Application.Win32.bProtect.g

Application.Win32.bProtect.g also known as PUP.Optional.PerformerSoft.A, Win32:BProtect-A [PUP], BProtector.

Malware Analysis of Application.Win32.bProtect.g

Created files:

%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@babylon.comdefaultspreferencesdflt.js
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comchrome.manifest
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcomponentsFFDisp.dll
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentdelta.css
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentdelta.xul
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentdpk.htm
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontenthlprs.js
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsarwDwn.gif
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgscloseo.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsae.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsbg.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsch.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgscn.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgscz.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsde.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgseg.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsen.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgses.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsfr.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsgr.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgshe.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsil.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsit.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsja.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsjp.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsnl.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsno.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgspl.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgspt.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsro.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsru.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgssa.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsse.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgssv.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgstr.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsua.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsflgsus.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgshelp_16.gif
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgshome.gif
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsicon_seperator.png
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgslogo.PNG
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsprivecy_16_hot.gif
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgssign.jpg
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsspecialoffer.gif
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgstellafriend.gif
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentimgsuninstall.gif
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentloader.xul
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentmtstart.js
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontentserp.js
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comcontenttmplt.js
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.cominstall.rdf
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsffxtlbr@delta.comuninstall.exe
%Appdata%MozillaFirefoxProfilesprofile.defaultextensionsfirefox@lemurleap.info.xpi
%Appdata%MozillaFirefoxProfilesprofile.defaultbProtector_extensions.rdf
%Appdata%MozillaFirefoxProfilesprofile.defaultbProtector_extensions.sqlite
%Appdata%MozillaFirefoxProfilesprofile.defaultbProtector_prefs.js
%Appdata%MozillaFirefoxProfilesprofile.defaultuser.js
%Appdata%BabSolutionCRDelta.crx
%Appdata%BabSolutionSharedBabMaint.exe
%Appdata%BabSolutionSharedBUSolution.dll
%Appdata%BabSolutionSharedDelta.ico
%Appdata%BabSolutionSharedGUninstaller.exe
%Appdata%BabSolutionSharedSetupParams.ini
%Appdata%BabSolutionSharedsqlite3.dll
%Appdata%Deltasqlite3.dll
%Appdata%SwvUpdaterstatus.cfg
%Appdata%SwvUpdaterUpdater.exe
%Appdata%SwvUpdaterUpdater.xml
%Desktop%1edd1400f9ab51962469bb11031acecc.exe
%Local Appdata%GoogleChromeUser DataDefaultLocal Storagechrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
%Local Appdata%GoogleChromeUser DataDefaultLocal Storagechrome-extension_jlnfdbbladgcmhhamgkioifhbobjaoof_0.localstorage
%Local Appdata%GoogleChromeUser DataDefaultChrome Web Data
%Local Appdata%GoogleChromeUser DataDefaultChromePreferences
%Temp%32.tmp
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab033.tbinst.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab091.norecovericon.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab098.claroico.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab098.claroico.zpb
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab138.deltatb_dmn.zpb
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab138.sgoltb_dmn.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab148.spreg.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab149.spreg.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab149.spreg.zpb
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab187.wl.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab307.sp_pop0.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab456.TB_OldWay.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestbab457.TB_NewWay.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestBabMaint.exe
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestBabylon.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestBExternal.dll
