VersionsVersions

1, 0, 0, 596 16.33%
1, 0, 0, 556 8.16%
1, 0, 0, 549 2.04%
1, 0, 0, 548 2.04%
1, 0, 0, 545 24.49%
1, 0, 0, 501 4.08%
1, 0, 0, 501 2.04%
1, 0, 0, 493 8.16%
1, 0, 0, 462 22.45%
1, 0, 0, 453 2.04%
1, 0, 0, 448 2.04%
1, 0, 0, 339 2.04%
1, 0, 0, 241 2.04%
1, 0, 0, 210 2.04%

Relationships

GuardMailRu.exe

GuardMailRu Module by LLC Mail.Ru (Signed)

Remove GuardMailRu.exe
Warning 20 antivirus scanners has detected malware in various versions of GuardMailRu.exe.

Overview

There are 14 versions of guardmailru.exe in the wild, the latest version being 1, 0, 0, 596. It is started as a Windows Service with the name 'Guard.Mail.ru'. During installation, a run registry key for all users is added that will cause the program to run each time any user logs on to Windows. The average file size is about 2.35 MB. The file is a digitally signed and issued to LLC Mail.Ru by Thawte. Numerous variations of guardmailru.exe have been installed with both [email protected] and Guard.Mail.ru. During the process's lifecycle, the typical CPU resource utilization is about 0.0014% including both foreground and background operations, the average private memory consumption is about 3.5 MB with the maximum memory reaching around 9.49 MB. Addionally, typically read and write I/O disk operations is about 979.23 KB per minute for reads and 300.21 KB per minute for writes.

DetailsDetails
File name:guardmailru.exe
Product name:GuardMailRu Module
Typical file path:C:\Program Files\mail.ru\guard\guardmailru.exe
Certificate
Issued to:LLC Mail.Ru
Authority (CA):Thawte
Effective date:Monday, September 12, 2011
Expiration date:Wednesday, July 2, 2014
Windows Service
Service name:Guard.Mail.ru
Type:Win32OwnProcess

ResourcesPrograms installed in

(Note, the programs listed below are for all versions of GuardMailRu Module.)
[email protected]
 Mail.Ru
42% remove
[email protected] is part of the Guard Mail service.
Guard.Mail.ru
 Mail.Ru
42% remove
Guard.Mail.ru is part of the Guard Mail service.

BehaviorsBehaviors

(Note, the behaviors below are for all versions of guardmailru.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'Guard.Mail.ru'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Guard.Mail.ru.gui' → "C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe" /gui

MalwareMalware detections

Based on 40+ industry antivirus scanners, 20 of them detected the following malware.
Antivirus engineEngine versionDetectionFile version
avast! 8.0.1489.320 Win32:BrowserTakeover-A [PUP] 1, 0, 0, 596
avast! 8.0.1489.320 Win32:BrowserTakeover-B [PUP] 1, 0, 0, 493
Baidu Antivirus 3.5.1.41473 Trojan.RuMail.4986 1, 0, 0, 556
Kingsoft 2013.4.9.267 Win32.HeurC.KVM019.a.(kcloud) 1, 0, 0, 549
Kingsoft 2013.4.9.267 Win32.HeurC.KVM019.a.(kcloud) 1, 0, 0, 556
Kingsoft 2013.4.9.267 Win32.Troj.Undef.(kcloud) 1, 0, 0, 596
McAfee 5.600.1067 Artemis!495EA863690C 1, 0, 0, 596
McAfee Gateway Anti-Malware v2013-dat Artemis!495EA863690C 1, 0, 0, 596
Rising Antivirus 24.56.01.04 Trojan.RuMail!4986 1, 0, 0, 462
Rising Antivirus 24.65.03.05 Suspicious 1, 0, 0, 241
Rising Antivirus 24.55.01.01 Trojan.RuMail!4986 1, 0, 0, 501
Rising Antivirus 24.81.03.04 Trojan.RuMail!4986 1, 0, 0, 545
Rising Antivirus 24.81.03.04 Trojan.RuMail!4986 1, 0, 0, 549
Rising Antivirus 24.83.02.04 Trojan.RuMail!4986 1, 0, 0, 556
Rising Antivirus 24.85.03.04 Trojan.RuMail!4986 1, 0, 0, 596
Sophos 4.94.0 RsMall 1, 0, 0, 596
Sophos 4.95.0 RsMall 1, 0, 0, 493
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V1021 1, 0, 0, 448
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V0715 1, 0, 0, 549
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V1005 1, 0, 0, 596

VersionsAll file variations of guardmailru.exe

MD5SHA-1File size
495ea863690c0e074751600c29993b4d 9a71c4e80927fd79e68f2faac4b6a2a3b78c9cb6 6.63 MB
c3a0e7e5dea0414344c23d47faa45804 25b914bf6fe9e550b54d4a3c0fb8f0ad78d77c32 2.29 MB
1e2a7c50ddf572d8b44eafb58d170ca3 ee54ab27653f045ebd2c5d8bc693d8751502ecff 2.28 MB
68c5d504d19ad82eb83fa2c8448be879 f467f1d4d733968d6420c3ba9ebced4d165ede20 2.21 MB
751c3f58a618cf7de40042d44ad06590 813e4ea9cea1d03836764a66872b781159d6b6b3 2.19 MB
3017a7af50b0e72cc2a022592993ff79 2c2b1f55b92bc6159d573dfa2d48c4d7767d3f29 2.17 MB
57c99d71393b41a0379857e73d4d3cf5 4a63e0700433db049f0df73884c0f94de7b9f63f 2.17 MB
96a768dd52ff0115fff85142056b3af0 89b449296d96234aafdc1baa497d31b2a7a08ac8 2.16 MB
9d784a0c003d34af9ce2f0001d28725f 7e717e79c5002158674a70e9ab297cf20136e217 2.15 MB
5e1555f00a1f93b3c2748bd42d4720bb 921ec9e6a40e1d53bde65fd95728896226e76602 2.14 MB
b550333e7a9fb57194b6c121931c5d04 da96da52482ef7af5a73fa49f5ab89427d48e978 2.13 MB
63b94e5f3063d6fd631b6bdca4a6f4ff 9e2518a5799e41cd3e89d3576fc0ae82bafc66b8 1.71 MB
c98d3d9081e7668e9631e8e64f1618f1 f757a47ccd36c60fe748b720d9e9d2d9d4d4c55e 1.26 MB
e401db6f1cecc929eb5eef7d2fa34cad 7d9e903b9da40b4b06c0f1636ab4a5efe798dd62 1.4 MB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 42.86%
Windows 7 Ultimate 24.49%
Windows 7 Home Basic 14.29%
Windows 7 Home Premium 12.24%
Windows 7 Professional 6.12%

Distribution by countryDistribution by country

Russia installs about 32.65% of GuardMailRu Module.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 43.24%
Samsung 13.51%
Dell 10.81%
Hewlett-Packard 10.81%
GIGABYTE 8.11%
American Megatrends 5.41%
Lenovo 5.41%
Acer 2.70%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE