How to Remove Rogue Antivirus – Newest FakeVimes

FakeVimes are back. So your computer might get infected with one of rogue antivirus products that belong to this family of malware. All versions of rogue antivirus use different names such as Windows Active HotspotWindows Cleaning ToolkitWindows Activity Booster, and other similar for avoiding detection. The main purpose of new rogue antivirus products is still the same. FakeVimes are designed to scare computer users with false security alerts and sell them completely useless and dangerous programs. There is no licensed version of rogue antivirus offered for sale and no threats that any of these programs can remove. FakeVimes are only designed to remove money out of victims’ pockets.

Do not pay, and remove rogue antivirus as soon as possible. If it stays on your PC, than you might get more malware and spyware installed, and your identity and money might be stolen.

This removal guide will help you to remove rogue antivirus either manually or with a help of Rogue Antivirus Removal Tool that comes with free online support and real-time protection against future infections.


What is Rogue Antivirus?

Rogue antivirus that belongs to FakeVimes family infects computers for couple of years. This program is very close to ransomware because it first scares you with false security alerts, then asks you for money. Cyber criminals spread these rogue security products under different names. Here is a list of new versions of rogue antivirus:


  • Windows Active Hotspot
  • Windows Cleaning Toolkit
  • Windows Expert Console
  • Windows No-Risk Center
  • Windows Warding Module
  • Windows Activity Booster


Any of the listed programs resembles one shown on the picture placed below. Just remember how it looks. If your computer will be infected with rogue antivirus, you would know what it is. This guide will help you to remove any of newest FakeVimes.

Sample of rogue antivirus out of FakeVimes famlily

Rogue antivirus infects computers with a help of Trojans coming from infected websites. These Trojans are detected as Win32.FakeVimes, but cyber criminals use decryption for delivered malicious payload, and so any unknown Trojan might pass through your antivirus defense. Then it will assemble rogue antivirus malware, and it start to bother you with false security alerts. The chance of FakeVimes infection will decrease if your anti-virus software is updated daily or even more frequently.



Rogue Antivirus Removal Tool

Removing rogue antivirus from FakeVimes family is not that difficult, and you can manually handle it. Though, it will not help to remove other malware that is possibly installed along with rogue antivirus. The most popular among cyber criminals are programs designed to steal your identity and money, or make a bot involved in illegal activities out of your computer. Rogue Antivirus Removal Tool will help you to remove rogue antivirus and other known spyware and malware spread by cyber criminals.

DownloadDownload Removal Tool

If your access to the Internet is blocked by some malicious program, then try to:

  1. Restart your computer and tap “F8” key when Windows loading is started.
  2. Highlite “Safe Mode with Command Prompt” and continue.
  3. Type taskkill /IM guard* and press “Enter”.
  4. Download and install this removal tool.

Start the removal tool and let it detect and remove malicious programs.



Remove Rogue Antivirus Manually

1) Reboot your computer and tap F8 key. It will bring out windows start menu. Select “Safe mode with command prompt” option and press Enter to start windows.

2) At command prompt, Use taskkill /IM guard* command with wildcard for a random portion of rogue antivirus file name that runs malicious process.

3) Look at the list of rogue antivirus components below, and remove malicious files and registry entries.

4) Since manual removal might be tricky with all of different file names used by cyber criminals for naming malicious components, you might get confused. Then, download Rogue Antivirus Removal Tool for automated removal.



Remove Rogue Antivirus components:


Kill Rogue Antivirus malicious processes


NOTE: -shyx is a random portion of Rogue Antivirus process. It might be different, and you need to kill such process before you can remove rogue antivirus infection related to FakeVimes.

Use taskkill /IM guard* command with wildcard typed at command prompt for killing newest FakeVimes rogue antivirus process.

How to Stop Malicious Process with your Task Manager


Remove Rogue Antivirus entries from system registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe

How to Edit Windows Registry


Delete Rogue Antivirus files and folders:

C:\Documents and Settings\Administrator\Application Data\guard-chyx.exe

NOTE: -shyx is a random portion of rogue antivirus file name. It might be different, and you need to find such file and remove it.

Use guard* wildcard for a search.

How to Show Hidden Files


Note: If manual removal is too complicated for you, then use Rogue Antivirus removal tools that helps to remove this malware and other such computer infections.

DownloadDownload Malware Removal Tool

SpyHunter is definitely one of the best malware removal tools that offers you a wide range of options for malware removal, reliable anti-malware protection, and easy of use.

  • Free online support helps to remove complex computer infections
  • Free anti-malware scanner is truly helpful for manual removal
  • Reliable real-time protection against malicijus programs
  • Lot of features and easy of use for anyone

SpyHunter Malware Security Suite offers anti-malware and anti-spyware protection that helps to prevent identity theft and protect your security and privacy.



Remove Rogue Antivirus Completely

Rogue antivirus might come with other malicious programs. More viruses might infect your system if rogue antivirus blocks your antivirus software. Some of malicious programs can help cyber criminals to control your computer, and it might be used for illegal activity on the internet, or for stealing your private data. If your computer is got infected with rogue antivirus  then you need to take some steps and make sure that your system is secure. Update your antivirus program after you remove rogue antivirus and run a full system scan. If no suspicious files are found by your antivirus, try to scan your system with free antivirus scanners from trusted manufacturers. This use of different overlapping virus databases for malicious program detection will help you to be confident about your system security.

Find more about prevention computer infections and protection against malicious programs.

If this guide is helpful, share it to HELP or to WARN your friends on this virus


Leave a Reply

Your email address will not be published. Required fields are marked *


SpuHunter Anti-malware
STEP 1. Download SpyHunter and scan your computer for malware, spyware, adware, browser hijackers, redirect viruses, unwanted programs, keyloggers, and tracking cookies.
SpyHunter free scanner
STEP 2. Use free help desk support that guarantees your success in removing even most complicated malware infection.
SpyHunter Anti-malware
STEP 3. Protect your computer against viruses, cyber criminals, unwanted software and advertising, DNS changes, and malicious surveillance.