The Windows Internet Guard is dangerous ransomware that infect the windows based computers without the consent of the user. Once installed, you cannot get access to your computer. When you try to open your system, you will see a message on the screen that you have to pay a certain amount of fine as you have violated the copyrights of a music or game file. In most cases they will ask you to pay $200, and even if the user pays this amount, the computer won’t unlock, instead of that the hackers will also steal your personal information that you have given while paying the so called fine. Once you try to fix these errors, it will ask you to buy the licensed version of this software. Most of the users download this virus by clicking on any pop-up ad appears while visiting the unsafe websites. Once it is installed in your computer, all your searches are redirected towards certain websites, and the home page settings of your browser also changed. This malicious application has the ability to block your antivirus program as well as other security tools, so that you are unable to detect this threat. You need to remove this dangerous virus as soon as you detect it either through an automatic tool, or by following the steps in the manual removal method.
Manual Removal of Windows Internet Guard
The manual removal process is recommended for the advance level users, and computer professionals because it involves several complicated steps that are needed to be executed exactly as it is described here.
Reboot the Computer in Safe Mode
You need to reboot the infected computer in safe mode so that you can remove the malicious processes, and delete the files and registry entries from your computer. You have to simply restart the computer and navigate to the boot menu options by using F8 key to select the safe mode option.
Kill the Malicious Processes
Once the computer starts working in the safe mode, you have to press the Ctrl+Alt+Delete keys to start the windows task manager where you can see the running processes by selecting Processes option. You have to select the suspicious process, and click on the End Process button to kill that particular process.
Delete Associated Files
After you are over the processes, now it is time to delete the associated files. You have to look for the following suspicious files, and delete them through Delete key.
- %Desktopdir%\Windows Internet Guard.lnk
- %Programs%\Windows Internet Guard\Windows Internet Guard.lnk
Remove Registry Entries
The manual removal process is incomplete unless you do not get rid of the following registry entries. One thing which you need to keep in mind is, all the modifications in the registry entries have been carried out through registry editor which can be started by clicking on the Start menu, selecting Run, and writing Regedit in the box. Once the registry editor started, you have to navigate to the following suspicious registry entries:-
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Internet Guard\DisplayIcon %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe,0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Internet Guard
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Internet Guard\UninstallString “%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe” -u
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Internet Guard\ShortcutPath “%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” -u
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Internet Guard\DisplayName Windows Internet Guard
After removing these registry entries you have to close the registry editor, and restart the computer in the normal mode to see the effectiveness of the manual removal method. Do not forget to update the antivirus program and run a complete system scan to check the infections.