Severity scale:  
  (60/100)

Windows Active Guard. How to remove? (Uninstall guide)

removal by Lucia Danes - -   Also known as WindowsActiveGuard | Type: Malware
12

Windows Active Guard is a rogue anti-spyware that really looks like its forerunners from FakeVimes family. Just like its predecessors, this program tries only to steal the money from its victims and doesn't even try to help user find viruses on his computer. If you have also been receiving various security alerts from Windows Active Guard, keep in mind that they are misleading and should never be trusted. This rogue seeks only to make its victims concerned about their computers and then creates a need of its licensed version. We highly recommend NOT to believe Windows Active Guard malware and remove this threat without any delay using a reputable anti-spyware version.

HOW CAN I GET INFECTED WITH Windows Active Guard?

Windows Active Guard may get into your PC with a help of trojan horse what is really hard to notice or intercept. Trojan hores not only downloads the trial its version on the computer, but also sets the malware start as soon as PC is rebooted. This is done by changing some system parameters and adding Registry keys of its own. So, every time PC starts, Windows Active Guard starts showing itself through fake system scanners and alerts popping up without any break. All these messages report that your PC is dangerously infected with malware and that you need to remove them. Of course, these Windows Active Guard mesaages look really convincing and may trick many internet users. Mostly, they look something like that:

Firewall has blocked a program from accessing the Internet
Internet Explorer
C:\program files\internet explorer\iexpolre.exe
C:\program files\internet explorer\iexpolre.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Recommended:
Please click “Prevent attack” button to prevent all attacks and protect your PC.

Warning! Virus Detected
Threat Detected: Trojan-Downloader.Win32.Agent
Security Risk:
Infected File: regedit.exe
Description: Programs classified as Trojan download and install new versions of malicious programs, including Trojans and AdWare, on victim computers.
Recommended:
Please click “remove All” button to erase all infected files and protect your PC

Be sure that Windows Active Guard scanners will always detect the same threats and viruses. No wonder why – this rogue anti-spyware aims to frighten its victims and make them believe they should really pay the money for its license. However, we highly recommend to ignore every alert got from Windows Active Guard because most of them report legitimate files found on the system. Be sure that every scanner you get is also fabricated and should be ignored if you don't want to end up purchasing the FAKE licensed version.

HOW TO REMOVE Windows Active Guard?

In order to stop all this campaign, we recommend to remove Windows Active Guard malware from your computer. Otherwise it may hijack your web browser and do other unwanted stuff on your PC. Manual removal is really dangerous because you may make various damage for your computer's system parameters, so we recommend running a full system scan with Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus anti-malware programs that will authomatically remove this threat for you. In case you are blocked, enter this code into its registration section: 0W000-000B0-00T00-E0020.

The latest parasite names used by FakeVimes:
[newest]

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Active Guard you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Active Guard. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Windows Active Guard snapshot
Windows Active Guard

Windows Active Guard manual removal:

Kill processes:
Protector-[rnd].exe

Delete registry values:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMainFeatureControlFEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Inspector"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe

There are more similar entries, you should let spyware Doctor to identify them.

Delete files:
Protector-[rnd].exe

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

Removal guides in other languages