Windows Defence Master

Windows Defence Master Description

Type: Rogue AntiSpyware Programs

Windows Defence Master Image 1Windows Defence Master is a rogue anti-malware program that is a new addition to the FakeVimes family of threats. Threats in the FakeVimes family are often disguised as legitimate security programs to trick inexperienced computer users into handing over their money. Windows Defence Master is no exception. Windows Defence Master uses an interface and approach that is similar to hundreds of variants in the FakeVimes family of threats. Like its many clones, the main purpose of Windows Defence Master is to profit at the expense of computer users by making them think that their computers have been compromised. Windows Defence Master will claim to have found numerous threats and then try to prove to unskilled PC users that they need to pay for a 'full version' of Windows Defence Master. Malware specialists vehemently advise computer users to disregard Windows Defence Master's warnings and instead delete Windows Defence Master with the collaboration of a real security program that is fully up to date.

How Windows Defence Master Misleading Tactic Works

Windows Defence Master and its many clones usually follow the same approach when attacking a computer. The following are usually the steps that may be used by Windows Defence Master and its clones to attempt to steal your money:

  • Windows Defence Master is installed automatically. Typically, Windows Defence Master is installed using threat delivery methods such as attack websites, spam email messages and social engineering tactics.
  • Once installed, Windows Defence Master makes changes to the affected Web browser's settings. These changes allow Windows Defence Master to interfere with other software, cause the affected computer to display error messages and cause performance issues on the affected computer.
  • Windows Defence Master spams the victim with bogus error messages and fake virus scan reports. All of these are meant to make computer users believe that Windows Defence Master has found numerous threat on the infected computer.
  • If computer users try to use Windows Defence Master to fix these supposed threat problems, Windows Defence Master will display additional error messages claiming that it is necessary to spend money buying a unproductive 'full version' of Windows Defence Master.

The FakeVimes is a huge family of threats that have, among its many clones Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.
Windows Defence Master Image 2Windows Defence Master Image 3Windows Defence Master Image 4Windows Defence Master Image 5Windows Defence Master Image 6Windows Defence Master Image 7Windows Defence Master Image 8Windows Defence Master Image 9Windows Defence Master Image 10Windows Defence Master Image 11Windows Defence Master Image 12Windows Defence Master Image 13Windows Defence Master Image 14Windows Defence Master Image 15Windows Defence Master Image 16Windows Defence Master Image 17Windows Defence Master Image 18Windows Defence Master Image 19Windows Defence Master Image 20Windows Defence Master Image 21Windows Defence Master Image 22Windows Defence Master Image 23Windows Defence Master Image 24Windows Defence Master Image 25Windows Defence Master Image 26

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Defence Master

Windows Defence Master Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Defence Master creates the following file(s):
# File Name MD5 Detection Count
1 svc-rpjx.exe 18f5ab40c8d56cb4b0551c26a6c17ae9 2
2 %AllUsersProfile%\Start Menu\Programs\Windows Defence Master.lnk N/A
3 %AppData%\svc-[RANDOM].exe N/A
4 %AppData%\data.sec N/A
5 %UserProfile%\Desktop\Windows Defence Master.lnk N/A

Registry Details

Windows Defence Master creates the following registry entry or registry entries:
Registry Key Value
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = "0"
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = "22.sys"
Registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
Run Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[RANDOM].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ZSFT" = %AppData%\svc-[RANDOM].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "S_SC" = %AppData%\svc-[RANDOM].exe

More Details on Windows Defence Master

The following messages associated with Windows Defence Master were found:
Potential malware detected. It is recommended to activate the protection and perform a thorough system scan to remove the malware.
Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection.
Firewall has blocked a program from accessing the Internet

Microsoft DirectPlay8 Modem Provider

is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.