Severity scale:  

Windows Virtual Firewall. How to remove? (Uninstall guide)

removal by Olivia Morelli - -   Also known as WindowsVirtualFirewall | Type: Rogue Antispyware

Windows Virtual Firewall is trying everything to look legitimate. And it actually might look like a good anti-spyware for you, however, it's not. It is another rogue antispyware software from Fakevimes family. Upon infiltration it will instantly show up and scan your computer. After a really short scan it will show up with lot's of viruses that are supposedly infected your computer. However, keep in mind that Windows Virtual Firewall is capable to warn its victims only about fake viruses that don't even exist. The only thing that this program wants you to do is to purchase a licensed version of it. However, considering Windows Virtual Firewall's aggressive behavior, it is very important to remove it from system as soon as possible.

Methods of Windows Virtual Firewall distribution

Windows Virtual Firewall probably infected your computer through some unauthorised updates or new software you installed. The only way to defend yourself from such kinds of infections is to use a reputable anti-spyware software. Windows Virtual Firewall is able to block some antivirus programs from running, so it is advised to use more than one. Additionally, it makes itself start when windows starts. As a result, Windows Virtual Firewall shows false spyware detection alerts and fake scanner ads, which tells you that you are very dangerously infected. These messages might pop up every 5-10 minutes, to catch your attention and just to annoy.

Here's an example of Windows Virtual Firewall alert:

Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot
Windows Virtual Firewall Alert
Potential Threat Details
Windows Virtual Firewall detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more.

By scaring you is the easiest way to make you purchase a licensed version of Windows Virtual Firewall. However, if you actually bought it, that means you gave away your money to scammers. Just make sure you cancel any pop ups of Windows Virtual Firewall that asks to purchase a licensed version. If you have already paid for Windows Virtual Firewall, contact your credit card company to dispute the charges and, of course, just remove Windows Virtual Firewall from your PC.

How to remove Windows Virtual Firewall?

We recommend using Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus as these are the best anti-malware tools according to our tests, and these tools will find and remove all infected files for you automatically.[newest]

The latest parasite names used by FakeVimes:

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Virtual Firewall you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Virtual Firewall. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Windows Virtual Firewall snapshot
Windows Virtual Firewall

Windows Virtual Firewall manual removal:

Kill processes:

Delete registry values:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Inspector"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe

There are more similar entries, you should let spyware Doctor to identify them.

Delete files:

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

Removal guides in other languages