Security Stronghold security made easy

How to remove Windows Active Defender: Download Removal Tool


* What is Windows Active Defender

* Download WiperSoft Antispyware Malware Remediation Tool

* Remove Windows Active Defender manually

* Get Professional Support

* Read Comments


Threat indicator: HIGH

Threat's profile

Name of the threat:

Command or file name:

Threat type:

Affected OS:

Windows Active Defender

Protector-(random 4 letters).exe

Rogue

Win32/Win64 (Windows XP, Vista, Windows 7, Windows 8/8.1, Windows 10)


Windows Active Defender, being installed on your computer, pretends to be one of the most powerful legal antiviruses, but it is just a lie. The user should remember that no one legal program (and antivirus also) cannot be installed without his direct participation in the process of installation. So, the user must not trust the program that was created to deceive him! Windows Active Defender was invented to fund the creation of the similar fake antivirus products. This fake antivirus program can spread through the social networks and through the suspicious websites. The user should remove Windows Active Defender from his computer as soon as possible.

Autorun of Windows Active Defender can be fixed in Hijackthis by fixing the line:

O4 - HKCU\..\Run: [Inspector] %AppData%\Protector-(random 4 letters).exe

To unlock your PC and get rid of alerts use following code:

0W000-000B0-00T00-E0020


Windows Active Defender

Windows Active Defender intrusion method

Windows Active Defender copies its file(s) to your hard disk. Its typical file name is Protector-(random 4 letters).exe. Then it creates new startup key with name Windows Active Defender and value Protector-(random 4 letters).exe. You can also find it in your processes list with name Protector-(random 4 letters).exe or Windows Active Defender. Also, it can create folder with name Windows Active Defender under C:\Program Files\ or C:\ProgramData.

If you have further questions about Windows Active Defender, please call us on the phone below. It is toll free. Or you can use programs to remove Windows Active Defender automatically below.


Download Wipersoft Antispyware

Download this advanced removal tool and solve problems with Windows Active Defender and Protector-(random 4 letters).exe (download of fix will start immediately):

Download WiperSoft Antispyware to remove Windows Active Defender

* WiperSoft Antispyware was developed to remove threats like Windows Active Defender in automatic mode. Remover has active module to protect PC from hijackers, trojans, ransomware and other viruses. Trial version of Wipersoft provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Wipersoft.


Features of WiperSoft Antispyware

* Removes all files created by viruses.

* Removes all registry entries created by viruses.

* You can activate System and Network Guards and forget about malware.

* Can fix browser problems and protect browser settings.

* Removal is guaranteed - if Wipersoft fails ask for FREE support.

* 24/7 Spyware Helpdesk Support included into the package.


Download Spyhunter Remediation Tool by Enigma Software

Download antimalware designed specifically to remove threats like Windows Active Defender and Protector-(random 4 letters).exe (download of fix will start immediately):

Download AntiMalware to remove Windows Active Defender

Features of Spyhunter Remediation Tool

* Removes all files created by Windows Active Defender.

* Removes all registry entries created by Windows Active Defender.

* Fixes browser redirection and hijack if needed.

* "Toolbar Remover" tool will help you get rid of unwanted browser extensions.

* Removal is guaranteed - if Spyhunter Remediation Tool fails ask for FREE support.

* 24/7 Helpdesk Support and 5 hours of Remote Support via GoToAssist included into the package.

Let our support team solve your problem with Windows Active Defender and remove Windows Active Defender right now!

support person

Submit support ticket below and describe your problem with Windows Active Defender. Support team will offer you solution in several minutes and give a step-by-step instruction on how to remove Windows Active Defender. Trouble-free tech support with over 10 years experience removing malware.


Submit support ticket


Software Industry Professionals Member
Threat's description and solution are developed by Security Stronghold security team.

Here you can also learn:

* Technical details of Windows Active Defender threat.

* Manual Windows Active Defender removal.

* Download WiperSoft Antispyware Malware Remediation Tool.


How to remove Windows Active Defender manually

This problem can be solved manually by deleting all registry keys and files connected with Windows Active Defender, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Windows Active Defender.

To get rid of Windows Active Defender, you should:

file logo

1. Kill the following processes and delete the appropriate files:

  • %AppData%\NPSWF32.dll
  • %AppData%\Protector-(random 4 letters).exe
  • %AppData%\result.db
  • %AppData%\1st$0l3th1s.cnf
  • Windows Active Defender.lnk

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use WiperSoft Antispyware Malware Remediation Tool for safe problem solution.

**Trial version of Wipersoft provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Wipersoft.

windows folder logo

2. Delete the following malicious folders:

no information

windows registry logo

3. Delete the following malicious registry entries and\or values:

  • Key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

    Value: WarnOnHTTPSToHTTPRedirect
    Data: "0"
  • Key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

    Value: DisableRegedit
    Data: "0"
  • Key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

    Value: DisableRegistryTools
    Data: "0"
  • Key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

    Value: DisableTaskMgr
    Data: "0"
  • Key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

    Value: ConsentPromptBehaviorAdmin
    Data: "0"
  • Key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

    Value: ConsentPromptBehaviorUser
    Data: "0"
  • Key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

    Value: EnableLUA
  • Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Value: Inspector
  • Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
    Value: net
    Data: 2012-6-14
  • Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
    Value: UID
    Data: (random)
  • Key: HKEY_CURRENT_USER\Software\ASProtect
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    \alevir.exe
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    \bipcpevalsetup.exe
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    \gbmenu.exe
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    \msdm.exe

Warning: if value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use WiperSoft Antispyware Malware Remediation Tool for safe problem solution.


If Windows Active Defender blocks you from running security programs.

Often rogue programs like Windows Active Defender block you from running security programs and visiting anti-virus websites. In this case we recommend you to boot your Windows in Safe Mode with Networking. This is special mode when Windows will not load third-party services, drivers and start-up objects. However you will be able to use Internet. Just download and run suggested programs for easy Windows Active Defender removal is Safe Mode with Networking. To load in Safe Mode with Networking and remove Windows Active Defender do the following:


  • Start or restart your Windows

  • Keep pressing F8 button from the beginning of the boot

  • This will open Advanced Boot Option menu

  • In the menu choose Safe Mode with Networking (use arrows on the keyboard to navigate)

  • Wait until Windows loads

  • Download WiperSoft Antispyware Malware Remediation Tool scan and remove found threats.

  • Restart Windows in Normal Mode


Information provided by: Aleksei Abalmasov

Next threat: click.get-answers-fast.com »

« Back to catalog

Home | Partners | Shop | Support | Terms of use | Contact Us | Privacy Policy | Sitemap

Copyright © 2020 Security Stronghold. All Rights Reserved. All content on this website is protected and belongs to Security Stronghold LLC.