Windows Active HotSpot

Windows Active HotSpot Description

Type: Rogue AntiSpyware Programs

ScreenshotWindows Active HotSpot is a rogue security program that belongs to the FakeVimes family of threats. Malware like Windows Active HotSpot is designed to take over the victim's computer, simulating a severe malware attack, and then attempting to convince computer users to purchase a fake security program. Once Windows Active HotSpot is installed, Windows Active HotSpot changes the victim's computer's settings to ensure that Windows Active HotSpot runs automatically and displays fake system alerts and notifications. Windows Active HotSpot causes numerous symptoms on the affected computer that make the affected PC nearly unusable. Essentially, Windows Active HotSpot will try to make computer users believe that the infected computer is affected by Trojans, worms and viruses, and then try to convince them that they need to pay for a 'full version' of Windows Active HotSpot. Since Windows Active HotSpot is considered as a severe threat, security researchers strongly advise computer users to remove this threat from the affected computer.

The FakeVimes family is very large and among its members are Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Some Signals that Windows Active HotSpot is Installed on Your Machine

Windows Active HotSpot causes numerous problems on the affected computer, mainly designed to trick inexperienced computer users into believing that their computer is infected severely. The following are issues that have been associated with Windows Active HotSpot:

  • Windows Active HotSpot causes the affected computer to display numerous, constant error messages and fake system alerts.
  • Windows Active HotSpot causes system performance problems. Once Windows Active HotSpot is installed, the affected computer may become much slower than normal, freeze or crash frequently.
  • Windows Active HotSpot blocks access to the victim's files and operating system. Whenever the victim tries to run a program, open a folder or carry out seemingly normal tasks on the affected computer, Windows Active HotSpot will display a bogus error message claiming that access was blocked for the victim's own protection.
  • Malware analysts have observed that Windows Active HotSpot may affect the victim's Web browser, causing browser redirects and preventing computer users from accessing certain websites.
  • Windows Active HotSpot may interfere with legitimate security software, in part because Windows Active HotSpot protects itself from detection and removal.


Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Active HotSpot

File System Details

Windows Active HotSpot creates the following file(s):
# File Name MD5 Detection Count
1 guard-xoin.exe a4b7982a80cba4da8bc7bf69bc70deff 2
2 %AppData%\guard-[RANDOM CHARACTERS].exe N/A
3 %AppData%\result1.db N/A

Registry Details

Windows Active HotSpot creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-[RANDOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-[RANDOM CHARACTERS].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"

More Details on Windows Active HotSpot

The following messages associated with Windows Active HotSpot were found:
Attempt to run a potentially dangerous script detected.
Full system scan is highly recommended.
System data security is at risk!
To prevent potential PC errors, run a full system scan.
Firewall has blocked a program from accessing the Internet
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.
Warning! Identity theft attempt detected
Hidden connection IP:
Target: Microsoft Corporation keys
Your IP:

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.