Windows Warding Module
Written by Tomas Meskauskas
Damage level: High
Windows Warding Module removal instructions
What is Warding Module?
Windows Warding Module is a fake antivirus program that reports non existent security infections with the intention of scaring unsuspecting PC users into purchasing a useless license key. This rogue program is created by cyber criminals who distribute it using fake online security scanners and 'exploit kits'. Internet users should be aware that online security scanners able to indicate possible security infections on their systems do not exist - these pop-up ads merely mimic the detection of high-risk security infections to trick Internet users into downloading Windows Warding Module. Exploit kits are security infections, which infiltrate operating systems using outdated software. After successful infiltration, this malware takes full control of the user's operating system, and thus, can easily install fake antivirus programs, ransomware viruses, and Trojans.
This fake antivirus program originates from a family of rogue security scanners called FakeVimes. Do not trust this program as it reports non existent security infections in order to scare PC users into activating 'Ultimate Protection'. In fact, this program has no virus definition database or legitimate virus scan engine - it simply gives the appearance that it does and 'detects' identical security threats on all computers infiltrated. Windows Warding Module has similarities to ransomware infections - specifically, it prevents users from accessing their desktops unless they purchase the fake license key. Similarly, ransomware viruses block access to users' desktop unless they pay a fake fine for alleged law violations. PC users should be aware that this program is a scam and paying for the license is equivalent to sending their money to cyber criminals.
Windows Warding Module is just one of many fake antivirus programs originating from a family of rogues called FakeVimes. Previous variants were named Windows Active Hotspot and Windows Cleaning Toolkit. To protect your computer from such bogus antivirus programs, keep installed programs up-to-date and use legitimate antivirus and anti-spyware programs. Computer users who have already paid for the license key of this rogue program should contact their credit card companies and dispute the charges, explaining that they have been tricked into buying a fake antivirus program. If you observe Windows Warding Module scanning your computer for security infections, your PC is infected with a rogue antivirus program. Ignore the fake security threat detections and use the removal guide provided to eliminate this scam from your operating system.
- What is Warding Module?
- STEP 1. Remove Warding Module using command prompt.
- STEP 2. Remove Warding Module using Safe Mode with Networking.
Windows Warding Module removal:
Before downloading the removal software for this rogue antivirus program, complete these steps:
1. Wait until this rogue antivirus program completes the fake security scan and click "Settings" (at the top of the main window).
2. Select "Allow unprotected Startup".
3. After selecting "Allow unprotected Startup", close Windows Warding Module. A notification will appear, "Unprotected startup is unsafe for your private data!". Click "OK".
4. Windows 7 users: Click the Windows logo, in the "Search programs and files" field, type "Command Prompt". In the opened list click the right mouse button over the "Command Prompt" entry and select "Run as administrator".
Windows XP users: Click Start and navigate to Accessories menu - Start > All Programs > Accessories. Select Command Prompt.
5. In the opened window (Command Prompt), type: taskkill /IM guard* and press Enter.
6. After killing the Windows Warding Module process, download legitimate anti-spyware software to completely remove this rogue antivirus program from your computer.
If you cannot download or run the spyware remover, try running the registry fix (link below). It enables execution of programs. Download the registryfix.reg file, double click it, click YES and then OK.
Windows Warding Module removal using Safe Mode with Networking:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Video showing how to start Windows XP in "Safe Mode with Networking":
Remove proxy settings from Internet Explorer. This rogue antivirus adds a proxy to the user's Internet connection settings in order to display various errors when user attempts to access the Internet. To remove proxy settings: Open Internet Explorer and click the gear icon. In the opened menu, select "Internet Options."
In the opened window select the "Connections" tab.
In the "Connections" tab, click on "LAN settings".
If "Use a proxy server for your LAN" is checked, uncheck it and click OK.
Download legitimate anti-spyware software to completely remove this fake antivirus program from your computer.
After removing this rogue software, you should reset your Hosts file. Do not skip this step since Windows Warding Module modifies your Hosts files, and you will encounter browser redirect problems if malicious entries are not eliminated.
The Hosts file is used to resolve canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious sites, despite seeing legitimate URLs in address bar. It is difficult to determine sites are genuine when the Hosts file is modified. To fix this, please download the Microsoft Fix It tool, that restores your Hosts file to the Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
After completing all these steps, your computer should be clean.
Other tools known to remove Windows Warding Module:
The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.
A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in Windows Warding Module distribution:
Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of Windows Warding Module and other rogue antivirus programs:
To protect your computer from Windows Warding Module and other rogue antivirus programs users should:
- Keep their operating system and all of the installed programs up-to-date.
- Use legitimate antivirus and anti-spyware programs.
- Use caution when clicking on links in social networking websites and email messages.
- Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.
Symptoms indicating that your operating system is infected with a fake antivirus program:
- Intrusive security warning pop-up messages.
- Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
- Slow computer performance.
- Disabled Windows updates.
- Blocked Task Manager.
- Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.
If you are experiencing problems while trying to remove Windows Warding Module from your computer, please ask for assistance in our malware removal forum.
If you have additional information on Windows Warding Module or it's removal please share your knowledge in the comments section below.