Windows Active Guard is a fake computer security program designed to extort your money. It is actually a rogue virus itself but it pretends to be a real antivirus software alerting you of some viruses as detected by it on your PC. Its target is to somehow convince you that your computer is infected with badwares, then trick you into paying the virus removal fee. For this purpose, Windows Active Guard displays scary alerts on screen stating that it has found numerous viruses. It lists some of them that do not really exist in your computer. i.e Trojan-Downloader.Win32.Agent.
“Windows Active Guard” virus is a harmful threat itself. It performs malicious activities on your computer. First of all, it enters into a computer without user permission. After getting installed, it disables some important windows features. It disables windows task manager and REGEDIT tools, sometimes it also disables your legitimate anti-spyware software. Moreover, Windows ActiveGuard is a spyware that will steal your personal data like bank account information and credit card info for misuse. Once your PC is infected with this virus, it will display continuous popup alerts on your screen to scare you and convince you buy pro version of Windows Active Guard. Please never pay for this program because it is a fake virus that will not help your fix your computer. It is recommended to get rid of Windows Active Guard as soon as possible.
How to uninstall Windows Active Guard virus manually:
To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.
To prform manual removal steps, you may need to learn,
How to stop a process
How to delete registry entries
Stop Windows Active Guard processes:
Protector.exe
Remove Windows Active Guard Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
Delete Windows Active Guard files:
%AppData%\Protector.exe
Auto Removal
To remove this virus Automatically, We suggest following tools:
Malware Bytes Anti-Malware (Download)
HitMan Pro Anti-Malware (Download)
