» bitguard.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

bitguard.exe

Application Manager

MediaTechSoft Inc.

This is the Performersoft setup installer. The application bitguard.exe by MediaTechSoft has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. It runs as a windows Service named “BitGuard”. This file is typically installed with the program BitGuard by MediaTechSoft Inc. which is a potentially unwanted software program. This web browser add-on will claim to protect the web browser but will instead hijack it by modifying the home and search pages.

File name:

bitguard.exe

Publisher:

PerformerSoft LLC (signed by MediaTechSoft Inc.)

Product:

Application Manager

Version:

2,7,1769,27

MD5:

e66e725e10b9cb8a6f5c74d7ca9e98a9

SHA-1:

ffd259de1b68d162fe613ee5bd03709fe7815b22

SHA-256:

00b7acfcacd70642eb75871708d59f8d1a7dbcf813f235b7c2b37ac2df7f87b7

Scanner detections:

31 / 68

Status:

Adware

Explanation:

This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 6:27:58 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DR.Rotbrow

7.1.1

AhnLab V3 Security

Trojan/Win32.Generic

2013.12.10

Avira AntiVirus

APPL/BProtector.Gen

7.11.118.242

avast!

Win32:BProtect-A [PUP]

2014.9-131223

AVG

Bprotect.C

2014.0.3616

Baidu Antivirus

Adware.Win32.bProtector

4.0.3.14120

Bkav FE

W32.Clod8de.Trojan

1.3.0.4261

Boost by Reason

Optional.Service.MediaTechSoft.I

188838

Clam AntiVirus

Win.Adware.BProtector

0.98/18355

Comodo Security

Application.Win32.Agent.~N

17416

Dr.Web

Adware.BGuard.46

9.0.1.0357

ESET NOD32

Win32/bProtector (variant)

7.9153

Fortinet FortiGate

Adware/Fam.NB

12/23/2013

F-Secure

Application:W32/BProtector.A

11.2013-23-12_2

G Data

Win32.Application.BHO

13.12.22

K7 AntiVirus

Unwanted-Program

13.174.10455

Kaspersky

Trojan.Win32.Bromngr

14.0.0.4577

Malwarebytes

PUP.Optional.PerformerSoft.A

v2013.12.23.02

McAfee

Adware-Bprotect!7F8BECFB26F2

5600.7272

Microsoft Security Essentials

TrojanDropper:Win32/Rotbrow.A

1.163.1557.0

NANO AntiVirus

Trojan.Win32.Bromngr.cqlgre

0.28.0.56692

Panda Antivirus

Trj/dtcontx.I

14.01.20.09

Quick Heal

TrojanDropper.Rotbrow

12.13.12.00

Reason Heuristics

PUP.Service.MediaTechSoft.I

14.8.8.2

Sophos

BProtector

4.95

Trend Micro House Call

ADW_BPROTECT

7.2.357

Trend Micro

ADW_BPROTECT

10.465.23

Vba32 AntiVirus

Trojan.Bromngr

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

24206

ViRobot

Adware.Agent.2864096

2011.4.7.4223

XVirus List

Win32.Detected

2.8.8

File size:

2.7 MB (2,864,096 bytes)

Product version:

2,7,1769,27

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\ProgramData\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.exe

Digital Signature

Signed by:

MediaTechSoft Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

8/4/2013 10:09:22 AM

Valid to:

3/29/2016 7:18:00 PM

Subject:

CN=MediaTechSoft Inc., O=MediaTechSoft Inc., L=Beaverton, S=Oregon, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

047346D0687AB1

File PE Metadata

Compilation timestamp:

10/22/2013 5:10:58 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:AUMvEZvoqA1hRuYiLANovnq6z8Jd51wtxn69cQqf8DFaTRLAD4kUMe1v/eAY4mVA:AULvoq6UYHNovnqEYjOxnhTkQ/eAV

Entry address:

0xEE6B7

Entry point:

E8, 35, DF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 8B, 5D, 08, 56, 85, DB, 74, 11, 83, 7D, 0C, 00, 76, 11, 85, DB, 75, 23, 33, C0, E9, BC, 00, 00, 00, 83, 7D, 0C, 00, 74, EF, E8, E1, 31, 00, 00, 6A, 16, 5E, 89, 30, E8, 6B, 7D, 00, 00, 8B, C6, E9, A0, 00, 00, 00, FF, 75, 0C, 53, E8, 21, DF, FF, FF, 59, 59, 3B, 45, 0C, 72, 05, C6, 03, 00, EB, D5, 57, FF, 75, 10, 8D, 4D, F0, E8, 7A, DB, FF, FF, 80, 3B, 00, 8B, FB, 8B, F3, 74, 63, 8A, 0F, 8B, 55, F4, 0F, B6, C1, 03, C2, 8A, 50, 1D, F6... 
[+]

Code size:

1.8 MB (1,926,656 bytes)

Service

Display name:

BitGuard

Type:

Win32ShareProcess

The file bitguard.exe has been discovered within the following program.

BitGuard by MediaTechSoft Inc.

BitGuard also known as BProtector, Application Manager and Browser Protector is an application designed to prevent the removal of software installed by the provider and affiliates (including web browser extensions deployed by PerformerSoft).

www.mediatechsoft.com/contact.html

74% remove it

Remove bitguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.