Windows Defence Master

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 7
First Seen: March 15, 2014
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Defence Master Image 1Windows Defence Master is a rogue anti-malware program that is a new addition to the FakeVimes family of threats. Threats in the FakeVimes family are often disguised as legitimate security programs to trick inexperienced computer users into handing over their money. Windows Defence Master is no exception. Windows Defence Master uses an interface and approach that is similar to hundreds of variants in the FakeVimes family of threats. Like its many clones, the main purpose of Windows Defence Master is to profit at the expense of computer users by making them think that their computers have been compromised. Windows Defence Master will claim to have found numerous threats and then try to prove to unskilled PC users that they need to pay for a 'full version' of Windows Defence Master. Malware specialists vehemently advise computer users to disregard Windows Defence Master's warnings and instead delete Windows Defence Master with the collaboration of a real security program that is fully up to date.

How Windows Defence Master Misleading Tactic Works

Windows Defence Master and its many clones usually follow the same approach when attacking a computer. The following are usually the steps that may be used by Windows Defence Master and its clones to attempt to steal your money:

  • Windows Defence Master is installed automatically. Typically, Windows Defence Master is installed using threat delivery methods such as attack websites, spam email messages and social engineering tactics.
  • Once installed, Windows Defence Master makes changes to the affected Web browser's settings. These changes allow Windows Defence Master to interfere with other software, cause the affected computer to display error messages and cause performance issues on the affected computer.
  • Windows Defence Master spams the victim with bogus error messages and fake virus scan reports. All of these are meant to make computer users believe that Windows Defence Master has found numerous threat on the infected computer.
  • If computer users try to use Windows Defence Master to fix these supposed threat problems, Windows Defence Master will display additional error messages claiming that it is necessary to spend money buying a unproductive 'full version' of Windows Defence Master.

The FakeVimes is a huge family of threats that have, among its many clones Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
Windows Defence Master Image 2Windows Defence Master Image 3Windows Defence Master Image 4Windows Defence Master Image 5Windows Defence Master Image 6Windows Defence Master Image 7Windows Defence Master Image 8Windows Defence Master Image 9Windows Defence Master Image 10Windows Defence Master Image 11Windows Defence Master Image 12Windows Defence Master Image 13Windows Defence Master Image 14Windows Defence Master Image 15Windows Defence Master Image 16Windows Defence Master Image 17Windows Defence Master Image 18Windows Defence Master Image 19Windows Defence Master Image 20Windows Defence Master Image 21Windows Defence Master Image 22Windows Defence Master Image 23Windows Defence Master Image 24Windows Defence Master Image 25Windows Defence Master Image 26

SpyHunter Detects & Remove Windows Defence Master

Windows Defence Master Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Defence Master may create the following file(s):
# File Name MD5 Detections
1. svc-rpjx.exe 18f5ab40c8d56cb4b0551c26a6c17ae9 2
2. %AllUsersProfile%\Start Menu\Programs\Windows Defence Master.lnk
3. %AppData%\svc-[RANDOM].exe
4. %AppData%\data.sec
5. %UserProfile%\Desktop\Windows Defence Master.lnk

Registry Details

Windows Defence Master may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = "0"
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = "22.sys"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[RANDOM].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ZSFT" = %AppData%\svc-[RANDOM].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "S_SC" = %AppData%\svc-[RANDOM].exe

Messages

The following messages associated with Windows Defence Master were found:

Error
Potential malware detected. It is recommended to activate the protection and perform a thorough system scan to remove the malware.
Error
Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection.
Firewall has blocked a program from accessing the Internet

Microsoft DirectPlay8 Modem Provider
C:\Windows\system32\dpnmodem.dll

C:\Windows\system32\dpnmodem.dll
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.

Trending

Most Viewed

Loading...