Windows Active Guard
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 20 % (Normal) |
Infected Computers: | 2 |
First Seen: | July 23, 2012 |
Last Seen: | April 23, 2023 |
OS(es) Affected: | Windows |
Windows Active Guard is a malware program that belongs to the FakeVimes family of fake security software. Windows Active Guard carries out a common online scam that involves pretending to be a real security program in order to convince inexperienced computer users that they must pay for an expensive 'upgrade'. Since there are no real anti-malware capabilities on Windows Active Guard and it is, in reality, a malware infection itself, ESG malware researchers strongly recommend ignoring all of Windows Active Guard's warnings and removing this bogus security program with a reliable anti-malware application.
Table of Contents
Windows Active Guard’s Family of Rogue Security Programs
Malware in the FakeVimes family has been active since 2009 and have been continually updated since then. One of the reasons why malware in the FakeVimes family have been increasingly active in 2012 is because criminals have started to integrate a rootkit component into the FakeVimes attack. Using a variant of the Sirefef rootkit, criminals can make programs such as Windows Active Guard particularly difficult to remove or even detect as malware. Examples of other fake security programs in the FakeVimes family released in 2012 and previous years include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. Do not be fooled by their different names, they are all essentially the same malware infection.
How Windows Active Guard Tries to Steal Your Money
Windows Active Guard is designed to impersonate a legitimate security program. However, unlike a real anti-virus application, Windows Active Guard will always indicate that your computer is severely infected with malware. If you try to use Windows Active Guard to fix these supposed problems, Windows Active Guard will direct you to its website, where you will be urged to purchase an expensive 'upgrade' to fix these nonexistent problems. Windows Active Guard will also harass you with continual error messages and alarming security notifications in order to pressure you into falling for its scam.
Do not pay for this fake security application, even if this is done in order to stop its annoying error message. In fact, you can stop these with the registration code 0W000-000B0-00T00-E0020. It is important to remember that this registration code will not remove Windows Active Guard. The only way to remove this fake security program is by using a real, legitimate and proper anti-malware application that possesses anti-rootkit capabilities. In most cases, an alternative boot method is also recommended before attempting to remove this threat.
Windows Active Guard Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %AppData%\Protector-[RANDOM CHARACTERS].exe |
Registry Details
URLs
Windows Active Guard may call the following URLs:
.bytemarkup.xyz |