft Inc. |
| Authority (CA): | GoDaddy.com |
| Effective date: | Sunday, August 4, 2013 |
| Expiration date: | Tuesday, March 29, 2016 |
| Windows Service |
| Service name: | BitGuard |
| Description: | “Your browser protector service” |
| Type: | Win32ShareProcess |
Programs installed in
(Note, the programs listed below are for all versions of Application Manager.)
BitGuard also known as BProtector, Application Manager and Browser Protector is an application designed to prevent the removal of software installed by the provider and affiliates. It is designed to w...
Behaviors
(Note, the behaviors below are for all versions of bitguard.exe, select a unique version for details.)
Service
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
Malware detections
Based on 40+ industry antivirus scanners, 95 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| AhnLab V3 Internet Security |
2013.11.13 |
Trojan/Win32.Generic |
2,6,1694,246 |
| AhnLab V3 Internet Security |
2013.11.06 |
Trojan/Win32.Generic |
2,6,1694,246 |
| Avira AntiVir |
7.11.107.132 |
APPL/BProtector.Gen |
2,6,1673,238 |
| Avira AntiVir |
7.11.113.32 |
APPL/BProtector.Gen |
2,6,1694,246 |
| Avira AntiVir |
7.11.110.74 |
APPL/BProtector.Gen |
2,6,1673,238 |
| Avira AntiVir |
7.11.114.200 |
APPL/BProtector.Gen |
2,6,1694,246 |
| Avira AntiVir |
7.11.111.6 |
APPL/BProtector.Gen |
2,6,1694,246 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Generic |
2,6,1694,246 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Generic |
2,6,1673,238 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Generic |
2,6,1694,246 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Generic |
2,6,1694,246 |
| avast! |
8.0.1489.320 |
Win32:BProtect-A [PUP] |
2,6,1673,238 |
| avast! |
8.0.1489.320 |
Win32:BProtect-A [PUP] |
2,6,1694,246 |
| avast! |
8.0.1489.320 |
Win32:BProtect-A [PUP] |
2,6,1673,238 |
| avast! |
8.0.1489.320 |
Win32:BProtect-A [PUP] |
2,6,1694,246 |
| avast! |
8.0.1489.320 |
Win32:BProtect-A [PUP] |
2,6,1694,246 |
| AVG |
13.0.0.3169 |
Bprotect.C |
2,6,1673,238 |
| AVG |
13.0.0.3169 |
Bprotect.C |
2,6,1694,246 |
| AVG |
13.0.0.3169 |
Dropper.Generic8.CJNR |
2,6,1673,238 |
| AVG |
13.0.0.3169 |
Dropper.Generic8.CICW |
2,6,1694,246 |
| AVG |
13.0.0.3169 |
Bprotect.C |
2,6,1694,246 |
| Bkav Security |
1.3.0.4415 |
W32.Clod27f.Trojan.c2cf |
2,6,1694,246 |
| Bkav Security |
1.3.0.4562 |
W32.Clod059.Trojan.ff13 |
2,6,1694,246 |
| Bkav Security |
1.3.0.4261 |
W32.Clod8de.Trojan.7e93 |
2,6,1694,246 |
| CAT Quick Heal |
11.13.12.00 |
TrojanDropper.Rotbrow |
2,6,1694,246 |
| CAT Quick Heal |
11.13.12.00 |
TrojanDropper.Rotbrow |
2,6,1694,246 |
| Clam AntiVirus |
0.97.3.0 |
Win.Adware.BProtector |
2,6,1694,246 |
| Clam AntiVirus |
0.97.3.0 |
Win.Adware.BProtector |
2,6,1673,238 |
| Clam AntiVirus |
0.97.3.0 |
Win.Adware.BProtector |
2,6,1694,246 |
| Clam AntiVirus |
0.97.3.0 |
Win.Adware.BProtector |
2,6,1694,246 |
| Comodo Internet Security |
17105 |
Application.Win32.Agent.~N |
2,6,1673,238 |
| Comodo Internet Security |
17263 |
UnclassifiedMalware |
2,6,1694,246 |
| Comodo Internet Security |
17185 |
Application.Win32.bProtect.g |
2,6,1673,238 |
| Comodo Internet Security |
17304 |
Application.Win32.bProtector.KAT |
2,6,1694,246 |
| Comodo Internet Security |
17221 |
UnclassifiedMalware |
2,6,1694,246 |
| ESET NOD32 |
7.8914 |
a variant of Win32/bProtector.A |
2,6,1673,238 |
| ESET NOD32 |
7.9041 |
a variant of Win32/bProtector.A |
2,6,1694,246 |
| ESET NOD32 |
7.8987 |
a variant of Win32/bProtector.A |
2,6,1673,238 |
| ESET NOD32 |
7.9072 |
a variant of Win32/bProtector.A |
2,6,1694,246 |
| ESET NOD32 |
7.9010 |
a variant of Win32/bProtector.A |
2,6,1694,246 |
| Fortinet |
5.1.147.0 |
Adware/Fam.NB |
2,6,1694,246 |
| G Data |
13.10.22 |
Win32.Application.BHO.A |
2,6,1673,238 |
| G Data |
13.11.22 |
Win32.Application.BHO.A |
2,6,1694,246 |
| G Data |
13.11.22 |
Win32.Application.BHO.A |
2,6,1673,238 |
| G Data |
13.11.22 |
Win32.Application.BHO.A |
2,6,1694,246 |
| G Data |
13.11.22 |
Win32.Application.BHO.A |
2,6,1694,246 |
| K7 AntiVirus |
