Windows Active Guard is a very harmful computer virus that displays various fake security alerts. These security alerts tell the users that numerous spywares have been detected in your system and you must remove them immediately. This malicious program is designed with such cleverness that it looks like a real professional antivirus program. Many users believe on the reports generated by this malicious program, and when they direct the tool to remove all the viruses and malwares from the computer, the Windows Active Guard asks them to buy the full version. The tool says that the full version of Windows Active Guard can remove the viruses effectively; though, in reality, the full version is also a fake program which does nothing.

The reports generated by the Windows Active Guard are all bogus – just like the tool itself.So, you do not have to worry about the health of your computer system. The list of files is just displayed to scare the innocent users. Apart from these false scans and their reports, the Windows Active Guard also disables the security of your computer, thus making your computer an open platform to be accessed by many hackers.

Following is a detailed method of removing Windows Active Guard:

Remove Windows Active Guard processes

  1. Click Start then select the option Run from the menu.
  2. Type ‘taskmgr’in the program ‘Run’ and click Ok.
  3. Click on the processes tab and find Windows Active Guard process under the column name ‘image name’.
  4. Right click on it and select End processes.
  5. The Windows Active Guard process is:

Protector-[rnd].exe

Remove Windows Active Guard registry key values

  1. Press the key ‘R’ with the key that has window label on it from the keyboard.
  2. This will open the Run program instantly.
  3. Type ‘regedit’ in there and click Ok.
  4. When the Registry editor opens, you will see that there are two sections in it.
  5. Click on Edit and then click on Find from the left section or left pane of the registry editor.
  6. Enter the Windows Active Guard registry key entries and select Ok.
  7. Now right click on the result; select Modify and then click on Delete.
  8. The Windows Active Guard registry key values are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4

HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]

HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

Remove Windows Active Guard other files

  1. Open Search from start menu.
  2. Enter the Windows Active Guard File name in the search box and click on after selecting ‘Local hard drives’
  3. Now delete the found file.
  4. The Windows Active Guard files are:

%AppData%\Protector-[rnd].exe

%UserProfile%\Desktop\Windows Active Guard.lnk

%Documents and Settings%\All Users\Application Data\Windows Active Guard

%AppData%\result.db

%CommonStartMenu%\Programs\Windows Active Guard.lnk

 

How to remove Windows Active Guard?
Tagged on:                 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>