• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 837
  • Last Modified:

Windows Warding System Activation Request

Greetings Experts,

I hope that this third time trying to post this is the charm. I have a user that is getting a pop-up that is requesting activation of Windows Warding System. My gut tells me that it's Malware but I wanted to throw it out there for your review and advice just in case. I'veattached a snippet of the pop-up. Recommendations?


  • 2
  • 2
2 Solutions
bjbrownAuthor Commented:
PLease find attached snippet here,
This seems to be spyware . Please use Antispyware software to scan your PC.
Spybot or malware bytes
Looks like a trap to me.

If you are really curious about your activation status, try this from an administrative command prompt -> slmgr -dli
I checked on some website and this is a known malware.
please install antispyware software like Malware Byte and scan your system for infections.
some instructions at below link
bjbrownAuthor Commented:
A follow-up... Final solution for future reference:

I found the virus…. went to the users profile and then into Application Data and saw a file that I did not recognize (Protector-tjci.exe)  I felt this was the virus because it had some random characters and the file properties did not show that it was a Microsoft file.

I then copied the file to a location I could get to easily.  From there, I uploaded the file to http://www.virustotal.com/ and had then re-analyze it (this is a free service).  It came up with 20 detections.  

Of those 20, one was Symantec.  It called it VirusDoctor, so I then did a quick google search for VirusDoctor.  I really didn’t find anything worth anything.

At that point, I remoted to the users machine and went to a command prompt (actually, I tried to go to task manager first, but that failed miserably).  Once in the command prompt, I typed in


.  This command will list all tasks that are running.  I went through this list and found the PID for Protector-tjci.exe (3840 or 3480 was the PID) and I then tried to kill it using

taskkill /PID 3480

.  This said it completed, but it didn’t.  I tried by name and it also failed.  So, I then did a

taskkill /PID 3480 /F

(which does a Force kill).  This killed the process (it went away from the taskbar).

At this point, I went into Windows Explorer and went into Documents and Settings/**USERNAMEHERE**/Application Data/ and renamed the file from




I did this to keep the machine from getting infected again, hopefully.  From there, I then tried to get into the task manager and it failed again (this time, nothing happened).  So, I ran that program with a quick scan.  It found 10 things so I had it remove them (two were the offending file from above in two user directories (one was yours the other was the users)).

I then rebooted the PC (it asked me to).

While it was doing that, I did a quick google search for the taskmanager/regedit problem (I found that regedit didn’t work either) and found a registry hack to fix it.  I did a remote registry edit from my machine and delete a key in the users registry.  This fixed the task manager problem.  I then found a similar key for regedit and did the same thing.

I then called the user and let her have the PC back and called you.  Total time was maybe about 10-20 minutes (only because I got lucky a few times).

The registry keys I had to delete were:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe

They both had a value of

"Debugger"="C:\\Documents and Settings\\**USERNAMEHERE**\\Application Data\\Protector-tjci.exe reg"

Hope this helps in case you run into this or something similar again!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

7 new features that'll make your work life better

It’s our mission to create a product that solves the huge challenges you face at work every day. In case you missed it, here are 7 delightful things we've added recently to monday to make it even more awesome.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now