Home Blog

Windows Active Guard – How to Remove Windows Active Guard instantly

Posted by in Blog Rogue Program
on September 22nd, 2012 | Leave a comment
remove Windows Active Guard

remove Windows Active Guard

Do you want to remove Windows Active Guard from your computer? Windows Active Guard is one of those fake antivirus programs including  OpenCloud SecurityVista Security 2012 and Smart Engine. Windows Active Guard is designed to make users believe it it’s a legitimate virus removal program. Actually, those fake antivirus could not remove any virus and only create problems. And they are super-power in that it could wipe off the protection from your real antivirus and even destroy it. We recommend you to enter Safe Mode to remove Windows Active Guard.

The rogue antivirus is installed once you click on any fake security alert caused by Trojans like Trojan.Krast. Those security alerts are very similar to those from your antivirus or Microsoft. Compromised computers run very slow as Windows Active Guard occupies large system resource to scan your computer. And then the malware produces all kinds of error messages and alert which you find no way to end. Windows Active Guard will also disable executable files and change browser settings with browser hijacking Trojans.

Here are the useful steps to get rid of Windows Active Guard
1. Back up your registry.

2. Open up your system information utility and check the task lists. Look for the filenames and paths for tasks you don’t recognize. Run the.dll from the virus program through the ones your don’t recognize.

3. Go to Start, then Run. Type in “regedit” – this is to open up your registry editor. Go to the subkey and delete the Windows Active Guard registry keys below:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe

4. Rmove the related malicious files:

%AppData%\Protector-[RANDOM CHARACTERS].exe

Recommended Way – Removing Windows Active Guard by Third Party Removal Tool
A third party removal tool is a professional in removing different kinds virus and protecting the computer, this kind of security application is usually powerful than the general antivirus program in instantly detecting and removing the infected virus. Therefore, employing a good removal tool to the computer can help you get rid of the Windows Active Guard in an automatic way, all of the infected files and other components will be clean out from your computer in few minutes. According to referring some other users’experiences, Spyware Cease is a virus removal tool that is welcomed by many computer users, so it is highly recommended to use Spyware Cease to fix your Windows Active Guard infection problem.

Steps of removing virus by Spyware Cease:

  1. Activate Spyware Cease and use it to scan your system online
  2. When the scan finishes, find Windows Active Guard from the scan result
  3. Click the “Remove” bottom at the bottom to finish the removal

Leave a Reply