Windows Maintenance Guard

Windows Maintenance Guard Description

ScreenshotDespite the fact that its name would lead you to believe that Windows Maintenance Guard is a legitimate security program, Windows Maintenance Guard is in fact a kind of malware infection. Windows Maintenance Guard is not associated with Microsoft and has no way of guarding your computer against malware or performing any kind of maintenance. Windows Maintenance Guard is one more member of a notorious online scam. Basically, criminals will try to convince you to purchase bogus security software by convincing you that your PC is in trouble. Because of this, if Windows Maintenance Guard has managed to infect your machine, you should use a real, legitimate anti-malware program in order to remove Windows Maintenance Guard from your computer system.

To steal your money, Windows Maintenance Guard will try to persuade you that your PC is critically infected with malware. To do this, Windows Maintenance Guard has several tactics. These include pestering you with numerous fake error messages and bogus pop-up notifications from the Task Manager and displaying fake system scans showing alarming results. Windows Maintenance Guard can also cause browser redirects and block access to your files and programs – especially those associated with computer security. Windows Maintenance Guard will often conflict with legitimate programs and Windows components, making your computer system become slow and unresponsive. Windows Maintenance Guard will rarely show up alone, so if this fake security program is installed on your hard drive, expect other malware to be lurking about.

Windows Maintenance Guard's Large Family of Rogue Security Software

Windows Maintenance Guard, along with dozens other fake security programs, belongs to a family of malware commonly known as the family of rogue security software. Active since 2009, the FakeVimes family of malware is composed of fake security programs that carry out similar scams. Windows Maintenance Guard in particular belongs to a batch of malware in the FakeVimes family that can be hard to be removed, due to their association with rootkits such as ZeroAccess and Sirefef variants. Examples of malware in the FakeVimes family similar to Windows Maintenance Guard include To remove these threats from your system, you may need a specialized anti-rootkit tool. In many cases, the registration code 0W000-000B0-00T00-E0020 has attested to be an adequate way of stopping many of Windows Maintenance Guard's most irritating symptoms in order to ease removal of this malware infection with a reliable anti-malware program.

Do You Suspect Your Computer May Be Infected with Windows Maintenance Guard & Other Threats? Scan Your Computer with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like Windows Maintenance Guard as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover*
Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Maintenance Guard infects a computer.

How to Remove Windows Maintenance Guard

Registry Details

Windows Maintenance Guard creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "idhsudrgrf"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-6-18_7"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.