“I accidentally downloaded Windows Active Defender and now I can’t delete it. I scanned my computer for it to delete it, and it says that there isn’t any malicious software on my computer. I can’t open task manager, I can’t use any browser, and my antiviral software is turned off by this virus. I don’t know what to do to get rid of it!!” While if you are stuck in the same problem, what will you do?

To learn about Windows-Active Defender


Windows Active Defender makes people think it’s a legit and strong powerful baseline shield for its with a fraudulent name and GUI(interface), However, it does completely opposite things to people. That means it doesn’t provide you any protection to your computer, instead, it may place your computer in a bad condition. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. The interface of it looks like legit, friendly and helpful. In fact, it absolutely plays a role of villain. It’s a virus indeed which hides on nasty malicious websites or in bundled downloads, camouflaged as fake video codecs or spam email attachments. It prepares to attack PCs anytime once it gets an opportunity. The chance can be one of your careless operation such as a visit to some malicious sites, click a cataleptic video or advertisement link, etc. No matter in which way, it will automatically install in your computer without your notice and permission. The annoying virus at first makes your real protection software unavailable by violence, and then it takes place of it as if it’s a much better program to give your computer a complete protection. If you really believe that, you are fully wrong. A virus like Windows Active Defender takes the usual trick to reach its goal. When it enter your PC, it takes over of your legit antivirus and starts to give out a report with a fancy and standard interface alerting you that your computer has been infected with much virus. Then it will pretend as if it’s scanning something which is of course nonsense, even, it won’t do anything of scanning. What the information shows you just want to make you be convinced. Then after not a long time, it will display that your computer is in very dangerous state that your computer has so much viruses. Don’t worry about it; all those displayed viruses don’t exist in your computer at all. “You should remove all those viruses by using Windows Active Defender as soon as possible” this is the further alerting information after the Windows Ultimate Security Patch finish so called scanning.  And when you really want to use Windows Active Defender to do that, it will tell you that you don’t have the authority to do that before you obtain the full version. That means you have to pay money to buy this fake program. This is also the final purpose of this malware. What is worse, Windows Active Defender blocks legitimate Windows applications. It will also block many of the infected computer’s normal functions, for example, Windows Task Manager and Registry editor. Therefore, please ignore the scan results. Do not waste any of your time with Windows Active Defender, and, most importantly, do not spend any money on its “licensed” version, because this windows protect application is completely fake. Here I’d like to emphasize that this fake antivirus has many other versions just with a different name and appearance. Be careful, before you click some links and download something, look before you leap!

To save your computer, Live Chat with YooSecurity Expert Now, or you can follow the manual removal guide below to get your problem fixed. (For advanced computer users)

Windows Active Defender rogue antispyware Screen Shot

Files scanning fake firewall alert

Here is some threat fake alerts of  Windows Active Defender:

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

 

Have been ripped off by the fake Windows Active-Defender Virus but don’t know what to do?

Windows Active Defender is “smart” enough to safeguard your PC, it claims it can fully diagnostic then clean out all threats, when you want more complete protection, do a Full scan. Unlike the Quick scan, which only scans running programs and system files, a Full scan scans all the drives and folders and files on your computer—including system files and the Windows Registry. But you could see that the fake software only took a few minutes to scan your system and then told you the scan results. That is amazing but it gave your false information. Actually the scam not only stopped your internet access but also disabled your task manager and registry editor. Once your computer has been attacked by the horrible virus, you couldn’t run anything, and your computer will be crashed down and damaged by it. Technically, you have to take an effective way. Please do a backup beforehand and then follow the helpful instructions below:

Guide to get in safe mode with networking to eliminate the malware:

Restart your computer. As your computer restarts but before Windows launches, tap “F8” key constantly. Use the arrow keys to highlight the “Safe Mode with Networking” option, and then press ENTER.

Virus Manual Removal Step by Step Instructions

Press Ctrl+Alt+Del keys together and stop all processes in the Windows Task Manager.

Open the Registry Editor, search and remove registry entries related to the Malware

All associated files of Windows Active Defender virus should be deleted absolutely.

%systemroot%\system32\random
%windir%\temp*.%AppData%\HEIOFSD32.dll
%AppData%\Protector-[tbm].exe
MD5: 9248aefd088ds037s630764d4b807e3c63

Video Guide on How to Remove Windows Active-Defender Virus

Manually get rid of registry entries created by Windows Active-Defender

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[tbm].exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Random thing
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Random.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\Random.exe

Tips: If you could not get rid of Windows Active Defender scam by yourself and don’t want to make things worse, contact PC experts for help.

Published by Leo R. Oscar & last updated on November 14, 2012 12:57 pm

Leave a Reply