The rogue Windows Warding Module anti-spyware is part of the Rogue.FakeVimes group of malicious computer infections. It masquerades as a legitimate application that provides protection against online viruses and threats. But it's just the opposite of what it claims. Once it has been installed on your computer, it will automatically start once you login to Windows. And at each start Windows Warding Module will perform a fake scan and display fabricated results of threats that it has detected on your computer. If you attempt to have it remove any of the fake detected threats, it prompts you to purchase a license before it will proceed to do so.
Windows Warding Module may be installed by fake online virus scanners that state something along the lines of an infection has been found and to click on them to perform a scan of your computer. It may also be installed thru drive-by installations during visits to compromised websites.
Under no circumstances should you purchase a license for this bogus product. Doing so would place your financial information at great risk.
To remove this infection, you'll need to download a couple of software utilities on a known clean computer and then afterwards, copy them onto the infected computer via a flash drive or a burned cd/dvd. The utilities that you will need include:
Possible Windows Warding Module Activation Codes: 0W000-000B0-00T00-E0001
At this point the Windows Warding Module should now be completely removed from the computer. But if there are still indications of the original infection, you may need to follow the instructions from one of our other more aggressive removal tutorials.
Windows Warding Module Associated Files:
Windows Warding Module Associated Windows Registry Information Data:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "GuardSoftware" = "%AppData%\guard-<random>.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="C:\\Users\\User\\AppData\\Roaming\\guard-<random>.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
Smith Technical Resources makes no guarantees or claims that the information contained in this article will help you completely remove the above listed malicious program(s) from your computer. There are several variations of each particular virus in the wild . And the procedure listed above may not be adequate for the specific version of the virus that your computer has been compromised by.
If you feel uncomfortable performing any of the procedures that we've listed on this page, please contact a professional computer repair company in your area and have them complete the needed repairs on your computer. Smith Technical Resources takes no responsibility for any possible damage that could result from your use of the above instructions.