Windows Protection Master Removal Report

Windows Protection Master

By GoldSparrow in Rogue Anti-Spyware Program | 96 views

Rate it:

(1 votes, average: 5.00 out of 5)

Loading ...

[+] Click Image to Enlarge

Windows Protection Master is a malicious security application that should sound familiar to PC security researchers. This rogue anti-spyware program has plenty of clones, many of which follow a similar naming pattern. Examples of clones of Windows Protection Master include Windows Armature Master, Windows Cleaning Tool, and Windows Steady Work, as well as dozens of other fake security programs that are the same in every visible feature but for their respective names. Windows Protection Master is part of a common online scam which consists in selling fake security products to inexperienced computer users in order to steal their money. Windows Protection Master itself is a kind of malware infection and to remove it safely, computer users should use a reliable anti-malware program.

Identifying Windows Protection Master and other Rogue Anti-Spyware Programs

The best way to protect yourself from Windows Protection Master and other rogue anti-spyware applications is to learn how to identify them and differentiate them from legitimate security products. Windows Protection Master has several characteristics that are very common in most rogue anti-spyware programs:

Windows Protection Master is installed without the computer user’s permission or after a large number of pop-up windows and fake error messages warning of a possible security problem are displayed.
Windows Protection Master does not allow the computer user to remove Windows Protection Master from the infected computer displaying error messages, crashing when the uninstaller is run or simply reinstalling itself when the infected computer reboots.
Windows Protection Master displays constant alarming error messages and starts up automatically when Windows is launched, running a fake scan of the infected computer system which invariably detects numerous fake infections. Regardless of the state of the victim’s computer system, Windows Protection Master will detect numerous problems while being vague when probed for more details.
Windows Protection Master will often conflict with other applications or with the operating system, causing the victim’s computer system to run slowly, crash frequently or behave erratically.
Windows Protection Master will also often block access to certain files or to certain websites, claiming that Windows Protection Master does so for the victim’s own security. If other security software is installed on the infected computer system, it is not uncommon for this security software to be disabled or for it not to function properly. Typically, Windows Protection Master will direct the victim to its own website where the he/she will be prompted to enter their credit card information.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Protection Master?

Download SpyHunter’s Detection Scanner
to Detect Windows Protection Master.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

‘How Windows Protection Master Infects Your Computer’ Video

Windows Protection Master Removal Details

Windows Protection Master has typically the following processes in memory:

%AppData%\NPSWF32.dll
%AppData%\Inspector-[random three characters].exe
[RANDOM].exe

Windows Protection Master creates the following files in the system:

%UserProfile%\Desktop\Windows Protection Master.lnk
%AppData%\result.db
%AllUsersProfile%\Start Menu\Programs\Windows Protection Master\Windows Protection Master.lnk
%StartMenu%\Programs\Windows Protection Master.lnk

Windows Protection Master creates the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe “Debugger”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\[RANDOM]_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe “Debugger”
HKEY_CURRENT_USER\Software\Windows Protection Master
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe “Debugger”

Important Article Disclaimer

This entry was last updated on 02/13/12 and posted on 02/12/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.