Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

2,6,1694,246 20.00%
2,6,1694,246 36.00%
2,6,1694,246 4.00%
2,6,1673,238 36.00%
2,6,1673,238 4.00%

Relationships

Parent process
Child process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
GetAclInformation, RegEnumValueW, CreateServiceW, ChangeServiceConfig2W, StartServiceW, ControlService, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, RegQueryInfoKeyW, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, GetTokenInformation, DuplicateTokenEx, CreateProcessAsUserW, OpenSCManagerW, OpenServiceW, QueryServiceConfigW, ChangeServiceConfigW, CloseServiceHandle, SetServiceStatus, RegEnumKeyW, RegSetValueExW, RegDeleteKeyW, RegCreateKeyExW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, RegQueryValueExW, RegCloseKey, RegOpenKeyExW, RegDeleteValueW, SetSecurityInfo, DeleteAce, GetAce, DeleteService, GetSecurityInfo, OpenProcessToken, OpenThreadToken, AddAce, InitializeAcl, GetLengthSid, ConvertSidToStringSidW, IsValidSid, DeregisterEventSource, ReportEventA, RegisterEventSourceA
crypt32.dll
CertFreeCertificateContext, CertGetNameStringW, CertFindCertificateInStore, CryptMsgClose, CertCloseStore, CryptMsgGetParam, CryptQueryObject
gdi32.dll
CreatePatternBrush, GetObjectW, DeleteObject, CreateDIBSection, CreateCompatibleBitmap, BitBlt, CreateCompatibleDC, CreateFontIndirectW, CreateSolidBrush, RoundRect, DeleteDC, CreatePen, Rectangle, SetTextColor, SetBkMode, SelectObject
kernel32.dll
DllMain
ole32.dll
CoUninitialize, CoInitializeEx, CoCreateInstance, CoInitializeSecurity, CoInitialize, StringFromGUID2, CoSetProxyBlanket
rpcrt4.dll
UuidFromStringA
shell32.dll
CommandLineToArgvW, SHGetSpecialFolderPathW
shlwapi.dll
PathIsDirectoryW, PathFindFileNameW, StrCmpW, StrCpyW, PathFileExistsW, PathAppendW, PathStripToRootW, PathStripPathW, PathRemoveExtensionW, PathFindExtensionW, PathAddExtensionW, PathRemoveFileSpecW, SHGetValueW, PathIsRootW, StrCmpNIW
user32.dll
DrawTextW, SetWindowLongW, GetWindowTextW, GetWindowTextLengthW, GetSystemMetrics, LoadImageW, GetCursorPos, GetTopWindow, TrackMouseEvent, ChildWindowFromPoint, KillTimer, ScreenToClient, GetClassInfoExW, LoadCursorW, IsWindow, FindWindowW, DestroyWindow, RegisterClassExW, CreateWindowExW, GetUserObjectInformationW, GetProcessWindowStation, GetDesktopWindow, MessageBoxA, MessageBoxW, SetFocus, SetWindowPos, MapWindowPoints, GetMonitorInfoW, MonitorFromWindow, GetWindow, GetClientRect, LoadStringA, DefWindowProcW, GetWindowLongW, CallWindowProcW, ShowWindow, GetWindowRect, MoveWindow, DialogBoxParamW, GetActiveWindow, SystemParametersInfoW, DispatchMessageW, EndDialog, GetDlgItem, SendMessageW, SetWindowTextW, SetTimer, PeekMessageW, GetMessageW, UnregisterClassA, SetLayeredWindowAttributes, FillRect, ReleaseDC, GetDC, GetSysColor, GetSysColorBrush, GetParent, InvalidateRect, EndPaint, BeginPaint, TranslateMessage
userenv.dll
CreateEnvironmentBlock
uxtheme.dll
DrawThemeBackground, DrawThemeParentBackground, IsThemeBackgroundPartiallyTransparent, OpenThemeData, CloseThemeData
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
winhttp.dll
WinHttpConnect, WinHttpOpen, WinHttpSetStatusCallback, WinHttpGetIEProxyConfigForCurrentUser, WinHttpCloseHandle, WinHttpGetProxyForUrl, WinHttpSetOption, WinHttpReceiveResponse, WinHttpAddRequestHeaders, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpSendRequest, WinHttpOpenRequest, WinHttpQueryHeaders
wtsapi32.dll
WTSQueryUserToken

bitguard.exe

Application Manager by MediaTechSoft Inc. (Signed)

Remove bitguard.exe
Version:   2,6,1694,246
MD5:   425622f8db2694c34d1908a77612acfc
SHA1:   27c9bfc8682f331d7c977960684dd54593539802
SHA256:   c8adb9731552f276e89cf9b0d86e033e2da6454b289ed12c2062da426808344b
Warning 18 antivirus scanners has detected malware.

Overview

bitguard.exe is malware that runs as a service under the name BitGuard within the local user context as a shared service. It is installed with a couple of know programs including BitGuard published by MediaTechSoft Inc. and BitGuard published by MediaTechSoft Inc.. The file is digitally signed by MediaTechSoft Inc. which was issued by the GoDaddy.com certificate authority (CA).

