home

bitguard.exe

BitGuard

MediaTechSoft Inc.

This is the Performersoft setup installer. The application bitguard.exe by MediaTechSoft has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. It runs as a windows Service named “BitGuard”. This file is typically installed with the program BitGuard by MediaTechSoft Inc. which is a potentially unwanted software program. This web browser add-on will claim to protect the web browser but will instead hijack it by modifying the home and search pages.
Publisher:
MediaTechSoft Inc.  (signed and verified)

Product:
BitGuard

Description:
Generic software

Version:
2,7,1832,68

MD5:
44e5b5dc6a27ea109b8a234e640bb5fd

SHA-1:
a3dc686988e80d53e58907b579b91d3a9856d053

SHA-256:
180c6035ca44c270b8e1556a7b2e9faf442d1b4323ef6d8e93b7e759af169c96

Scanner detections:
24 / 68

Status:
Adware

Explanation:
This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/23/2024 8:43:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10060523
1140

AhnLab V3 Security
Trojan/Win32.Rotbrow
2014.01.14

Avira AntiVirus
APPL/BProtector.Gen
7.11.125.0

AVG
Dropper.Generic9
2014.0.3618

Bitdefender
Trojan.Generic.10060523
1.0.20.1775

Bkav FE
W32.Clod155.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17604

Emsisoft Anti-Malware
Trojan.Generic.10060523
8.14.01.20.09

ESET NOD32
Win32/bProtector
7.9285

Fortinet FortiGate
Riskware/BProtector
1/20/2014

F-Secure
Application:W32/BProtector.A
11.2013-21-12_7

G Data
Trojan.Generic.10060523
13.12.22

K7 AntiVirus
Trojan
13.175.10825

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.4587

McAfee
Artemis!44E5B5DC6A27
5600.7274

Microsoft Security Essentials
TrojanDropper:Win32/Rotbrow.A
1.165.247.01

MicroWorld eScan
Trojan.Generic.10060523
14.0.0.1065

nProtect
Trojan.Generic.10060523
14.01.13.01

Quick Heal
TrojanDropper.Rotbrow.aob
12.13.12.00

Reason Heuristics
PUP.Service.MediaTechSoft.I
14.8.8.2

Sophos
BProtector
4.96

Trend Micro House Call
TROJ_GEN.F47V1121
7.2.355

VIPRE Antivirus
Trojan.Win32.Generic
25398

ViRobot
Trojan.Win32.S.Agent.3780064
2011.4.7.4223

File size:
3.6 MB (3,780,064 bytes)

Product version:
2,7,1832,68

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\ProgramData\bitguard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.exe

Digital Signature
Signed by:
MediaTechSoft Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
8/4/2013 10:09:22 AM

Valid to:
3/29/2016 7:18:00 PM

Subject:
CN=MediaTechSoft Inc., O=MediaTechSoft Inc., L=Beaverton, S=Oregon, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
047346D0687AB1

File PE Metadata
Compilation timestamp:
11/18/2013 3:32:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:QsGolOdFTD0OZ+CFlZrDe0yGe0ZjMxkiMAqt8Ro9TdtsI86vc9v/eAafeFbR:f8v0O3nZrDeaVyxkCd/eAv

Entry address:
0x1129B7

Entry point:
E8, 45, DF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 8B, 5D, 08, 56, 85, DB, 74, 11, 83, 7D, 0C, 00, 76, 11, 85, DB, 75, 23, 33, C0, E9, BC, 00, 00, 00, 83, 7D, 0C, 00, 74, EF, E8, E1, 31, 00, 00, 6A, 16, 5E, 89, 30, E8, 7B, 7F, 00, 00, 8B, C6, E9, A0, 00, 00, 00, FF, 75, 0C, 53, E8, BD, E1, FF, FF, 59, 59, 3B, 45, 0C, 72, 05, C6, 03, 00, EB, D5, 57, FF, 75, 10, 8D, 4D, F0, E8, 6E, DC, FF, FF, 80, 3B, 00, 8B, FB, 8B, F3, 74, 63, 8A, 0F, 8B, 55, F4, 0F, B6, C1, 03, C2, 8A, 50, 1D, F6...
 
[+]

Code size:
2 MB (2,099,712 bytes)

Service
Display name:
BitGuard

Type:
Win32ShareProcess


The file bitguard.exe has been discovered within the following program.

BitGuard  by MediaTechSoft Inc.
BitGuard also known as BProtector, Application Manager and Browser Protector is an application designed to prevent the removal of software installed by the provider and affiliates (including web browser extensions deployed by PerformerSoft).
www.mediatechsoft.com/contact.html
74% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:80)

Remove bitguard.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.