Windows Defence Master

Windows Defence Master Description

Windows Defence Master Image 1Windows Defence Master is a rogue anti-malware program that is a new addition to the FakeVimes family of threats. Threats in the FakeVimes family are often disguised as legitimate security programs to trick inexperienced computer users into handing over their money. Windows Defence Master is no exception. Windows Defence Master uses an interface and approach that is similar to hundreds of variants in the FakeVimes family of threats. Like its many clones, the main purpose of Windows Defence Master is to profit at the expense of computer users by making them think that their computers have been compromised. Windows Defence Master will claim to have found numerous threats and then try to prove to unskilled PC users that they need to pay for a 'full version' of Windows Defence Master. Malware specialists vehemently advise computer users to disregard Windows Defence Master's warnings and instead delete Windows Defence Master with the collaboration of a real security program that is fully up to date.

How Windows Defence Master Misleading Tactic Works

Windows Defence Master and its many clones usually follow the same approach when attacking a computer. The following are usually the steps that may be used by Windows Defence Master and its clones to attempt to steal your money:

  • Windows Defence Master is installed automatically. Typically, Windows Defence Master is installed using threat delivery methods such as attack websites, spam email messages and social engineering tactics.
  • Once installed, Windows Defence Master makes changes to the affected Web browser's settings. These changes allow Windows Defence Master to interfere with other software, cause the affected computer to display error messages and cause performance issues on the affected computer.
  • Windows Defence Master spams the victim with bogus error messages and fake virus scan reports. All of these are meant to make computer users believe that Windows Defence Master has found numerous threat on the infected computer.
  • If computer users try to use Windows Defence Master to fix these supposed threat problems, Windows Defence Master will display additional error messages claiming that it is necessary to spend money buying a unproductive 'full version' of Windows Defence Master.

The FakeVimes is a huge family of threats that have, among its many clones Virus Melt, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Windows Protection Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Work Catalyst.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Windows Defence Master infects a computer.

Windows Defence Master Video

Windows Defence Master Image 1 Windows Defence Master Image 2 Windows Defence Master Image 3 Windows Defence Master Image 4 Windows Defence Master Image 5 Windows Defence Master Image 6 Windows Defence Master Image 7 Windows Defence Master Image 8 Windows Defence Master Image 9 Windows Defence Master Image 10 Windows Defence Master Image 11 Windows Defence Master Image 12 Windows Defence Master Image 13 Windows Defence Master Image 14 Windows Defence Master Image 15 Windows Defence Master Image 16 Windows Defence Master Image 17 Windows Defence Master Image 18 Windows Defence Master Image 19 Windows Defence Master Image 20 Windows Defence Master Image 21 Windows Defence Master Image 22 Windows Defence Master Image 23 Windows Defence Master Image 24 Windows Defence Master Image 25

File System Details

Windows Defence Master creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%svc-rpjx.exe 1,072,640 18f5ab40c8d56cb4b0551c26a6c17ae9 2
2 %AllUsersProfile%\Start Menu\Programs\Windows Defence Master.lnk N/A
3 %AppData%\svc-[RANDOM].exe N/A
4 %AppData%\data.sec N/A
5 %UserProfile%\Desktop\Windows Defence Master.lnk N/A

Registry Details

Windows Defence Master creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = "0"
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = "22.sys"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[RANDOM].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ZSFT" = %AppData%\svc-[RANDOM].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "S_SC" = %AppData%\svc-[RANDOM].exe

More Details on Windows Defence Master

The following messages associated with Windows Defence Master were found:
Potential malware detected. It is recommended to activate the protection and perform a thorough system scan to remove the malware.
Software without a digital signature detected. Your system files are at risk. We strongly advise you to activate your protection.
Firewall has blocked a program from accessing the Internet

Microsoft DirectPlay8 Modem Provider

is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.