Windows Microsoft Guardian is a program that pretends to be a legitimate security program. In reality it is unable to detect and remove any infections. The program is a totally scam which part of the Microsoft Security Essentials alert infection. It will display hundreds of fake alerts, detect fake infections in order to scare you and make you believe in some danger that does not exist. It hopes that you will next purchase its full (paid) version. So, you should stay away of this application! Read below what you’ll want to know though is what does this malware do and how to remove it from your PC for free.
During installation, the rogue will be configured to start automatically when Windows loads. When Windows Microsoft Guardian is started, it will perform a fake system scan and detect that your computer is infected with a lot of viruses. Next, the malicious program will prompt you to purchase its full version to fix supposedly found infections. Remember, none of the scan results displayed by this application are true! So you can safely ignore the scan results that Windows Microsoft Guardian gives you.
While Windows Microsoft Guardian is running, it will flood your computer with warnings and fake security alerts. Some of the alerts are:
Warning
There`s a suspicious fsoftware running on your PC.
For more details, run a system file check.
Check your computer security
There are multiple security problems with your
computer.
Check this notification to fix these problems.
Moreover, the malicious program blocks legitimate Windows applications claiming that they are infected:
Warning!
Location: …\mbam.exe
Viruses: Trojan.Win32.Qhost
Thus, you will be unable to run some programs, including antivirus software. Of course, like false scan results above, all of these alerts and messages are just a fake. All of them are used in order to mislead you into purchasing the full version of Windows Microsoft Guardian and, thus, fix the entire system. You should ignore all of them!
As you can see, all Windows Microsoft Guardian does is fake and you should stay away from the malicious application! If your PC has been infected with the rogue, then ignore all it gives you. Do not pay for this software and remove it as soon as possible. Follow the removal instructions below in order to remove Windows Microsoft Guardian and any associated malware from your computer for free.
Automatic removal instructions for Windows Microsoft Guardian
1. Once Windows loaded you will see a Windows Microsoft Guardian screen. Click OK button to perform a fake scan. Once the scan is complete, press the “Fix Errors” button. Now you can close the program. Click “X” button at the top-right of Windows Microsoft Guardian or press ALT + F4. After that your Windows Desktop will be available.
2. Click Start, Type in search field (if you use Windows XP, then Click Start, Run and type in Open field): %APPDATA% as shown below.
3. Press Enter. It will open the contents of Application Data folder (for Windows XP) or the contents of Roaming folder (for Windows Vista, Windows 7). Next open the Microsoft folder as shown in the screen below.
4. Basically, there will be a file named with a series of numbers or letter (e.g. wsewsu.exe or wsewsu, look the example above), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter. Reboot your computer.
The malicious program may hide its own file, so if this folder is empty, then you need to enable “Show hidden files and folders” option to see all hidden files. Open Folder options (Windows Vista/7: Organize->”Folder and search options”->View tab; Windows 2000/XP: Tools->Folder Options->View tab). Select “Show hidden files and folders” option and click OK button. Now repeat the step 4.
5. Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
6. Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
7. If an update is found, it will download and install the latest version.
8. Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
9. Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Microsoft Guardian infection. This procedure can take some time, so please be patient.
10. When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
11. Make sure that everything is checked, and click Remove Selected for start Windows Microsoft Guardian removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Windows Microsoft Guardian removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Windows Microsoft Guardian creates the following files and folders
%AppData%\Microsoft\{RANDOM}.exe
Windows Microsoft Guardian creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe | Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe | Debugger
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell = “%AppData%\Microsoft\{random}.exe”