DetailsDetails

File name:bitguard.exe
Publisher:PerformerSoft LLC
Product name:Application Manager
Typical file path:C:\ProgramData\bitguard\2.6.1673.238\{16cdff19-861d-48e3-a751-d99a27784753}\bitguard.exe
File version:2,6,1694,246
Size:2.71 MB (2,845,664 bytes)
Build date:9/23/2013 2:57 PM
Certificate
Issued to:MediaTechSoft Inc.
Authority (CA):GoDaddy.com
Effective date:Sunday, August 4, 2013
Expiration date:Tuesday, March 29, 2016
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
MediaTechSoft Inc.
  81% remove
BitGuard also known as BProtector, Application Manager and Browser Protector is an application designed to prevent the removal of software installed by the provider and affiliates. It is designed to work with Internet Explorer, Chrome and Firefox. Versions of this software in distributed from numerous download co-bundle installers including One Installer LLC, FIRSERIA (downloadyourplayer.com), Tuguu SL, Somoto Ltd., Amonetize ltd. and C...

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
  • 'BitGuard'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 18 of them detected the following malware.
Antivirus engineEngine versionDetection
Avira AntiVir 7.11.114.200 APPL/BProtector.Gen
Antiy Labs AVL 2.0.3.7 Trojan/Win32.Generic
avast! 8.0.1489.320 Win32:BProtect-A [PUP]
AVG 13.0.0.3169 Dropper.Generic8.CICW
Bkav Security 1.3.0.4562 W32.Clod059.Trojan.ff13
Clam AntiVirus 0.97.3.0 Win.Adware.BProtector
Comodo Internet Security 17304 Application.Win32.bProtector.KAT
ESET NOD32 7.9072 a variant of Win32/bProtector.A
G Data 13.11.22 Win32.Application.BHO.A
K7 AntiVirus 9.173.10249 Trojan ( 0000d2141 )
K7GW 9.173.10249 Backdoor ( 0000d2141 )
Kaspersky 9.0.0.837 HEUR:Trojan.Win32.Generic
Kingsoft 2013.4.9.267 Win32.Troj.Undef.(kcloud)
Malwarebytes 1.75.0.1 PUP.Optional.PerformerSoft.A
Microsoft Security Essentials 1.10100.0 TrojanDropper:Win32/Rotbrow.A
Sophos 4.95.0 BProtector
Symantec 20131.1.5.61 Adware.GoonSquad
VIPRE Antivirus 23548 Trojan.Win32.Generic!BT

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.03779565%
0.028634%
Kernel CPU:0.02016368%
0.013761%
User CPU:0.01763197%
0.014873%
Kernel CPU time:4,501 ms/min
100,923,805ms/min
CPU cycles:474,070/sec
17,470,203/sec
Memory
Private memory:3.07 MB
21.59 MB
Private (maximum):7.14 MB
Private (minimum):6.98 MB
Non-paged memory:3.07 MB
21.59 MB
Virtual memory:177.41 MB
140.96 MB
Virtual memory (peak):196.58 MB
169.69 MB
Working set:6.98 MB
18.61 MB
Working set (peak):7.19 MB
37.95 MB
Page faults:790,996/min
2,039/min
I/O
I/O read transfer:218 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:0 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:30 Bytes/sec
448.09 KB/min
I/O other operations:2/sec
1,671/min
Resource allocations
Threads:14
12
Handles:280
600
GUI GDI count:9
103
GUI GDI peak:10
142
GUI USER count:5
49
GUI USER peak:5
71

BehaviorsProcess properties

Integrety level:High
Platform:32-bit
Command lines:
  • "C:\ProgramData\bitguard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.exe" /protect
  • C:\ProgramData\bitguard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.exe
Owner:User
Windows Service
Service name:BitGuard
Description:“Your browser protector service”
Type:Win32ShareProcess
Parent processes:

ResourcesThreads

Averages
 
BitGuard.exe (main module)
Total CPU:0.58047439%
0.272967%
Kernel CPU:0.53474970%
0.107585%
User CPU:0.04572468%
0.165382%
CPU cycles:14,522,555/sec
5,741,424/sec
Context switches:17/sec
79/sec
Memory:2.8 MB
1.16 MB
BitGuard.dll (Application Manager by PerformerSoft LLC)
Total CPU:0.00279974%
Kernel CPU:0.00279974%
User CPU:0.00000000%
CPU cycles:12,892/sec
Memory:2.7 MB
sechost.dll
Total CPU:0.00279873%
Kernel CPU:0.00000000%
User CPU:0.00279873%
CPU cycles:41,475/sec
Context switches:2/sec
Memory:100 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 44.00%
Microsoft Windows XP 20.00%
Windows 7 Home Premium 16.00%
Windows 8 Pro 8.00%
Windows 7 Professional 4.00%
Windows Vista Home Basic 4.00%
Windows 8 4.00%

Distribution by countryDistribution by country

Saudi Arabia installs about 16.00% of Application Manager.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Lenovo 22.86%
ASUS 22.86%
Hewlett-Packard 14.29%
Dell 11.43%
Acer 8.57%
Samsung 8.57%
Compaq 5.71%
GIGABYTE 5.71%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE