Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

2,6,1694,246 20.00%
2,6,1694,246 36.00%
2,6,1694,246 4.00%
2,6,1673,238 36.00%
2,6,1673,238 4.00%

Relationships

Parent process
Child process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
GetAclInformation, RegEnumValueW, CreateServiceW, ChangeServiceConfig2W, StartServiceW, ControlService, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, RegQueryInfoKeyW, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, GetTokenInformation, DuplicateTokenEx, CreateProcessAsUserW, OpenSCManagerW, OpenServiceW, QueryServiceConfigW, ChangeServiceConfigW, CloseServiceHandle, SetServiceStatus, RegEnumKeyW, RegSetValueExW, RegDeleteKeyW, RegCreateKeyExW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, RegQueryValueExW, RegCloseKey, RegOpenKeyExW, RegDeleteValueW, SetSecurityInfo, DeleteAce, GetAce, DeleteService, GetSecurityInfo, OpenProcessToken, OpenThreadToken, AddAce, InitializeAcl, GetLengthSid, ConvertSidToStringSidW, IsValidSid, DeregisterEventSource, ReportEventA, RegisterEventSourceA
crypt32.dll
CertFreeCertificateContext, CertGetNameStringW, CertFindCertificateInStore, CryptMsgClose, CertCloseStore, CryptMsgGetParam, CryptQueryObject
gdi32.dll
CreatePatternBrush, GetObjectW, DeleteObject, CreateDIBSection, CreateCompatibleBitmap, BitBlt, CreateCompatibleDC, CreateFontIndirectW, CreateSolidBrush, RoundRect, DeleteDC, CreatePen, Rectangle, SetTextColor, SetBkMode, SelectObject
kernel32.dll
DllMain
ole32.dll
CoUninitialize, CoInitializeEx, CoCreateInstance, CoInitializeSecurity, CoInitialize, StringFromGUID2, CoSetProxyBlanket
rpcrt4.dll
UuidFromStringA
shell32.dll
CommandLineToArgvW, SHGetSpecialFolderPathW
shlwapi.dll
PathIsDirectoryW, PathFindFileNameW, StrCmpW, StrCpyW, PathFileExistsW, PathAppendW, PathStripToRootW, PathStripPathW, PathRemoveExtensionW, PathFindExtensionW, PathAddExtensionW, PathRemoveFileSpecW, SHGetValueW, PathIsRootW, StrCmpNIW
user32.dll
DrawTextW, SetWindowLongW, GetWindowTextW, GetWindowTextLengthW, GetSystemMetrics, LoadImageW, GetCursorPos, GetTopWindow, TrackMouseEvent, ChildWindowFromPoint, KillTimer, ScreenToClient, GetClassInfoExW, LoadCursorW, IsWindow, FindWindowW, DestroyWindow, RegisterClassExW, CreateWindowExW, GetUserObjectInformationW, GetProcessWindowStation, GetDesktopWindow, MessageBoxA, MessageBoxW, SetFocus, SetWindowPos, MapWindowPoints, GetMonitorInfoW, MonitorFromWindow, GetWindow, GetClientRect, LoadStringA, DefWindowProcW, GetWindowLongW, CallWindowProcW, ShowWindow, GetWindowRect, MoveWindow, DialogBoxParamW, GetActiveWindow, SystemParametersInfoW, DispatchMessageW, EndDialog, GetDlgItem, SendMessageW, SetWindowTextW, SetTimer, PeekMessageW, GetMessageW, UnregisterClassA, SetLayeredWindowAttributes, FillRect, ReleaseDC, GetDC, GetSysColor, GetSysColorBrush, GetParent, InvalidateRect, EndPaint, BeginPaint, TranslateMessage
userenv.dll
CreateEnvironmentBlock
uxtheme.dll
DrawThemeBackground, DrawThemeParentBackground, IsThemeBackgroundPartiallyTransparent, OpenThemeData, CloseThemeData
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
winhttp.dll
WinHttpConnect, WinHttpOpen, WinHttpSetStatusCallback, WinHttpGetIEProxyConfigForCurrentUser, WinHttpCloseHandle, WinHttpGetProxyForUrl, WinHttpSetOption, WinHttpReceiveResponse, WinHttpAddRequestHeaders, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpSendRequest, WinHttpOpenRequest, WinHttpQueryHeaders
wtsapi32.dll
WTSQueryUserToken

bitguard.exe

Application Manager by MediaTechSoft Inc. (Signed)

Remove bitguard.exe
Version:   2,6,1694,246
MD5:   97a57aea49e0ec9d17bdd96a3ceebebc
SHA1:   0f0492cfaa5d9473d66808d729cd6accef87c8c6
SHA256:   15806856458aa8ebf4640b6639226c3b39cd9b6009d8dae0742049d0f5e8330c
Warning 22 antivirus scanners has detected malware.

