Severity scale:  

Windows Active Defender. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as Windows Active Defender | Type: Rogue Antispyware

Windows Active Defender is not a reliable anti-malware program which is worth your money or time. Though it looks legitimate, this is just another rogue that belongs to the family of malwares that tend to be active for one day. The only reason why scammers have created Windows Active Defender is trying to rip off the users who easily believe the things they are told on misleading alerts coming out of nowhere. If you have also been infected with this rogue, you should simply ignore its alerts, scanners and notifications and never purchase licensed version. In addition, you should remove Windows Active Defender without any delay because postponing removal of this cyber threat may increase the risk of receiving more malware on your computer. Besides, this porgram may also track your browsing habits and try to steal your sensitive information, like credit card details or passwords.


The way how Windows Active Defender gets on the target computer is quite typical one: it gets inside through security vulnerabilities found that usually appear after victim forgets to update his security software. In most of the cases, this infiltration is not seen by a user and he is simply surprised by annoying alerts and scanners popping up out of nowhere. Just after its secret infiltration, this rogue additionally modifies some registry entries so that it could start together with every computer's reboot. As you can see, this program is a typical rogue that must be uninstalled without any delay.

In order to make its victims think they are dangerously infected, Windows Active Defender reports:

Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.


Have no doubt that Windows Active Defender should be avoided just like its earlier versions. Besides, you should also note that this scamware shares identical GUI just like its predecessors and uses the same-looking alerts and scanners reporting about invented issues found on your system. These files that are usually reported as malware are harmless system files that may be important to have on your computer. So, the only real thing you must remove is the same Windows Active Defender. Don't waste your time and use reputable anti-malware programs to uninstall Windows Active Defender from your PC for good.

The latest parasite names used by FakeVimes:

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Active Defender you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Active Defender. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Windows Active Defender snapshot
Windows Active Defender

Windows Active Defender manual removal:

Kill processes:

Delete registry values:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Inspector"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe

There are more similar entries, you should let spyware Doctor to identify them.

Delete files:

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions