FacebookTwitterLinkedIn

Windows Active HotSpot

Also Known As: Active HotSpot Antivirus
Damage level: High

What is Active Hotspot?

Windows Active Hotspot is a fake antivirus program, which generates fake security warning messages in order to trick unsuspecting PC users into purchasing a useless license key. Cyber criminals responsible for creating this scam use fake online security scanners and 'exploit kits' to proliferate this bogus software.

Fake online security scanners are pop-up ads, which mimic the scanning of users' computers and then report 'critical security issues', which can supposedly be eliminated by downloading and installing Windows Active Hotspot. Exploit kits are malware infections, which rely on outdated software in order to infiltrate users' operating systems.

After successful infiltration, this rogue antivirus program modifies the operating system registry file and configures itself to run automatically on each system start-up.

Windows Active Hotspot fake antivirus program

The consequence of these modifications is that users observe a fake security scan performed by Windows Active Hotspot each time they boot their system. This security scan results in the 'detection' of various high-risk malware and viruses. To remove the 'detected' security infections, this rogue software encourages activation of 'Ultimate Protection'.

PC users should not buy this program - it is a scam developed by cyber criminals. Paying for this program is equivalent to sending your money and banking information to cyber criminals. If you observe Windows Active Hotspot scanning your computer for security infections, your PC is infected with a rogue antivirus program.

Ignore the fake security warning messages - the correct way to deal with this bogus program is to eliminate it from your computer.

This fake antivirus program originates from a family of rogue security scanners called FakeVimes. Previous variants were named Windows Cleaning Toolkit and Windows Expert Console. Cyber criminals responsible for creating this scam attempt to make the program appear as if it was developed by Microsoft.

PC users should be aware, however, that Microsoft develops and maintains only one antivirus program, Microsoft Security Essentials, a legitimate free program, which does not demand purchase of a full version in order to access the desktop.

Computer users who are dealing this this bogus program should be aware that none of the security infections indicated by Windows Active Hotspot actually exist on their computers. This bogus program generates an identical fake list of detected malware for each computer it infiltrates.

If you observe this program on your desktop, use the removal instructions provided to eliminate this scam from your operating system.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Windows Active Hotspot removal:

Before downloading the removal software for this rogue antivirus program, complete these steps:

1. Wait until this rogue antivirus program completes the fake security scan and click "Settings" (at the top of the main window).

Windows Active Hotspot startup

2. Select "Allow unprotected Startup".

Windows Active Hotspot startup settings

3. After selecting "Allow unprotected Startup", close Windows Active Hotspot. The notification will appear, "Unprotected startup is unsafe for your private data!". Click "OK".

Windows Active Hotspot unsafe startup confirmation

4. Windows 7 users: Click the Windows logo, in the "Search programs and files" field type "Command Prompt". In the opened list click the right mouse button over "Command Prompt" entry and select "Run as administrator".

Windows XP users: Click Start and navigate to Accessories menu - Start > All Programs > Accessories. Select Command Prompt.

Removing Windows Active Hotspot using command prompt step 1

5. In the opened window (Command Prompt), type: taskkill /IM guard* and press Enter.

Removing Windows Active Hotspot using command prompt step 2

6. After killing the Windows Active Hotspot process, download legitimate anti-spyware software to completely remove this rogue antivirus program from your computer.

If you cannot download or run the spyware remover try running the registry fix (link below). It enables execution of programs. Download the registryfix.reg file, double click it, click YES and then OK.

Windows Active Hotspot removal using Safe Mode with Networking:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Starting Windows in Safe mode with networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Video showing how to start Windows XP in "Safe Mode with Networking":

Step 2

Remove proxy settings from Internet Explorer. This rogue antivirus adds a proxy to the Internet connection settings in order to display various errors when the user attempts to access the Internet. To remove proxy settings: Open Internet Explorer and click on the gear icon. In the opened menu select "Internet Options".

Removing proxy setings from Intenret Explorer step 1

In the opened window select the "Connections" tab.

Removing proxy settings from Internet Explorer step 2

In the "Connections" tab, click on "LAN settings".

Removing proxy settings from Internet Explorer step 3

If "Use a proxy server for your LAN" is checked, uncheck it and click OK.

Removing proxy settings from Internet Explorer step 4

Step 3

Download legitimate anti-spyware software to completely remove this fake antivirus program from your computer.

Step 4

After removing this rogue software, you should reset one's Hosts file. Don't skip this step, Windows Active HotSpot modifies your Hosts files, and you will encounter browser redirect problems if malicious entries will not be eliminated.

The Hosts file is used to resolve canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious sites, despite seeing legitimate URLs in address bar.

It is difficult to determine sites are genuine when the Hosts file is modified. To fix this, please download the Microsoft Fix It tool, that restores your Hosts file to the Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:


After completing these steps, your computer should be clean.

Other tools known to remove Windows Active Hotspot:

Summary:

The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.

A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in fake antivirus distribution:

Fake pop-up used in rogue antivirus distribution example 1

Fake pop-up used in rogue antivirus distribution example 2

Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of active hotspot antivirus and other rogue antivirus programs:

example of a webpage used to collect payments for fake antivirus programs

To protect your computer from active hotspot antivirus and other rogue antivirus programs users should:

  • Keep their operating system and all of the installed programs up-to-date.
  • Use legitimate antivirus and anti-spyware programs.
  • Use caution when clicking on links in social networking websites and email messages.
  • Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.

Symptoms indicating that your operating system is infected with a fake antivirus program:

  • Intrusive security warning pop-up messages.
  • Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
  • Slow computer performance.
  • Disabled Windows updates.
  • Blocked Task Manager.
  • Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.

If you have additional information on active hotspot antivirus or it's removal please share your knowledge in the comments section below.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Active HotSpot Antivirus QR code
Scan this QR code to have an easy access removal guide of Active HotSpot Antivirus on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.