Severity scale  

Windows Active Defender. How to Remove? (Uninstall Guide)

removal by - -   Also known as Windows Active Defender | Type: Rogue Antispyware

Windows Active Defender is not a reliable anti-malware program which is worth your money or time. Though it looks legitimate, this is just another rogue that belongs to the family of malwares that tend to be active for one day. The only reason why scammers have created Windows Active Defender is trying to rip off the users who easily believe the things they are told on misleading alerts coming out of nowhere. If you have also been infected with this rogue, you should simply ignore its alerts, scanners and notifications and never purchase licensed version. In addition, you should remove Windows Active Defender without any delay because postponing removal of this cyber threat may increase the risk of receiving more malware on your computer. Besides, this porgram may also track your browsing habits and try to steal your sensitive information, like credit card details or passwords.


The way how Windows Active Defender gets on the target computer is quite typical one: it gets inside through security vulnerabilities found that usually appear after victim forgets to update his security software. In most of the cases, this infiltration is not seen by a user and he is simply surprised by annoying alerts and scanners popping up out of nowhere. Just after its secret infiltration, this rogue additionally modifies some registry entries so that it could start together with every computer's reboot. As you can see, this program is a typical rogue that must be uninstalled without any delay.

In order to make its victims think they are dangerously infected, Windows Active Defender reports:

Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.


Have no doubt that Windows Active Defender should be avoided just like its earlier versions. Besides, you should also note that this scamware shares identical GUI just like its predecessors and uses the same-looking alerts and scanners reporting about invented issues found on your system. These files that are usually reported as malware are harmless system files that may be important to have on your computer. So, the only real thing you must remove is the same Windows Active Defender. Don't waste your time and use reputable anti-malware programs to uninstall Windows Active Defender from your PC for good.

The latest parasite names used by FakeVimes:
Windows Internet Guard, Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit

Windows Active Defender video guide

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Reimage - remover Happiness
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Active Defender. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Windows Active Defender. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
We are testing Plumbytes's efficiency (2012-06-19 06:41)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2012-06-19 06:41)
Hitman Pro
Webroot SecureAnywhere AntiVirus
Windows Active Defender screenshot
Windows Active Defender snapshot

Windows Active Defender manual removal

Kill processes:
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
There are more similar entries, you should let spyware Doctor to identify them.
Delete files:

Information updated:

Comments on Windows Active Defender

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name


(All fields are required)