Windows Active Defender is not a reliable anti-malware program which is worth your money or time. Though it looks legitimate, this is just another rogue that belongs to the family of malwares that tend to be active for one day. The only reason why scammers have created Windows Active Defender is trying to rip off the users who easily believe the things they are told on misleading alerts coming out of nowhere. If you have also been infected with this rogue, you should simply ignore its alerts, scanners and notifications and never purchase licensed version. In addition, you should remove Windows Active Defender without any delay because postponing removal of this cyber threat may increase the risk of receiving more malware on your computer. Besides, this porgram may also track your browsing habits and try to steal your sensitive information, like credit card details or passwords.
HOW DID I GET INFECTED WITH WINDOWS ACTIVE DEFENDER?
The way how Windows Active Defender gets on the target computer is quite typical one: it gets inside through security vulnerabilities found that usually appear after victim forgets to update his security software. In most of the cases, this infiltration is not seen by a user and he is simply surprised by annoying alerts and scanners popping up out of nowhere. Just after its secret infiltration, this rogue additionally modifies some registry entries so that it could start together with every computer's reboot. As you can see, this program is a typical rogue that must be uninstalled without any delay.
In order to make its victims think they are dangerously infected, Windows Active Defender reports:
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.
HOW TO REMOVE WINDOWS ACTIVE DEFENDER?
Have no doubt that Windows Active Defender should be avoided just like its earlier versions. Besides, you should also note that this scamware shares identical GUI just like its predecessors and uses the same-looking alerts and scanners reporting about invented issues found on your system. These files that are usually reported as malware are harmless system files that may be important to have on your computer. So, the only real thing you must remove is the same Windows Active Defender. Don't waste your time and use reputable anti-malware programs to uninstall Windows Active Defender from your PC for good.
The latest parasite names used by FakeVimes:
Windows Active Defender manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe
There are more similar entries, you should let spyware Doctor to identify them.