Windows Guardian Angel. How to remove? (Uninstall guide)

removal by Linas Kiguolis - -   Also known as WindowsGuardianAngel | Type: Rogue Antispyware
12

Windows Guardian Angel is a fake program that imitates a legitimate anti-spyware tool in order to earn money from computer users. The application infiltrates computer without any notification and it doesn't need authorization of its user.

Windows Guardian Angel is installed with a help of Trojan viruses that spread on malicious websites promoting online scanners. The program invades the system using rough techniques. It quickly integrates there and blocks your reputable anti-spyware tools in order to make it difficult to be removed.

The application looks exactly like a legitimate anti-spyware removal software. It runs the scan on your machine and after it finishes. Windows Guardian Angel displays a list of infected files. In reality these scan results doesn't reflect a real condition of your computer.

However, Windows Guardian Angel insists removing them and this, however, is possible only if you register its copy. Of course, you are asked to pay for this license and that is how the creators of Windows Guardian Angel gain money from the users of infected computers.

The program also modifies some keys in Windows Registry and hijacks your Internet Browser. It displays a bunch of various alerts which warn about spyware infections detected on your system. These notifications also claim that you need to purchase Windows Guardian Angel in order to fix the protection problems on your computer:

Torrent Alert
Recomended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.
Please register your copy of the AV to activate anonymous data transfer protocol through the torrent link.

Warning! Identity theft attempt Detected
Hidden connection IP: xxxxxxxxx
Target: Your passwords for sites

Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Ignore these messages just like the scan results and do not pay for activating this scam application. Instead you should get rid of Windows Guardian Angel itself with a reliable anti-spyware program, like . If you have already paid for this malicious program you can still try to contact your credit card company so that the charges would be canceled. Windows Guardian Angel is totally worthless software and you should not waste your money on it.

The latest parasite names used by FakeVimes:
[newest]

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Guardian Angel you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Guardian Angel. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Windows Guardian Angel snapshot
Windows Guardian Angel

Windows Guardian Angel manual removal:

Kill processes:
%appdata%Inspector-[rnd].exe

%AppData%Protector-[rnd].exe

Delete registry values:
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Run "Inspector"

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "origkboryd"

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\InternetExplorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe

Unregister DLLs:
%AppData%NPSWF32.dll

Delete files:
%AppData%NPSWF32.dll

%AppData%Protector-3 characters.exe

%AppData%result.db

%CommonStartMenu%ProgramsWindows Managing System.lnk

%Desktop%Windows Managing System.lnk

About the author

Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author


  • andrea

    sono riuscito ad eliminra il file di windows guardian angel ma deve aver compromesso i file di registro e non mi fa urtilizzare correttamente alcuni programmi inibendo la loro funzionalità cosa posso fare Рgrazie

  • Yiddish

    Windows OS are simply superb