Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

Relationships

Parent process
Related files

GUARDM~1.exe

GuardMailRu Module by LLC Mail.Ru (Signed)

Remove GUARDM~1.exe
Version:   1, 0, 0, 548
MD5:   456af036c6282252297dba9b5f217064
SHA1:   3453d8106a27de51bd1d221f9516afc6b90ba587
SHA256:   6eec4e968aee3429147c6a8b95811ed005181668789ec8b659735676cdbcc8ea
Warning 3 antivirus scanners has detected malware.

Overview

GUARDM~1.EXE is malware that runs as a service under the name Guard.Mail.ru within the local user context. It is installed with a couple of know programs including [email protected] published by Mail.Ru, Guard.Mail.ru from Mail.Ru and Guard.Mail.ru by Mail.Ru. The file is digitally signed by LLC Mail.Ru which was issued by the Thawte certificate authority (CA). This particular version is usually found on Windows 7 Home Premium (6.1.7601.65536).

DetailsDetails

File name:GUARDM~1.EXE
Product name:GuardMailRu Module
Typical file path:C:\Program Files\Mail.Ru\Guard\GUARDM~1.EXE
Original name:GuardMailRu.exe
File version:1, 0, 0, 548
Size:2.21 MB (2,312,224 bytes)
Build date:4/12/2013 1:24 PM
Certificate
Issued to:LLC Mail.Ru
Authority (CA):Thawte
Effective date:Monday, September 12, 2011
Expiration date:Wednesday, July 2, 2014
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
[email protected]
 Mail.Ru
42% remove
[email protected] is part of the Guard Mail service.
Guard.Mail.ru
 Mail.Ru
42% remove
Guard.Mail.ru is part of the Guard Mail service.

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'Guard.Mail.ru'
Network connections
  • [TCP] kojura.mail.ru (217.69.133.27:80)

    • MalwareMalware detections

    Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
    Antivirus engineEngine versionDetection
    avast! 8.0.1489.320 Win32:PUP-gen [PUP]
    Kingsoft 2013.4.9.267 Win32.HeurC.KVM019.a.(kcloud)
    Rising Antivirus 24.81.06.04 Trojan.Win32.Generic.147C82FC

    ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00030458%
    0.028634%
    Kernel CPU:0.00027722%
    0.013761%
    User CPU:0.00002736%
    0.014873%
    Kernel CPU time:907,691,819 ms/min
    100,923,805ms/min
    CPU cycles:9,052,041/sec
    17,470,203/sec
    Memory
    Private memory:5.4 MB
    21.59 MB
    Private (maximum):9.61 MB
    Private (minimum):3.19 MB
    Non-paged memory:5.4 MB
    21.59 MB
    Virtual memory:96.92 MB
    140.96 MB
    Virtual memory (peak):107.91 MB
    169.69 MB
    Working set:5.9 MB
    18.61 MB
    Working set (peak):9.74 MB
    37.95 MB
    Page faults:743,081/min
    2,039/min
    I/O
    I/O read transfer:745.29 KB/sec
    1.02 MB/min
    I/O read operations:274/sec
    343/min
    I/O write transfer:7 Bytes/sec
    274.99 KB/min
    I/O write operations:1/sec
    227/min
    I/O other transfer:18.8 KB/sec
    448.09 KB/min
    I/O other operations:1,072/sec
    1,671/min
    Resource allocations
    Threads:10
    12
    Handles:217
    600
    GUI GDI count:62
    103
    GUI GDI peak:65
    142
    GUI USER count:45
    49
    GUI USER peak:47
    71

    BehaviorsProcess properties

    Integrety level:System
    Platform:64-bit
    Command line:"C:\Program Files\mail.ru\guard\guardm~1.exe"
    Owner:User
    Windows Service
    Service name:Guard.Mail.ru
    Type:Win32OwnProcess
    Parent processes:

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 100.00%

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Acer 100.00%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE