Introduction about the Windows Guardian Angel:

The newest rogue antispyware application Windows Guardian Angel can attack a number of PC users who do not use the internet carefully which results in infecting their windows. It is spread widely if the users download material from unreliable sources; it also travels through the spam emails. This application can also come from a Trojan, which infects your computer secretly. So be careful while downloading freewares. There is a great chance that these freewares contain viruses. If you are using peer to peer networking, then pay extra attention to what you are downloading. People have mistakenly downloaded the rouge applications. The application breaks into the computer, and it does not require any permission from the users.

When Windows guardian angel is installed, it attacks the system by blocking your antivirus software, so you cannot detect the rouge applications and become unable to remove it. It runs a false scan and shows you a list of the infected files. It also shows you security warnings and asks you to upgrade to full version to remove the infected files. Upgrading to the full version will require some money; this is the trick played Windows guardian angel to get users money. The infected files, they show in their report, do not even exist in your computer. The best way to get rid of this rogue application is to kill the program manually. In this article, we tell you the step-by-step instruction on how to remove Windows guardian angel from your computer completely.

Remove Windows guardian angel processes

  1. Click on Start then click on Run.
  2. Type taskmgr and press Ok or you can open task manager by pressing CTRL+ALT+DEL.
  3. In the task manager click on the Processes tab. This will show you the active processes, find the required process which are ‘%appdata%\Inspector-[rnd].exe’ and ‘%AppData%\Protector-[rnd].exe’ right click on these processes and then select End process.

Remove Windows guardian angel Registry values

  1. Click on Start then click on Run.
  2. Type regedit and click Ok. This will open the registry editor.
  3. In registry editor use the left pane and click on Edit. Click on Find type in the registry values.
  4. Right click on the registry values and select Delete.
  5. The registry values that should be deleted are:

HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Internet Settings WarnOnHTTPSToHTTPRedirect= 0

HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System DisableRegedit= 0

HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System DisableRegistryTools= 0

HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Policies\\System DisableTaskMgr= 0

HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Run Inspector

HKEY_CURRENT_USER\\Software\Microsoft\\Windows\\CurrentVersion\\Settings net= 2012-3-11_2?

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings UID= origkboryd

HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\InternetExplorer\\Main\\FeatureControl\\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\atcon.exe

HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\bipcp.exe

HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\ecengine.exe

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\infwin.exe

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\msconfig

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\PavFnSvr.exe

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sahagent.exe

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\titaninxp.exe

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\wsbgate.exe

Remove Windows Guardian Angel DDL value

  1. Go to Start and click Search.
  2. Select For files and folders.
  3. Type the file name ‘%AppData%\NPSWF32.dll’ and select Local hard drives.
  4. Right click on the found result and select Delete.

Remove Windows Guardian Angel Data Files

  1. Click on Start then click on Run.
  2. Type cmd and press Ok.
  3. Enter the full path of the file.
  4. To view the content of the file type dir command.
  5. Now type ‘regsvr32 /u [dll_file_name]’ and press enter.
  6. The files you need to find out are:

%AppData%\NPSWF32.dll

%AppData%\Protector-3 characters.exe

%AppData%\result.db

%CommonStartMenu%\Programs\Windows Managing System.lnk

%Desktop%\Windows Managing System.lnk

How to remove Windows Guardian Angel?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>