Windows Protection Master Description
Windows Protection Master is a malicious security application that should sound familiar to PC security researchers. This rogue anti-spyware program has plenty of clones, many of which follow a similar naming pattern. Examples of clones of Windows Protection Master include Windows Armature Master, Windows Cleaning Tool, and Windows Steady Work, as well as dozens of other fake security programs that are the same in every visible feature but for their respective names. Windows Protection Master is part of a common online scam which consists in selling fake security products to inexperienced computer users in order to steal their money. Windows Protection Master itself is a kind of malware infection and to remove it safely, computer users should use a reliable anti-malware program.
Identifying Windows Protection Master and other Rogue Anti-Spyware Programs
The best way to protect yourself from Windows Protection Master and other rogue anti-spyware applications is to learn how to identify them and differentiate them from legitimate security products. Windows Protection Master has several characteristics that are very common in most rogue anti-spyware programs:
- Windows Protection Master is installed without the computer user’s permission or after a large number of pop-up windows and fake error messages warning of a possible security problem are displayed.
- Windows Protection Master does not allow the computer user to remove Windows Protection Master from the infected computer displaying error messages, crashing when the uninstaller is run or simply reinstalling itself when the infected computer reboots.
- Windows Protection Master displays constant alarming error messages and starts up automatically when Windows is launched, running a fake scan of the infected computer system which invariably detects numerous fake infections. Regardless of the state of the victim’s computer system, Windows Protection Master will detect numerous problems while being vague when probed for more details.
- Windows Protection Master will often conflict with other applications or with the operating system, causing the victim’s computer system to run slowly, crash frequently or behave erratically.
- Windows Protection Master will also often block access to certain files or to certain websites, claiming that Windows Protection Master does so for the victim’s own security. If other security software is installed on the infected computer system, it is not uncommon for this security software to be disabled or for it not to function properly. Typically, Windows Protection Master will direct the victim to its own website where the he/she will be prompted to enter their credit card information.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Protection Master?
Download SpyHunter’s Detection Scanner
to Detect Windows Protection Master.
‘How Windows Protection Master Infects Your Computer’ Video
Windows Protection Master Removal Details
Windows Protection Master has typically the following processes in memory:
- %AppData%\Inspector-[random three characters].exe
Windows Protection Master creates the following files in the system:
- %UserProfile%\Desktop\Windows Protection Master.lnk
- %AllUsersProfile%\Start Menu\Programs\Windows Protection Master\Windows Protection Master.lnk
- %StartMenu%\Programs\Windows Protection Master.lnk
Windows Protection Master creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe “Debugger”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe “Debugger”
- HKEY_CURRENT_USER\Software\Windows Protection Master
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe “Debugger”