Win32 Virus Removal

Windows Easy Warden is yet another program that is part of the fake Microsoft Security Essentials infection. Windows Easy Warden gets installed on your computer via a Trojan that starts displaying fake Microsoft Security Essentials alert messages suggesting that an Unknown Win32/Trojan has been found on your computer.

You will then be prompted to scan your computer which will start a fake scan, at the end of which you will be misinformed that a particular file on your computer has been infected with Trojan.Horse.Win32.PAV.64.a. The real Trojan will then suggest that the only way of getting read of this infection is by downloading and installing Windows Easy Warden. Pressing OK on these messages will automatically download and install Windows Easy Warden on your machine, after which your computer will reboot.

How To: Remove Windows Easy Warden Virus / Malware ( Removal Guide )

After the reboot you will notice that you are not able to access your regular desktop screen. Instead you will be presented with the main window of Windows Easy Warden. Again you will be prompted to perform a scan on your computer which will again display fake results, scaring you into thinking that your computer has been infected by multiple viruses. Windows Easy Warden will then suggest that you buy the full version of the program in order to get rid of these infections. Do not fall into this scam as the supposed full version is nothing more than a forgery meant to get a hold of your money.

*Note that you will not be able to access your regular desktop screen unless you go through the fake scanning process every time you reboot your computer.

Windows Easy Warden Removal Guide

In order to get rid of this infection you will need to download RKill, Shell.reg and Malwarebytes’ Anti-Malware (MBAM). Keep in mind that Windows Easy Warden might prevent you from accessing the internet. If this is the case then you will need to download these files on another computer and then transfer them on the infected machine via CD/DVD, USB flash drive or other means.

• The first thing you need to do is kill any processes related to Windows Easy Warden. In order to do so you will need to run RKill and let it scan your computer. Ignore any messages suggesting that RKill is a threat to your computer as these messages are just fake alerts generated by Windows Easy Warden. Also, keep in mind that Windows Easy Warden might give you a hard time running RKill and if this is the case you should download a renamed version of RKill instead, like iExplore.exe. Do NOT reboot your computer after completing this step.

• You have already noticed that your regular desktop screen is missing every time you reboot your computer. The problem is that if you remove Windows Easy Warden without doing anything about the desktop you will not be able to access it ever again once Windows Easy Warden is no longer infecting your machine. That’s why, before you get to the actual disinfection process you need to first run Shell.reg and let it merge the data. This will restore your Windows Registry Shell value, thus restoring your desktop screen.

• Time to bring out the big guns and install Malwarebytes’ Anti-Malware (MBAM). Make sure that during the installation process both the Launch Malwarebytes’ Anti-Malware and Update Malwarebytes’ Anti-Malware buttons are checked. After the installation is complete, reboot your computer if prompted to do so.

• After the reboot you will see that MBAM will automatically update itself, after which you will be presented with the main MBAM window. From there go to the Scanner tab, check the Perform Full Scan option and then click on the Scan button below. This might take some time so please be patient.

• Once the scanning process is complete you will be presented with a full report containing the threats found on the infected computer. Make sure to check all of these threats and then press the Remove Selected button below. After MBAM finishes deleting the threats you might be asked for another reboot again. If so, please restart your computer.

If followed accordingly, this guide should have helped you get rid of Windows Easy Warden. The wise thing to do now would be to follow this Secunia PSI guide in order to determine if there are any vulnerabilities in your computer that may open the door for future threats similar to Windows Easy Warden.