Language:

English
- English
- Russian
- German
- Spanish
- French

Home & Home OfficeBusinessPartnersClubAbout Security Stronghold

How to remove Windows Active Defender: Download Removal Tool

What is Windows Active Defender

Download WiperSoft Antispyware Malware Remediation Tool

Remove Windows Active Defender manually

Get Professional Support

Read Comments

Threat's profile

Name of the threat:

Command or file name:

Threat type:

Affected OS:

Windows Active Defender

Protector-(random 4 letters).exe

Rogue

Win32/Win64 (Windows XP, Vista, Windows 7, Windows 8/8.1, Windows 10)

Windows Active Defender, being installed on your computer, pretends to be one of the most powerful legal antiviruses, but it is just a lie. The user should remember that no one legal program (and antivirus also) cannot be installed without his direct participation in the process of installation. So, the user must not trust the program that was created to deceive him! Windows Active Defender was invented to fund the creation of the similar fake antivirus products. This fake antivirus program can spread through the social networks and through the suspicious websites. The user should remove Windows Active Defender from his computer as soon as possible.

Autorun of Windows Active Defender can be fixed in Hijackthis by fixing the line:

O4 - HKCU\..\Run: [Inspector] %AppData%\Protector-(random 4 letters).exe

To unlock your PC and get rid of alerts use following code:

0W000-000B0-00T00-E0020

Windows Active Defender intrusion method

Windows Active Defender copies its file(s) to your hard disk. Its typical file name is Protector-(random 4 letters).exe. Then it creates new startup key with name Windows Active Defender and value Protector-(random 4 letters).exe. You can also find it in your processes list with name Protector-(random 4 letters).exe or Windows Active Defender. Also, it can create folder with name Windows Active Defender under C:\Program Files\ or C:\ProgramData.

If you have further questions about Windows Active Defender, please call us on the phone below. It is toll free. Or you can use programs to remove Windows Active Defender automatically below.

Download Wipersoft Antispyware

Download this advanced removal tool and solve problems with Windows Active Defender and Protector-(random 4 letters).exe (download of fix will start immediately):

Download WiperSoft Antispyware to remove Windows Active Defender

* WiperSoft Antispyware was developed to remove threats like Windows Active Defender in automatic mode. Remover has active module to protect PC from hijackers, trojans, ransomware and other viruses. Trial version of Wipersoft provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Wipersoft.

Features of WiperSoft Antispyware

Removes all files created by viruses.

Removes all registry entries created by viruses.

You can activate System and Network Guards and forget about malware.

Can fix browser problems and protect browser settings.

Removal is guaranteed - if Wipersoft fails ask for FREE support.

24/7 Spyware Helpdesk Support included into the package.

Download Spyhunter Remediation Tool by Enigma Software

Download antimalware designed specifically to remove threats like Windows Active Defender and Protector-(random 4 letters).exe (download of fix will start immediately):

Download AntiMalware to remove Windows Active Defender

Features of Spyhunter Remediation Tool

Removes all files created by Windows Active Defender.

Removes all registry entries created by Windows Active Defender.

Fixes browser redirection and hijack if needed.

"Toolbar Remover" tool will help you get rid of unwanted browser extensions.

Removal is guaranteed - if Spyhunter Remediation Tool fails ask for FREE support.

24/7 Helpdesk Support and 5 hours of Remote Support via GoToAssist included into the package.

Let our support team solve your problem with Windows Active Defender and remove Windows Active Defender right now!

Submit support ticket below and describe your problem with Windows Active Defender. Support team will offer you solution in several minutes and give a step-by-step instruction on how to remove Windows Active Defender. Trouble-free tech support with over 10 years experience removing malware.

Submit support ticket

Threat's description and solution are developed by Security Stronghold security team.

Here you can also learn:

Technical details of Windows Active Defender threat.

Manual Windows Active Defender removal.

Download WiperSoft Antispyware Malware Remediation Tool.

How to remove Windows Active Defender manually

This problem can be solved manually by deleting all registry keys and files connected with Windows Active Defender, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Windows Active Defender.

To get rid of Windows Active Defender, you should:

1. Kill the following processes and delete the appropriate files:

%AppData%\NPSWF32.dll

%AppData%\Protector-(random 4 letters).exe

%AppData%\result.db

%AppData%\1st$0l3th1s.cnf

Windows Active Defender.lnk

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use WiperSoft Antispyware Malware Remediation Tool for safe problem solution.

**Trial version of Wipersoft provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Wipersoft.

2. Delete the following malicious folders:

no information

3. Delete the following malicious registry entries and\or values:

Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Value: WarnOnHTTPSToHTTPRedirect
Data: "0"

Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Value: DisableRegedit
Data: "0"

Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Value: DisableRegistryTools
Data: "0"

Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Value: DisableTaskMgr
Data: "0"

Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
Value: ConsentPromptBehaviorAdmin
Data: "0"

Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
Value: ConsentPromptBehaviorUser
Data: "0"

Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
Value: EnableLUA

Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: Inspector

Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
Value: net
Data: 2012-6-14

Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
Value: UID
Data: (random)

Key: HKEY_CURRENT_USER\Software\ASProtect

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\alevir.exe

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\bipcpevalsetup.exe

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\gbmenu.exe

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\msdm.exe

Warning: if value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use WiperSoft Antispyware Malware Remediation Tool for safe problem solution.

If Windows Active Defender blocks you from running security programs.

Often rogue programs like Windows Active Defender block you from running security programs and visiting anti-virus websites. In this case we recommend you to boot your Windows in Safe Mode with Networking. This is special mode when Windows will not load third-party services, drivers and start-up objects. However you will be able to use Internet. Just download and run suggested programs for easy Windows Active Defender removal is Safe Mode with Networking. To load in Safe Mode with Networking and remove Windows Active Defender do the following:

Start or restart your Windows
Keep pressing F8 button from the beginning of the boot
This will open Advanced Boot Option menu
In the menu choose Safe Mode with Networking (use arrows on the keyboard to navigate)
Wait until Windows loads
Download WiperSoft Antispyware Malware Remediation Tool scan and remove found threats.
Restart Windows in Normal Mode

Information provided by: Aleksei Abalmasov

Next threat: click.get-answers-fast.com »

« Back to catalog