guardagent.exe
EaseUS Todo Backup by CHENGDU YIWO Tech Development Co. (Signed)
Warning 3 antivirus scanners has detected malware in various versions of guardagent.exe.
Overview
There are 7 versions of guardagent.exe in the wild, the latest version being 5.8.0.0. It is started as a Windows Service called 'Guard Agent Service' with the name 'Guard Agent' and described as “Monitor EaseUS Todo Backup agent.”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). The average file size is about 23.1 KB. The file is a digitally signed and issued to CHENGDU YIWO Tech Development Co. by VeriSign. Some variations of the file have been seen to be installed with the program EaseUS Todo Backup Free 5.3 from CHENGDU YIWO Tech Development Co., Ltd. During the process's lifecycle, the typical CPU resource utilization is about 0.0002% including both foreground and background operations, the average private memory consumption is about 1.15 MB with the maximum memory reaching around 3.16 MB and write I/O transfers are about 0 Bytes per minute.
 Details
|
| File name: | guardagent.exe |
| Publisher: | CHENGDU YIWO Tech Development Co., Ltd |
| Product name: | EaseUS Todo Backup |
| Description: | EaseUS Todo Backup Agent Application |
| Typical file path: | C:\Program Files\easeus\todo backup\bin\guardagent.exe |
| Original name: | GuardAgent |
| Certificate |
| Issued to: | CHENGDU YIWO Tech Development Co. |
| Authority (CA): | VeriSign |
| Expiration date: | Sunday, November 9, 2014 |
| Windows Service |
| Service name: | Guard Agent |
| Display name: | Guard Agent Service |
| Description: | “Monitor EaseUS Todo Backup agent.” |
| Type: | Win32OwnProcess |
Programs installed in
(Note, the programs listed below are for all versions of EaseUS Todo Backup.)
|
CHENGDU YIWO Tech Development Co., Ltd |
|
“EaseUS Todo Backup Free, as the world's first all-in-one backup & system disaster recovery software, is hard disk image, file backup, disaster recovery and disk clone freeware for home users to full p...”
Behaviors
(Note, the behaviors below are for all versions of guardagent.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Malware detections
Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0801 |
3, 0, 0, 1 |
| Vba32 AntiVirus |
3.12.22.2 |
Worm.Qvod |
3, 0, 0, 1 |
| ViRobot |
2011.4.7.4223 |
Worm.Win32.A.Qvod.93184 |
3, 0, 0, 1 |
All file variations of guardagent.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
40.00% |
|
| Windows 7 Professional |
20.00% |
|
| Windows 7 Ultimate |
15.00% |
|
| Windows 8 |
10.00% |
|
| Windows 8 Pro |
10.00% |
|
| Microsoft Windows XP |
5.00% |
|
Distribution by country
United States installs about 60.00% of EaseUS Todo Backup.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
60.87% |
|
| Intel |
17.39% |
|
| Hewlett-Packard |
8.70% |
|
| Acer |
4.35% |
|
| GIGABYTE |
4.35% |
|
| American Megatrends |
4.35% |
|
