How to remove Windows Be-on-Guard Edition?
Windows Be-on-Guard Edition is jet another fake antivirus software which originates from a family of rogues called "FakeVimes". Internet criminals who are responsible for creating this rogue family are adding new bogus program to it daily, new variants of these fake antivirus software shares the same user interface and uses similar tactics to infiltrate users PC. Windows Be-on-Guard Edition is distributed using malicious websites which tricks computer users into downloading this fake security scanner. The strategy used for distribution this rogue is displaying a fake online security pop-up which states that your PC is infected with viruses.
To make this warning message appear more realistic Cyber criminals exploit the name of a legitimate antivirus program Microsoft Security Essentials - the following message that is displayed to PC users who entered their created malicious website supposedly comes from this program and displays a list of malware detected in user's computer. This trickery leads to Windows Be-on-Guard Edition being installed on your computer. After infecting your PC this rogue software will start imitating a legitimate antivirus program and will pretend to perform a security scan. This scan will end up in detection of multiple critical risk security infections on your computer, if you click "Remove All" button in Windows Be-on-Guard Edition you will be asked to pay for it's full version prior it could eliminate all the found security threats.
You shouldn't trust this software, it's a fake antivirus program which tries to trick you into purchasing it's useless licence key in order to remove the security infections that doesn't exist on your computer. Windows Be-on-Guard Edition is using generated warning messages and security scans to scare you, this bogus program shows the same false detection list on every PC that it infects. The scaring tactics used by this rogue antivirus program includes showing fake security scans, displaying false detection list of malware and modifying your operating system. After this bogus software infects your computer you won't be able to launch your installed programs and your Task Manager will be changed to Advanced Process Control so you won't be able to end processes of Windows Be-on-Guard Edition. Previous versions of this malicious software were called Windows Abnormality Checker, Windows Pro Solutions, Windows Sleek Performance and nearly a hundred other. Don't even consider purchasing a licence for this program, it's a scam which shows false malware detection results and tries to trick unsuspecting computer users into buying it's non-existent full version. Use the provided removal guide to eliminate this rogue from your PC.
Fake warning messages are generated by this bogus antivirus program:
"Warning! Virus Detected Threat detected: FTP Server Infected file: C:\Windows\System32\dllcache\wmploc.dll"
"Warning! Identity theft attempt Detected Hidden connection IP: 184.108.40.206 Target: Your passwords for sites"
"Error Key-logger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan"
"Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediatly to prevent the system crash"
Windows Be-on-Guard Edition removal:
Before downloading the remover click a question mark icon at the top of the main window of this program, choose "Activate Now" and enter this registration code: 0W000-000B0-00T00-E0020 This will enable blocked Windows functions and will make the further removal process much easier, after entering the activation code continue to downloading the spyware remover.
If you can't download or run spyware remover try running registry fix (link below). It enables execution of programs. download registryfix.reg file, double click it, click YES and then OK.
Manual Windows Be-on-Guard Edition removal instructions:
Start your computer in safe mode. Click Start, then click Shut down. Select Restart and click OK. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Now we need to remove proxy settings. This fake software adds a proxy to your Internet connection settings to show various errors when you try to access Internet. To do this, open Internet explorer, click Tools and select Internet Options. Then select the "Connections" tab.
In the "Connections" tab, click LAN settings, if a "Use a proxy server for your LAN" is checked, uncheck it and press OK. Sometimes rogue programs could hide this setting from you, and you could see that proxy setting is disabled, while actually it could be enabled, but not shown up in these settings. If a "Use a proxy server for your LAN" is unchecked, It is recommended to check it then un-check it and then click OK.
Download HijackThis and save it on your desktop. Some malicious programs are able to block HijackThis so when you click the download link, in the Save dialog rename HijackThis.exe to iexplore.exe and only then click the Save button. After saving the file on your desktop, double click it. In the main HijackThis window click “Do a system scan only” button. Select these entries (place a tick at the left of the entry):
O4 - HKCU\..\Run: [Inspector] %AppData%\Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)
After selecting required entries, click "Fix Checked" and these entries will be removed. After this procedure you can close HijackThis and proceed to the next removal step.
Download a legitimate anti-spyware software to fully remove this rogue from your computer.
After removing this bogus program, you will need to reset your Hosts file. Don't skip this step, this malware modifies your Hosts files, and you will encounter browser redirect problems if malicious entries will not be removed from hosts file.
Hosts file is used to resolve some canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft Fix It tool, that restores your hosts file to Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
After doing all these steps your computer should be clean.
Other tools known to remove this infection:
Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.
If you can't access Internet:
Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.
Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.
Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.
After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program. Then run a full system scan.
Manual Windows Be-on-Guard Edition removal:
If you were unable to remove this malware using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these processes:
Protector.exe (Protector.exe file may have 3 or more random characters at the end of it's file name like ProtectionGQY.exe)
Remove these registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
Delete these files:
%StartMenu%\Programs\Windows Be-on-Guard Edition.lnk
%AppData%\Protector.exe (NOTE: this file may have various symbols at the end of it's name. Look for the similar file name pattern and remove it)
%Desktop%\Windows Be-on-Guard Edition.lnk
Other tips, that might help remove Windows Be-on-Guard Edition
- If you can't download anti-spyware software: Click on the download link, when the save dialog opens change the file name (example: when downloading mbam-setup.exe rename it to iexplore.exe).
- If you have installed anti-spyware program but you can't run it do the following steps:
- Click Run, type %ProgramFiles% and press Enter. Open folder of your anti-spyware program, search for executable file and rename it. (example: Open Malwarebytes’ Anti-Malware folder, right-click on the main executable file (mbam.exe) then click rename. Rename the mbam.exe file to iexplore.exe, winlogon.exe firefox.exe or other known executable file.
- If you can't access your anti-spyware software, try creating a new user account:
Click Start -> Settings -> Control panel.
Click User Accounts and create a new account.
Reboot your computer and log in using a newly created user account.
After this procedure you should be able to access your anti-spyware programs. Update and run a full system scan.
- FBI Your Computer Has Been Locked scam
- System Care Antivirus
- Department of Justice MoneyPak Virus
- Win 7 Antivirus 2013
- SweetIM Toolbar (Search.sweetim.com Virus)
- Department of Justice scam
- FBI Cybercrime Division - Your PC is Blocked (MoneyPak Virus)
- Metropolitan Police ransomware (PCeU) virus
- Police Central E-Crime Unit Virus
- Internet Security "designed to protect" Scam - Fake Antivirus Program