Windows Maintenance Guard is not legitimate and trustworthy! Though you may have thought that this is the program that is going to find and remove malware for you, in reality you should never trust its 'viruses' detected. In fact, all these files reported by Windows Maintenance Guard are harmless system files that are important to have on your computer. Just like any other threat from FakeVimes, this scamware is created by scammers to help them swindle some money. That's why it firstly creates a need for its licensed paid version by scaring its victims into thinking that they are infected. However, if you are reading this article, the only real threat you have on your PC is the same Windows Maintenance Guard. We highly recommend to remove this rogue without any delay.
SYMPTOMS OF WINDOWS MAINTENANCE GUARD
All Windows Maintenance Guard activity begins with its secret infiltration which is done with a help of trojans. In order to come undetected, these scams use security holes that appear as soon as user forgets to update his security software. In addition, when Windows Maintenance Guard is downloaded, it is additionally set to start together with every computer's reboot. Malware begins deliberately report many security issues and even displays its forged scanners showing how these threats are detected. However, they are just some scripts that are in no way related to the standard malware check procedure. Have no doubts that these messages are fake and should be ignored.
Here are some examples of Windows Maintenance Guard alerts:
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Warning! Spambot detected!
Attention! A spambot sending viruses from your e-mail has been detected on your PC.
Though Windows Maintenance Guard runs scanners that look real, in reality they should never be trusted. Displaying such fake alerts and scanners is a common thing when you are infected with scareware programs, so be sure that Windows Maintenance Guard similarly tries to trick you before asking for a payment.
HOW TO REMOVE WINDOWS MAINTENANCE GUARD
We highly recommend to remove Windows Maintenance Guard from your computer before it downloads more malware on it. While it is not usually listed on Add/Remove Programs, we recommend running a full system scan with reputable anti-malware programs, like Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Reimage
The latest parasite names used by FakeVimes:
Windows Maintenance Guard manual removal:
Protector-[3 random characters].exe
Protector-[4 random characters].exe
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe
There are more similar entries, you should let spyware Doctor to identify them.
%AppData%Protector-[3 random characters].exe
%AppData%Protector-[4 random characters].exe