Posts Comments

Windows Easy Warden

By admin on July 20, 2011 Leave a Comment

What is Windows Easy Warden?

Windows Easy Warden is fake antivirus software spread with the use of trojans as well as other forms of malware. The main purpose of Windows Easy Warden is to trick PC users into purchasing a copy of its fake license. Under no circumstances should any personal information be submitted to Windows Easy Warden. Once detected, the necessary steps for Windows Easy Warden removal should be carried out immediately.

How Did I get infected with Windows Easy Warden?

In a similar way to most fake antivirus software clients on the Internet, Windows Easy Warden is usually installed as a result of malicious website visits or infected application downloads. Usually this fake antivirus is spread using trojans and backdoors, however, outdated software running on end user PCs may also be a cause of infection as malicious websites are deployed on the Internet by cyber criminals in an attempt to exploit browsers and other common vulnerable software.

What is Windows Easy Warden Doing to My Computer Right Now?

Windows Easy Warden will most likely start displaying fake security alerts designed to scare users so that the scam will be more succesful. It is recommended to simply ignore all such popup windows and continue with the Windows Easy Warden removal process so that this malware is deleted as soon as possible.

In most cases Windows Easy Warden will modify certain system settings by adding new registry entries that prevent users from accessing certain websites in an attempt to prevent legitimate antivirus software from being installed.

Additionall files will also be created on disk, files that are designed to be detected by Windows Easy Warden itself as part of the fake antivirus scan. As part of the scanning process, Windows Easy Warden will in most cases rate key operating system elements with a poor percentage in an attempt to create an even more impressive scenario.

Windows Easy Warden

Windows Easy Warden

» Download Windows Easy Warden Removal Software

What Do I Do To Remove Windows Easy Warden?

Your first step is to follow the manual removal guide included in this article in order to know how to remove Windows Easy Warden without causing any damage to key operating system components.

 

Automatic Windows Easy Warden Removal

Online Windows Easy Warden Removal Service

computer repair

Remove Proxy Setting so You Can Connect to the Internet Again. Some need this some do not.

Proxy Settings

Windows Easy Warden Manual Removal Procedures

first step you must take in order to remove Windows Easy Warden is to stop its main running process:

  • [random].exe

Unfortunately this fake antivirus software does not use a static process name, reason why it will be up to the user to identify the correct file related to this threat. Usually, a set of random alpha-numeric keys are used and the file gets updated periodically, reason why sorting folder contents by last modified first will be useful in finding the correct executabe.
Known File Path Locations
XP:

  • C:\Documents and Settings\%User Name%\Application Data\[random].exe

Vista / Windows 7:

  • C:\Users\%User Name%\AppData\Roaming\[random].exe

To stop this process you can either identify the executable related to Windows Easy Warden and rename it to a different name and reboot or simply reboot into Safe Mode with Networking and delete the file as it will no longer be running automatically.
An alternative solution that has proven to be useful is to browse tp the executable file path location indicated above, according to operating system and sort the folder contents by last modified date. In this way, depending on the age of infection, Windows Easy Warden executable file will be somewhere close to the top of the file list.

KNOWN LOCATIONS OF THIS VIRUS

Windows XP:

  • C:\Documents and Settings\All Users\Application Data\Local\

Windows Vista / Windows 7:

  • C:\Users\%User Name%\AppData\Roaming\

Once you have deleted the above executable, running full system scan using genuine antivirus software such as Spyware Doctor with Antivirus is one of the best steps. We recommend this antivirus as it has proven to posses a high detection ratio of most types of malware.

If you find this threat too hard to remove or if you are not completely sure how to remove Windows Easy Warden then it is recommended to contact an online computer repair service and request for a remote repair session.

Windows Easy Warden Registry Removal Procedures

PLEASE NOTE: Editing the registry without prior experience can cause a various number of operating system problems and generic system faults. For this reason PC Health Advisor is a recommended tool that can handle this task automatically and without any risk.

Here are the registry traces for your reference only:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'

Windows Easy Warden Directories:

XP

  • C:\Documents and Settings\%User Name%\Application Data\

Windows 7 / Windows Vista

  • C:\Users\%User Name%\AppData\Roaming\

Conclusion

The attempt to delete Windows Easy Warden can turn out to be a difficult task if performed by inexperienced PC users. For this reason we recommend the usage of legitimate antivirus software such as Spyware Doctor with Antivirus in order to properly identify and remove malicious files related to this fake antivirus. Once this is done, in case any further operating system related problems still persist it may be a good idea to request a remote computer repair support session from an online compute repair service such as the one recommended on our website.

Filed Under: Virus Removal Tagged With: , , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.