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestBUSolForMontiera.dll
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestBUSolForMontiera.inf
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestBUSolution.dll
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestBUsolution_vt.zpb
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestccp.exe
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestccp.inf
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestccp.zpb
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestChromeToolbarSetup.dll
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestChromeToolbarSetup.inf
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestCrxInstaller.dll
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestCrxInstaller.inf
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestDelta.crx
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestDelta.ico
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestDeltaChromeTB.zpb
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestDeltaTB.zpb
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestDSearchLink.exe
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestDSearchLink.inf
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestDSearchLink_DT.zpb
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestenhancedNT.inf
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestGUninstaller.exe
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestGUninstaller_cat.zpb
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestHtmlScreensloading.html
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestHtmlScreensnavError.html
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestHtmlScreenspBar.gif
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestIEHelper.dll
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestjunk.txt
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestlatest.zpb
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestMntrDLLInstall.dll
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestMntrDLLInstall.inf
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestMyDeltaTB.exe
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestSetup.exe
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestSetupParams.ini
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestSetupStrings.dat
%Temp%519A2C93-BAB0-7891-81AF-FBD962513D8DLatestsqlite3.dll
%Temp%amipixel.cfg
%Temp%amitest.txt
%Temp%htmpl.htm
%Temp%nsc30.tmp
%Temp%nsc34.tmp
%Temp%nskF.tmpTime.dll
%Temp%nsr35.tmpInstallerUtils.dll
%Temp%nsr35.tmpmd5dll.dll
%Temp%nsr35.tmpnsislog.dll
%Temp%nsr35.tmpnsisos.dll
%Temp%nsr35.tmpStdUtils.dll
%Temp%nsr35.tmpSystem.dll
%Temp%nsr35.tmptemp_file_after.tmp
%Temp%nsr35.tmptemp_file_before.tmp
%Temp%nsr35.tmpUserInfo.dll
%Temp%nsrB.tmpTime.dll
%Temp%nss31.tmpCzcjkasxsqs.tmp
%Temp%nss31.tmpInstallerUtils.dll
%Temp%nss31.tmpStdUtils.dll
%Temp%nss31.tmpSystem.dll
%Temp%nss31.tmpYagzutzg.exe
%Temp%nsu11.tmpTime.dll
%Temp%Soft 196Installer_1380026433.log
%Temp%uDwn-5THRconfig.udc
%Temp%uDwn-5THRdialog.png
%Temp%uDwn-5THRfirefox.png
%Temp%uDwn-5THRlanguage.lng
%Temp%uDwn-5THRoffer0.exe
%Temp%uDwn-5THRoffer1.exe
%Temp%uDwn-5THRoffer2.exe
%Temp%uDwn-5THRRally_Toolbar_Image-v4.png
%Temp%uDwn-5THRsecure.png
%Personal%DownloadsKeyBlaze-Free-Typing-Tutor.exe
%Programs%BitGuardUninstall BitGuard.lnk
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}BitGuard.dll
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}BitGuard.exe
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}BitGuard.settings
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}bl
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}dm
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings0
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings1
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings2
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings3
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings10
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings11
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings12
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings13
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings20
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings21
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings22
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}traking_settings23
%Common Appdata%BitGuard2.6.1673.238{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}uninstall.exe
%Program Files%Deltadelta1.8.24.6bhdelta.dll
%Program Files%Deltadelta1.8.24.6deltaApp.dll
%Program Files%Deltadelta1.8.24.6deltaEng.dll
%Program Files%Deltadelta1.8.24.6deltasrv.exe
%Program Files%Deltadelta1.8.24.6deltaTlbr.dll
%Program Files%Deltadelta1.8.24.6GUninstaller.exe
%Program Files%Deltadelta1.8.24.6uninstall.exe
%Program Files%LemurLeapjlnfdbbladgcmhhamgkioifhbobjaoof.crx
%Program Files%LemurLeapLemurLeap.Common.dll
%Program Files%LemurLeapLemurLeap.ico
%Program Files%LemurLeapLemurLeapUninstall.exe
%Program Files%LemurLeapMicrosoft.Win32.TaskScheduler.dll
%Program Files%LemurLeapsqlite3.exe
%Program Files%LemurLeapupdateLemurLeap.exe
%Program Files%LemurLeapupdateLemurLeap.InstallState
%Program Files%Soft 19633026.crx
%Program Files%Soft 196Soft 196-chromeinstaller.exe
%Program Files%Soft 196Uninstall.exe
%WinDir%TasksAmiUpdXp.job
%WinDir%TasksBitGuard.job
%WinDir%TasksEPUpdater.job
%WinDir%TasksSoft 196-chromeinstaller.job

Detected by UnHackMe:

BITGUARD.EXE
Default location: %COMMON APPDATA%BITGUARD2.6.1673.238{C16C1CCB-1111-4E5C-A2F3-533AD2FEC8E8}BITGUARD.EXE

Written by 

Malware Hunter.

Leave a Reply

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera