Title: Windows Active Guard
Type: Malware
Also known as: WindowsActiveGuard

Remove Windows Active Guard
Removal instructions

Severity scale:Windows Active Guard severity is 60  (60 / 100)

Windows Active Guard is a rogue anti-spyware that really looks like its forerunners from FakeVimes family. Just like its predecessors, this program tries only to steal the money from its victims and doesn't even try to help user find viruses on his computer. If you have also been receiving various security alerts from Windows Active Guard, keep in mind that they are misleading and should never be trusted. This rogue seeks only to make its victims concerned about their computers and then creates a need of its licensed version. We highly recommend NOT to believe Windows Active Guard malware and remove this threat without any delay using a reputable anti-spyware version.


Windows Active Guard may get into your PC with a help of trojan horse what is really hard to notice or intercept. Trojan hores not only downloads the trial its version on the computer, but also sets the malware start as soon as PC is rebooted. This is done by changing some system parameters and adding Registry keys of its own. So, every time PC starts, Windows Active Guard starts showing itself through fake system scanners and alerts popping up without any break. All these messages report that your PC is dangerously infected with malware and that you need to remove them. Of course, these Windows Active Guard mesaages look really convincing and may trick many internet users. Mostly, they look something like that:

Firewall has blocked a program from accessing the Internet
Internet Explorer
C:\program files\internet explorer\iexpolre.exe
C:\program files\internet explorer\iexpolre.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Please click “Prevent attack” button to prevent all attacks and protect your PC.

Warning! Virus Detected
Threat Detected: Trojan-Downloader.Win32.Agent
Security Risk:
Infected File: regedit.exe
Description: Programs classified as Trojan download and install new versions of malicious programs, including Trojans and AdWare, on victim computers.
Please click “remove All” button to erase all infected files and protect your PC

Be sure that Windows Active Guard scanners will always detect the same threats and viruses. No wonder why – this rogue anti-spyware aims to frighten its victims and make them believe they should really pay the money for its license. However, we highly recommend to ignore every alert got from Windows Active Guard because most of them report legitimate files found on the system. Be sure that every scanner you get is also fabricated and should be ignored if you don't want to end up purchasing the FAKE licensed version.

HOW TO REMOVE Windows Active Guard? 

In order to stop all this campaign, we recommend to remove Windows Active Guard malware from your computer. Otherwise it may hijack your web browser and do other unwanted stuff on your PC. Manual removal is really dangerous because you may make various damage for your computer's system parameters, so we recommend running a full system scan with SpyHunter or STOPzilla anti-malware programs that will authomatically remove this threat for you. In case you are blocked, enter this code into its registration section: 0W000-000B0-00T00-E0020.

The latest parasite names used by FakeVimes:
Windows Internet Guard, Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit

Automatic Windows Active Guard removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove Windows Active Guard you agree with our Privacy Policy and Agreement of Use.
SpyHunter is recommended remover to uninstall Windows Active Guard. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

If you failed to remove Windows Active Guard using SpyHunter, submit question to our support team and provide as much details as possible.
manual required
We are testing STOPzilla's efficiency at removing Windows Active Guard (2012-07-23 07:48:41)
Malwarebytes Anti Malware
manual required
We are testing Malwarebytes Anti Malware's efficiency at removing Windows Active Guard (2012-07-23 07:48:41)
XoftSpySE Anti Spyware
manual required
We are testing XoftSpySE Anti Spyware's efficiency at removing Windows Active Guard (2012-07-23 07:48:41)
Defender Pro Ultimate
manual required
We are testing Defender Pro Ultimate's efficiency at removing Windows Active Guard (2012-07-23 07:48:41)

what to do if you failed to remove the infection?
Virus Removal
Phone Support
Help Line to remove Windows Active Guard
Windows Active Guard snapshot:
Windows Active Guard snapshot

Windows Active Guard manual removal:

Kill processes:
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
There are more similar entries, you should let spyware Doctor to identify them.
Delete files:

QR code for Windows Active Guard removal instructions:

Windows Active Guard qrcode
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.

The reason we add QR code to the website is that parasites like Windows Active Guard are really hard to remove on infected computer. you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall Windows Active Guard right in your pocket.

Simply use the QR scanner and read removal instructions from mobile device.

Removal guides in other languages

Information added: 2012-07-23 07:48:41
Information updated: 2012-08-02 03:31:58

Additional resources:

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

Post Comment:

Attention: Use this form only if you have additional information about Windows Active Guard parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name


* All field required
Like us on Facebook
Latest spyware news:
Subscribe to spyware news
Please enter your e-mail address:
If you do not want to receive our spyware
newsletter please unsubscribe here
48651 Subscribers
Ask us
I failed to remove Windows Active Guard using SpyHunter.



Spreading the knowledge:

It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!
add text box
rss feed
help other