» bitguard.exe
Overview
Analysis
File Details
Behaviors (1)

bitguard.exe

Application Manager

MediaTechSoft Inc.

This is part of a Performersoft product, a 'PC optimzation' application that provides minimal benifits and may have been bundled by a third party installer. The application bitguard.exe by MediaTechSoft has been detected as adware by 31 anti-malware scanners. It runs as a windows Service named “BitGuard”. This web browser add-on will claim to protect the web browser but will instead hijack it by modifying the home and search pages.

File name:

bitguard.exe

Publisher:

PerformerSoft LLC (signed by MediaTechSoft Inc.)

Product:

Application Manager

Version:

2,6,1673,238

MD5:

2d89abac9d439abad1e427a467f0687d

SHA-1:

079198b91dbfe57701508b46cb8dd10e3319f508

SHA-256:

73b439d781905ec65c8ea8314ca05bbbfbe0fb22fa2913c19ab0d059bf03712d

Scanner detections:

31 / 68

Status:

Adware

Explanation:

This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Analysis date:

4/23/2024 9:13:59 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DR.Rotbrow

7.1.1

AhnLab V3 Security

Trojan/Win32.Generic

2013.12.10

Avira AntiVirus

APPL/BProtector.Gen

7.11.118.242

avast!

Win32:BProtect-A [PUP]

2014.9-131230

AVG

Bprotect.C

2014.0.3609

Baidu Antivirus

Adware.Win32.bProtector

4.0.3.14114

Bkav FE

W32.Clod8de.Trojan

1.3.0.4261

Boost by Reason

Optional.Service.MediaTechSoft.I

188838

Clam AntiVirus

Win.Adware.BProtector

0.98/18355

Comodo Security

Application.Win32.Agent.~N

17416

Dr.Web

Adware.BGuard.46

9.0.1.0364

ESET NOD32

Win32/bProtector (variant)

7.9010

Fortinet FortiGate

Adware/Fam.NB

12/30/2013

F-Secure

Application:W32/BProtector.A

11.2013-30-12_2

G Data

Win32.Application.BHO

13.12.22

K7 AntiVirus

Unwanted-Program

13.174.10455

Kaspersky

Trojan.Win32.Bromngr

14.0.0.4541

Malwarebytes

PUP.Optional.PerformerSoft.A

v2013.12.30.08

McAfee

Adware-Bprotect!7F8BECFB26F2

5600.7265

Microsoft Security Essentials

TrojanDropper:Win32/Rotbrow.A

1.163.1557.0

NANO AntiVirus

Trojan.Win32.Bromngr.cqlgre

0.28.0.56692

Panda Antivirus

Trj/dtcontx.I

13.12.30.08

Quick Heal

TrojanDropper.Rotbrow

12.13.12.00

Reason Heuristics

PUP.Service.MediaTechSoft.I

14.8.8.2

Sophos

BProtector

4.95

Trend Micro House Call

ADW_BPROTECT

7.2.364

Trend Micro

ADW_BPROTECT

10.465.30

Vba32 AntiVirus

Trojan.Bromngr

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

24206

ViRobot

Adware.Agent.2864096

2011.4.7.4223

XVirus List

Win.Detected

2.3.31

File size:

2.7 MB (2,845,152 bytes)

Product version:

2,6,1673,238

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\bitguard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.exe

Digital Signature

Signed by:

MediaTechSoft Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

8/4/2013 3:09:22 PM

Valid to:

3/30/2016 12:18:00 AM

Subject:

CN=MediaTechSoft Inc., O=MediaTechSoft Inc., L=Beaverton, S=Oregon, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

047346D0687AB1

File PE Metadata

Compilation timestamp:

9/10/2013 9:35:19 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:0qHIWgRJ6u30/TXDHKD4QRBDdoDhQVATyk/A2qNdUvv/eABEkfrdJYp:duJ6xTXDqxRBmqa/eAB4

Entry address:

0xEC6E7

Entry point:

E8, 35, DF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 8B, 5D, 08, 56, 85, DB, 74, 11, 83, 7D, 0C, 00, 76, 11, 85, DB, 75, 23, 33, C0, E9, BC, 00, 00, 00, 83, 7D, 0C, 00, 74, EF, E8, E1, 31, 00, 00, 6A, 16, 5E, 89, 30, E8, 6B, 7D, 00, 00, 8B, C6, E9, A0, 00, 00, 00, FF, 75, 0C, 53, E8, 21, DF, FF, FF, 59, 59, 3B, 45, 0C, 72, 05, C6, 03, 00, EB, D5, 57, FF, 75, 10, 8D, 4D, F0, E8, 7A, DB, FF, FF, 80, 3B, 00, 8B, FB, 8B, F3, 74, 63, 8A, 0F, 8B, 55, F4, 0F, B6, C1, 03, C2, 8A, 50, 1D, F6... 
[+]

Entropy:

6.6366

Code size:

1.8 MB (1,917,440 bytes)

Service

Display name:

BitGuard

Description:

Your browser protector service

Type:

Win32ShareProcess

Remove bitguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.