Overview

bitguard.exe is malware that runs as a service under the name BitGuard with extensive SYSTEM privileges (full administrator access) as a shared service. This is typically installed with the program BitGuard published by MediaTechSoft Inc. and is most likely removed by most users once installed (74% removed). The file is digitally signed by MediaTechSoft Inc. which was issued by the GoDaddy.com certificate authority (CA).

DetailsDetails

File name:bitguard.exe
Publisher:PerformerSoft LLC
Product name:Application Manager
Typical file path:C:\ProgramData\bitguard\2.6.1673.238\{16cdff19-861d-48e3-a751-d99a27784753}\bitguard.exe
File version:2,6,1694,246
Size:2.89 MB (3,032,032 bytes)
Build date:10/8/2013 5:17 AM
Certificate
Issued to:MediaTechSoft Inc.
Authority (CA):GoDaddy.com
Effective date:Sunday, August 4, 2013
Expiration date:Tuesday, March 29, 2016
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
MediaTechSoft Inc.
  74% remove
BitGuard also known as BProtector, Application Manager and Browser Protector is an application designed to prevent the removal of software installed by the provider and affiliates (including web browser extensions deployed by PerformerSoft). BitGuard and its variations are registered under the company name MediaTechSoft but actually are associated with PerformerSoft LLC. While the BitGuard service (BitGuard.exe) is signed with a digital...

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
  • 'BitGuard'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 22 of them detected the following malware.
Antivirus engineEngine versionDetection
AhnLab V3 Internet Security 2013.11.06 Trojan/Win32.Generic
Avira AntiVir 7.11.111.6 APPL/BProtector.Gen
Antiy Labs AVL 2.0.3.7 Trojan/Win32.Generic
avast! 8.0.1489.320 Win32:BProtect-A [PUP]
AVG 13.0.0.3169 Bprotect.C
Bkav Security 1.3.0.4261 W32.Clod8de.Trojan.7e93
CAT Quick Heal 11.13.12.00 TrojanDropper.Rotbrow
Clam AntiVirus 0.97.3.0 Win.Adware.BProtector
Comodo Internet Security 17221 UnclassifiedMalware
ESET NOD32 7.9010 a variant of Win32/bProtector.A
Fortinet 5.1.147.0 Adware/Fam.NB
G Data 13.11.22 Win32.Application.BHO.A
Kaspersky 9.0.0.837 HEUR:Trojan.Win32.Generic
Kingsoft 2013.4.9.267 Win32.Troj.Undef.(kcloud)
Malwarebytes 1.75.0.1 PUP.Optional.PerformerSoft.A
McAfee 5.600.1067 Artemis!97A57AEA49E0
McAfee Gateway Anti-Malware v2013-dat Artemis!97A57AEA49E0
Microsoft Security Essentials 1.10003.0 TrojanDropper:Win32/Rotbrow.A
Sophos 4.94.0 BProtector
Trend Micro 9.740.0.1012 ADW_BPROTECT
Trend Micro HouseCall 9.700.0.1001 ADW_BPROTECT
VIPRE Antivirus 23084 InstallBrain (fs)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00231880%
0.028634%
Kernel CPU:0.00120493%
0.013761%
User CPU:0.00111386%
0.014873%
Kernel CPU time:73,016 ms/min
100,923,805ms/min
CPU cycles:3,932,011/sec
17,470,203/sec
Context switches:16/sec
284/sec
Memory
Private memory:3.37 MB
21.59 MB
Private (maximum):7.2 MB
Private (minimum):6.66 MB
Non-paged memory:3.37 MB
21.59 MB
Virtual memory:163.82 MB
140.96 MB
Virtual memory (peak):182.99 MB
169.69 MB
Working set:7.08 MB
18.61 MB
Working set (peak):7.84 MB
37.95 MB
Page faults:30,752,437/min
2,039/min
I/O
I/O read transfer:2.52 KB/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:2.74 KB/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:197 Bytes/sec
448.09 KB/min
I/O other operations:8/sec
1,671/min
Resource allocations
Threads:12
12
Handles:271
600
GUI GDI count:9
103
GUI GDI peak:11
142
GUI USER count:5
49
GUI USER peak:5
71

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command lines:
  • C:\ProgramData\bitguard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.exe
  • "C:\ProgramData\bitguard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.exe" /protect
Owner:SYSTEM
Windows Service
Service name:BitGuard
Description:“Your browser protector service”
Type:Win32ShareProcess
Parent processes:

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 44.00%
Microsoft Windows XP 20.00%
Windows 7 Home Premium 16.00%
Windows 8 Pro 8.00%
Windows 7 Professional 4.00%
Windows Vista Home Basic 4.00%
Windows 8 4.00%

Distribution by countryDistribution by country

Saudi Arabia installs about 16.00% of Application Manager.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Lenovo 22.86%
ASUS 22.86%
Hewlett-Packard 14.29%
Dell 11.43%
Acer 8.57%
Samsung 8.57%
Compaq 5.71%
GIGABYTE 5.71%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE