Should I block it?

No, this file is 100% safe to run.

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
GetSidIdentifierAuthority, IsValidSid, GetSidSubAuthorityCount, RegSetValueExW, RegCloseKey, RegEnumKeyExW, RegOpenKeyExW, RegDeleteValueW, RegDeleteKeyW, RegQueryInfoKeyW, RegCreateKeyExW, GetSidSubAuthority, OpenProcessToken, GetTokenInformation, RegQueryValueExW
gdi32.dll
SelectObject, CreateDIBSection, DeleteDC, GetStockObject, BitBlt, CreateCompatibleDC, GetObjectW, GetDeviceCaps, CreateCompatibleBitmap, DeleteObject, CreateSolidBrush
gdiplus.dll
GdipGetImageHeight, GdiplusStartup, GdiplusShutdown, GdipSetInterpolationMode, GdipSetPixelOffsetMode, GdipGetImageDimension, GdipDrawImageRectRect, GdipCreateFromHDC, GdipDeleteGraphics, GdipGetImageWidth, GdipCreateBitmapFromFile, GdipCloneImage, GdipAlloc, GdipDisposeImage, GdipSetSmoothingMode, GdipDrawImageRectI, GdipReleaseDC, GdipFree
kernel32.dll
CloseHandle, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, FindResourceExW, LockResource, DeleteCriticalSection, lstrcmpiW, GetProcAddress, GetLastError, RaiseException, lstrlenW, MultiByteToWideChar, GetModuleFileNameW, SizeofResource, InitializeCriticalSection, GetModuleHandleW, InterlockedDecrement, InterlockedIncrement, LoadLibraryExW, LoadResource, FreeLibrary, FindResourceW, SetEnvironmentVariableA, CompareStringW, CompareStringA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetLocaleInfoW, InitializeCriticalSectionAndSpinCount, GetStringTypeW, GetStringTypeA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetTimeZoneInformation, GetConsoleMode, GetConsoleCP, IsValidCodePage, GetOEMCP, GetACP, GetStartupInfoA, GetFileType, SetHandleCount, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleFileNameA, GetStdHandle, ExitProcess, EnterCriticalSection, LeaveCriticalSection, WideCharToMultiByte, LocalFree, GetVersionExW, LoadLibraryW, GetTempPathW, WritePrivateProfileStringW, GetPrivateProfileStringW, GetPrivateProfileIntW, GetFileAttributesW, GetCurrentProcess, HeapAlloc, GetProcessHeap, HeapFree, GetSystemTime, InterlockedExchange, FindFirstFileW, FindNextFileW, DeleteFileW, FindClose, CreateFileW, lstrlenA, GetCurrentThreadId, SetLastError, FlushInstructionCache, GlobalUnlock, GlobalAlloc, GlobalLock, GetTickCount, MulDiv, lstrcmpW, GetFullPathNameW, GetFullPathNameA, CreateFileA, GetFileSize, SetFilePointer, MapViewOfFile, UnmapViewOfFile, SetEndOfFile, QueryPerformanceCounter, InterlockedCompareExchange, UnlockFile, LockFile, UnlockFileEx, GetSystemTimeAsFileTime, FormatMessageA, WriteFile, Sleep, FormatMessageW, GetFileAttributesA, ReadFile, FlushFileBuffers, LockFileEx, GetDiskFreeSpaceW, LoadLibraryA, CreateFileMappingA, GetDiskFreeSpaceA, GetSystemInfo, GetFileAttributesExW, GetVersionExA, GetCurrentProcessId, GetTempPathA, AreFileApisANSI, DeleteFileA, HeapDestroy, HeapReAlloc, HeapSize, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, GetStartupInfoW, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind, LCMapStringA, LCMapStringW, GetCPInfo, HeapCreate, GetModuleHandleA
ole32.dll
OleInitialize, CLSIDFromString, CoGetClassObject, OleLockRunning, StringFromGUID2, OleUninitialize, CreateStreamOnHGlobal, CoUninitialize, CoTaskMemAlloc, CoInitialize, CoTaskMemFree, CoTaskMemRealloc, CLSIDFromProgID, CoCreateInstance
user32.dll
LoadAcceleratorsW, GetMessageW, SetTimer, TranslateMessage, DispatchMessageW, KillTimer, LoadStringW, CharNextW, TranslateAcceleratorW, LoadIconW, LoadCursorW, RegisterClassExW, GetDC, GetWindowRect, GetClientRect, GetWindowLongW, FillRect, SendMessageW, GetDesktopWindow, SetForegroundWindow, DefWindowProcW, SetLayeredWindowAttributes, IsWindow, SetWindowPos, DestroyWindow, GetForegroundWindow, ShowWindow, SetWindowLongW, GetClassInfoExW, CreateWindowExW, CallWindowProcW, GetActiveWindow, GetParent, GetClassNameW, CallNextHookEx, PostMessageW, SetWindowsHookExW, UnhookWindowsHookEx, DestroyAcceleratorTable, InvalidateRect, InvalidateRgn, ReleaseCapture, SetCapture, ScreenToClient, ClientToScreen, CreateAcceleratorTableW, RedrawWindow, GetSysColor, GetDlgItem, GetWindow, SetFocus, GetFocus, IsChild, EndPaint, BeginPaint, SetWindowTextW, GetWindowTextW, GetWindowTextLengthW, RegisterWindowMessageW, UnregisterClassA, ReleaseDC, MoveWindow

guard.exe

By No Organization Affiliation (Signed)

Remove guard.exe
MD5:   4db27319753eaa6aee1ba12fc51a436c
SHA1:   6e501662d51df65908df4f9c9139288c6935b629
SHA256:   d403b312f8a0f6ed344dd3165f63b6bd757319437dc45ab824db272c9ce941cd

Overview

guard.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). The file is digitally signed by No Organization Affiliation which was issued by the Thawte certificate authority (CA). This particular version is usually found on Windows 7 Home Basic (6.1.7601.65536). Note, some antivirus scanners have flagged this file, however it is not necessarily considered malware (see below for details).

DetailsDetails

File name:guard.exe
Typical file path:C:\Program Files\gigabase\guard\guard.exe
Size:863.55 KB (884,272 bytes)
Build date:4/22/2013 11:25 AM
Certificate
Issued to:No Organization Affiliation
Authority (CA):Thawte
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'KursRuGuard' → C:\Program Files\Gigabase\Guard\Guard.exe

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00066887%
0.028634%
Kernel CPU:0.00048788%
0.013761%
User CPU:0.00018099%
0.014873%
Kernel CPU time:1,248,008 ms/min
100,923,805ms/min
Memory
Private memory:1.67 MB
21.59 MB
Private (maximum):4.36 MB
Private (minimum):3.17 MB
Non-paged memory:1.67 MB
21.59 MB
Virtual memory:52.89 MB
140.96 MB
Virtual memory (peak):54.52 MB
169.69 MB
Working set:3.88 MB
18.61 MB
Working set (peak):4.36 MB
37.95 MB
Resource allocations
Threads:2
12
Handles:62
600
GUI GDI count:20
103
GUI GDI peak:22
142
GUI USER count:9
49
GUI USER peak:9
71

BehaviorsProcess properties

Integrety level:High
Platform:32-bit
Command line:"C:\Program Files\gigabase\guard\guard.exe"
Owner:User
Parent process:explorer.exe (Windows Explorer by Microsoft Corporation)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Basic 100.00%

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Lenovo 100.00%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE