1 of 6
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Infection Video Windows Stability Guard

Windows Stability Guard

Recently rogues from Rogue.FakeVimes family have been popping up almost every single day. Windows Stability Guard is yet another “new” face in the crowd. It looks and behaves just like its predecessors, including Windows Basic Antivirus, Windows Smart Warden, Windows PRO Scanner and many more. Judging from Windows Stability Guard’s interface the rogue usually targets computers that run on Windows XP, because its interface looks like a part of Windows XP Explorer. However, that does not mean that Windows Stability Guard is able infect only Windows XP operating system.

Usually Windows Stability Guard enters your system via fake online malware scanner or hacked websites. In case of hacked websites, the download of Windows Stability Guard starts automatically once you enter the website, and you are not prompted about it. Once the rogue is installed, it launches a fake system scan, but its results do not reflect the real file situation on your computer. Windows Stability Guard might say that you are infected with various viruses, but that is NOT TRUE.

Windows Stability Guard only wants you to think like that, because it expects you to click on that “Activate Ultimate protection” button and purchase the full version of completely worthless program. If you do pay for Windows Stability Guard, you will reveal your credit card number, expiration date and the CVV2 code to cyber criminals, and as a result this exposed information will be used for various illegal financial operations. In the end you will just lose your money while your operating system will be damaged beyond repair.

Hence, Windows Stability Guard has to be removed. It resists removal, however, by blocking your Task Manager and Registry editor. This way the rogue does not allow you to terminate its processes or delete any of its files manually. What is more, it terrorizes you with a list of fake security notifications, for example:

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:\Windows\System32\dllcache\wmpshell.dll

The notifications and your system’s behavior should convince you that there is no other way out of this situation but to buy the full version of Windows Stability Guard. However, you have to know better – the REAL way out of this includes deleting Windows Stability Guard for good. Do not wait any longer and terminate Windows Stability Guard using a powerful security tool, if you do not know how to remove the rogue manually.

Download Spyware Removal Tool to Remove* Windows Stability Guard
  • Quick & tested solution for Windows Stability Guard removal.
  • 100% Free Scan for Windows

How to renew your internet connection:

This rogue antispyware blocks your Internet connection to prevent you from removing the rogue application. To enable the Internet connection, please follow these instructions:
  1. Open Internet Explorer and go to >Tools< select >Internet Options<

  2. Select >Connections<

  3. Select >LAN Settings<

  4. Now you need to uncheck the checkbox labeled >Use a proxy server for your LAN< in Proxy Server section. Then press the >OK< button to close this screen and press the >OK< button to close the Internet Options screen.

  5. Now you can download the SpyHunter scanner and remove the infection.

Download Spyware Removal Tool to Remove* Windows Stability Guard
  • Quick & tested solution for Windows Stability Guard removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Stability Guard

Files associated with infection (Windows Stability Guard):

%Desktop%\Windows Stability Guard .lnk
%CommonStartMenu%\Programs\Windows Stability Guard.lnk
%AppData%\result.db
%AppData%\Protector-[Random].exe
%AppData%\NPSWF32.dll

Dynamic Link Libraries to remove (Windows Stability Guard):

%AppData%\NPSWF32.dll

Processes to kill (Windows Stability Guard):

%AppData%\Protector-[Random].exe

Remove registry entries (Windows Stability Guard):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-28_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.