FakeVimes are back. So your computer might get infected with one of rogue antivirus products that belong to this family of malware. All versions of rogue antivirus use different names such as Windows Active Hotspot, Windows Cleaning Toolkit, Windows Activity Booster, and other similar for avoiding detection. The main purpose of new rogue antivirus products is still the same. FakeVimes are designed to scare computer users with false security alerts and sell them completely useless and dangerous programs. There is no licensed version of rogue antivirus offered for sale and no threats that any of these programs can remove. FakeVimes are only designed to remove money out of victims’ pockets.
Do not pay, and remove rogue antivirus as soon as possible. If it stays on your PC, than you might get more malware and spyware installed, and your identity and money might be stolen.
This removal guide will help you to remove rogue antivirus either manually or with a help of Rogue Antivirus Removal Tool that comes with free online support and real-time protection against future infections.
What is Rogue Antivirus?
Rogue antivirus that belongs to FakeVimes family infects computers for couple of years. This program is very close to ransomware because it first scares you with false security alerts, then asks you for money. Cyber criminals spread these rogue security products under different names. Here is a list of new versions of rogue antivirus:
- Windows Active Hotspot
- Windows Cleaning Toolkit
- Windows Expert Console
- Windows No-Risk Center
- Windows Warding Module
- Windows Activity Booster
Any of the listed programs resembles one shown on the picture placed below. Just remember how it looks. If your computer will be infected with rogue antivirus, you would know what it is. This guide will help you to remove any of newest FakeVimes.
Rogue antivirus infects computers with a help of Trojans coming from infected websites. These Trojans are detected as Win32.FakeVimes, but cyber criminals use decryption for delivered malicious payload, and so any unknown Trojan might pass through your antivirus defense. Then it will assemble rogue antivirus malware, and it start to bother you with false security alerts. The chance of FakeVimes infection will decrease if your anti-virus software is updated daily or even more frequently.
Rogue Antivirus Removal Tool
Removing rogue antivirus from FakeVimes family is not that difficult, and you can manually handle it. Though, it will not help to remove other malware that is possibly installed along with rogue antivirus. The most popular among cyber criminals are programs designed to steal your identity and money, or make a bot involved in illegal activities out of your computer. Rogue Antivirus Removal Tool will help you to remove rogue antivirus and other known spyware and malware spread by cyber criminals.
Remove Rogue Antivirus Manually
1) Reboot your computer and tap F8 key. It will bring out windows start menu. Select “Safe mode with command prompt” option and press Enter to start windows.
2) At command prompt, Use taskkill /IM guard* command with wildcard for a random portion of rogue antivirus file name that runs malicious process.
3) Look at the list of rogue antivirus components below, and remove malicious files and registry entries.
4) Since manual removal might be tricky with all of different file names used by cyber criminals for naming malicious components, you might get confused. Then, download Rogue Antivirus Removal Tool for automated removal.
Remove Rogue Antivirus components:
Kill Rogue Antivirus malicious processes
NOTE: -shyx is a random portion of Rogue Antivirus process. It might be different, and you need to kill such process before you can remove rogue antivirus infection related to FakeVimes.
Use taskkill /IM guard* command with wildcard typed at command prompt for killing newest FakeVimes rogue antivirus process.
Remove Rogue Antivirus entries from system registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
Delete Rogue Antivirus files and folders:
C:\Documents and Settings\Administrator\Application Data\guard-chyx.exe
NOTE: -shyx is a random portion of rogue antivirus file name. It might be different, and you need to find such file and remove it.
Use guard* wildcard for a search.
Note: If manual removal is too complicated for you, then use Rogue Antivirus removal tools that helps to remove this malware and other such computer infections.
Remove Rogue Antivirus Completely
Rogue antivirus might come with other malicious programs. More viruses might infect your system if rogue antivirus blocks your antivirus software. Some of malicious programs can help cyber criminals to control your computer, and it might be used for illegal activity on the internet, or for stealing your private data. If your computer is got infected with rogue antivirus then you need to take some steps and make sure that your system is secure. Update your antivirus program after you remove rogue antivirus and run a full system scan. If no suspicious files are found by your antivirus, try to scan your system with free antivirus scanners from trusted manufacturers. This use of different overlapping virus databases for malicious program detection will help you to be confident about your system security.
Find more about prevention computer infections and protection against malicious programs.