How many antivirus programs installed in your computer? Do you still feel insecure even if you have installed more than two or three PC protection tools? Have you just got the new one called Windows Active Defender antivirus software? Have you ever given permission to it to install in your computer? Find more information about it if you feel it quite aggressive and hard to remove.
Windows Active Defender has just been reported currently to be found in many users’ computers. You may think it’s a friendly PC protection software. But it’s in fact a fake Windows antivirus program/virus coming from the well known Windows Rogue. FakeVimes family. Sharing the same birth place with Windows Privacy Counsel, this new born baby also gets a trustworthy appearance to fool your eyes. So be careful whenever an unknown program shows in your computer. In-cautiousness could lead you to a lot of pains.
Designers of Windows Active Defender and any other fake anti-spyware program take advantage of the fact that computer is a necessity in modern world and create this scam to collect money illegally from innocent computer users. This cyber financial fraud activity has been spread worldwide so you should watch out for it. Here’s a brief introduction of how this new fake software messes up with your computer. First, it can be infected and spread quickly via illegal websites, unknown but indeed scam programs or spam emails. Second, it will run a scan automatically once it’s in your computer and then states to you that your computer has been severely infected. Next, lots of fake security alerts will keep popping up to stress this fact in order to draw your attention and distract your judgment. When you fail to remove this Windows Active Defender fake software after trying many methods, you may feel exhausted and want to follow the only choice it gives you, which is to purchase the full version to finally delete all the detected viruses and stop the popping up alerts. Now you are in its trap! What’s worse, you have been giving out your personal information while you are signing up for the payment. As soon as you have realized it’s a nasty virus, please call your bank to renew your account or password so that you may not continue losing money. Then you should remove it out of your computer as soon as possible.
Warning:
Firewall has blocked a program from accessing the Internet
C:\programs files\Internet Explorer\iexplore.exe
is suspected to have infected your computer. This type of virus intercepts entered data and transmits them to a remote server.
Error:
Attempt to run a potentially dangerous script detected.
Full system scan is a highly recommended.
a. Windows Active Defender can change the default settings of your computer so that it won’t be easily deleted and slow down the operation of it by dropping thousands of useless files into your computer.
b. Windows Active Defender can create system vulnerabilities to allow the entrance of hackers to follow all your activities and collect valuable information out of them. To be more concrete, it can redirect you to a hacked webpage for you to signup and give away your bank account and passwords.
c. Windows Active Defender can hide your icons on the desktop and enable some functions of computer. It will also drop infected files as real ones to avoid the detection from antivirus program and to mess up and infect other system files and important data.
Here are some steps to do the manual removal. It requires a good knowledge of computer. Before you make any changes with your computer, you are suggested to do a system backup at first. Then start by following the instructions here:
1. Reboot the infected computer and get into “Safe Mode with Networking”. To do that you need to keep pressing F8 key on your keyboard and then use arrow keys to select and press E/Enter;
2. Press Ctrl+Alt+Del together or right click on the bottom Taskbar (for Win 7) to open the Windows Task Manager;
3. End the process [Windows Active Defender].exe;
4. Find out and delete all these associating files and registry entries as below:
%AppData%\Protector-[Windows Active Defender].exe
%AppData%\NPSWF32.dll
%AppData%\result.db
%CommonStartMenu%\Programs\{Windows Active Defender}.lnk
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Regedit32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current\Winlogon\”Shell” = “{rnd}.exe”
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun-[rnd]
5. Reboot the computer when the above steps are finished and enter with normal mode this time.
NOTE: It is strongly recommended that Windows Active Defender virus must be deleted with expertise, otherwise you may fail and cause more damages to your computer. So please contact YooCare Expert for a fast and professional help.
Published by & last updated on June 16, 2012 3:27 pm
Leave a Reply
You must be logged in to post a comment.