9.173.9866 |
Unwanted-Program |
2,6,1673,238 |
| K7 AntiVirus |
9.173.10176 |
Unwanted-Program ( 00454f261 ) |
2,6,1694,246 |
| K7 AntiVirus |
9.173.10249 |
Trojan ( 0000d2141 ) |
2,6,1694,246 |
| K7GW |
12.7.0.14 |
Unwanted-Program |
2,6,1673,238 |
| K7GW |
9.173.10176 |
Unwanted-Program ( 00454f261 ) |
2,6,1694,246 |
| K7GW |
9.173.10249 |
Backdoor ( 0000d2141 ) |
2,6,1694,246 |
| Kaspersky |
9.0.0.837 |
HEUR:Trojan.Win32.Generic |
2,6,1673,238 |
| Kaspersky |
9.0.0.837 |
HEUR:Trojan.Win32.Generic |
2,6,1694,246 |
| Kaspersky |
9.0.0.837 |
HEUR:Trojan.Win32.Generic |
2,6,1673,238 |
| Kaspersky |
9.0.0.837 |
HEUR:Trojan.Win32.Generic |
2,6,1694,246 |
| Kaspersky |
9.0.0.837 |
HEUR:Trojan.Win32.Generic |
2,6,1694,246 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Undef.(kcloud) |
2,6,1694,246 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Undef.(kcloud) |
2,6,1673,238 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Undef.(kcloud) |
2,6,1694,246 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Undef.(kcloud) |
2,6,1694,246 |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.PerformerSoft.A |
2,6,1673,238 |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.PerformerSoft.A |
2,6,1694,246 |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.PerformerSoft.A |
2,6,1673,238 |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.PerformerSoft.A |
2,6,1694,246 |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.PerformerSoft.A |
2,6,1694,246 |
| McAfee |
5.600.1067 |
Artemis!7F8BECFB26F2 |
2,6,1673,238 |
| McAfee |
5.600.1067 |
Artemis!30312A75BE27 |
2,6,1694,246 |
| McAfee |
5.600.1067 |
Artemis!97A57AEA49E0 |
2,6,1694,246 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!7F8BECFB26F2 |
2,6,1673,238 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!30312A75BE27 |
2,6,1694,246 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!97A57AEA49E0 |
2,6,1694,246 |
| Microsoft Security Essentials |
1.10003.0 |
TrojanDropper:Win32/Rotbrow.A |
2,6,1694,246 |
| Microsoft Security Essentials |
1.10003.0 |
TrojanDropper:Win32/Rotbrow.A |
2,6,1673,238 |
| Microsoft Security Essentials |
1.10100.0 |
TrojanDropper:Win32/Rotbrow.A |
2,6,1694,246 |
| Microsoft Security Essentials |
1.10003.0 |
TrojanDropper:Win32/Rotbrow.A |
2,6,1694,246 |
| Sophos |
4.93.0 |
BProtector |
2,6,1673,238 |
| Sophos |
4.94.0 |
BProtector |
2,6,1694,246 |
| Sophos |
4.94.0 |
BProtector |
2,6,1673,238 |
| Sophos |
4.95.0 |
BProtector |
2,6,1694,246 |
| Sophos |
4.94.0 |
BProtector |
2,6,1694,246 |
| Symantec |
20131.1.5.61 |
Adware.GoonSquad |
2,6,1673,238 |
| Symantec |
20131.1.5.61 |
Adware.GoonSquad |
2,6,1694,246 |
| Trend Micro |
9.740.0.1012 |
ADW_BPROTECT |
2,6,1673,238 |
| Trend Micro |
9.740.0.1012 |
ADW_BITBROWSE |
2,6,1673,238 |
| Trend Micro |
9.740.0.1012 |
ADW_BPROTECT |
2,6,1694,246 |
| Trend Micro HouseCall |
9.700.0.1001 |
ADW_BPROTECT |
2,6,1673,238 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V1001 |
2,6,1694,246 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.R0CBH01JS13 |
2,6,1673,238 |
| Trend Micro HouseCall |
9.700.0.1001 |
ADW_BPROTECT |
2,6,1694,246 |
| VIPRE Antivirus |
22376 |
InstallBrain (fs) |
2,6,1673,238 |
| VIPRE Antivirus |
23320 |
InstallBrain (fs) |
2,6,1694,246 |
| VIPRE Antivirus |
22872 |
InstallBrain (fs) |
2,6,1673,238 |
| VIPRE Antivirus |
23548 |
Trojan.Win32.Generic!BT |
2,6,1694,246 |
| VIPRE Antivirus |
23084 |
InstallBrain (fs) |
2,6,1694,246 |
All file variations of bitguard.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
44.00% |
|
| Microsoft Windows XP |
20.00% |
|
| Windows 7 Home Premium |
16.00% |
|
| Windows 8 Pro |
8.00% |
|
| Windows 7 Professional |
4.00% |
|
| Windows Vista Home Basic |
4.00% |
|
| Windows 8 |
4.00% |
|
Distribution by country
Saudi Arabia installs about 16.00% of Application Manager.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Lenovo |
22.86% |
|
| ASUS |
22.86% |
|
| Hewlett-Packard |
14.29% |
|
| Dell |
11.43% |
|
| Acer |
8.57% |
|
| Samsung |
8.57% |
|
| Compaq |
5.71% |
|
| GIGABYTE |
5.71% |
|
