Windows Active Defender is a rogue antispyware software. It reports false infections, displays various fake security alerts, hijacks an Internet browser as a method to force you to believe that your computer is infected. Windows Active Defender is designed with one purpose – to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your computer as soon as possible. Use the removal guide below to remove Windows Active Defender from your computer for free.
The bogus program infiltrate computers with the help of trojans or malware without your desire. During installation, Windows Active Defender will tune up your system so it will get launched automatically when you logon into Windows. Immediately after launch, this fake security program will start to scan your computer and reports a lot of various infections that will not be fixed unless you first purchase the software. Important to know, all of these infections are a fake and do not actually exist on your computer. So you can safely ignore the scan results that Windows Active Defender gives you.
Last but not least, while the rogue is running, it will display various security warnings. Some of the warnings are:
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Error
Attempt to run a potentially dangerous script detected.
Full system scan is a highly recommended.
Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
Just like false scan results above, all of these alerts are a fake and supposed to scare you into thinking your computer is in danger. You should ignore all of them!
As you can see, all Windows Active Defender does is fake and you should stay away from the malicious application! If your PC has been infected with the rogue, then ignore all it gives you and follow the removal instructions below in order to remove Windows Active Defender and any associated malware from your computer for free.
Use the following instructions to remove Windows Active Defender (Uninstall instructions)
It is possible that the rogue will not allow you to run a malware removal tools, then you will need to reboot your computer in Safe mode with networking.
Restart your computer. After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Windows Active Defender virus changes Internet Explorer proxy settings to use a malicious proxy server that will not allow you download or update security software. So, you should complete this step to fix this problem.
Run Internet Explorer, Click Tools -> Internet Options as as shown in the screen below.
Internet Explorer – Tools menu
You will see window similar to the one below.
Internet Explorer – Internet options
Select Connections Tab and click to Lan Settings button. You will see an image similar as shown below.
Internet Explorer – Lan settings
Uncheck “Use a proxy server” box. Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Now you should download Malwarebytes Anti-malware and remove all Windows Active Defender associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. Once installation is complete, you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Now click on the Scan button to start scanning your computer for Windows Active Defender associated malware. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. Make sure all entries have a checkmark at their far left and click “Remove Selected”.
Windows Active Defender may change the Windows system HOSTS file so you need reset this file with the default version for your operating system.
Please download OTM by OldTimer from here and save it to desktop. Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):
:Commands
[resethosts]
Click the red Moveit! button. Close OTM.
Your system should now be free of the Windows Active Defender virus. If you need help with the instructions, then post your questions in our Spyware Removal forum.
Windows Active Defender removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
I changed the name of the Malwarebytes startup file to a .BAT extension and was able to scan the computer, which found 700+ infected files (all from the Windows Active Defender virus. But, once I hit “Remove All Selected”, Windows Active Defender lauched – nothing was removed and this was all in ‘Safe” mode. Grrrrrr!!!!
Hi,
Subject: Window Active Defender
I have had this Malware at two of my clients, and I successfully removed the virus of the computer inserting it to another computer and using software called Hirens Boot disk, Malwarebytes failed to do so because this app blocked the launching of this app,I believe if it is installed before this Windows Active Defender it will certainly remove it.(Please note that you will still not be able to delete the app itself even if you insert the hdd into another computer booting up with normal windows.)
the directory of this app is situated in(windows7)
c:\users\”userfile”\AppData\Roaming\Protector.exe
c:\users\”userfile”\AppData\Roaming\info.db(not sure exactly what the database file is called, but it will be with the protector.exe file.)
Good Luck
Hi,
Thank you very much.
solved the problem.
Greetings from Florence