Windows Test Master

By ESGI Advisor in Rogue Anti-Spyware Program

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 6
First Seen: July 8, 2011
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Test Master Image

Windows Test Master is a rogue security program and an unwanted invader. Imagine that an exterminator visits your home. The exterminator comes in and announces that your house has a really bad roach problem, but what you don't know is that the exterminator dropped a couple of roaches while you were not looking. He says he can fix your roach problem if you pay his fee. Once you give the exterminator money to remove the roaches, he walks out the door and doesn't get rid of the roaches. Now, you're left with roaches and you can't get your money back. Windows Test Master operates in much the same way.

Windows Test Master, an Unwanted Invader

Here are some facts about Windows Test Master and similar programs like Windows Work Checker, Windows XP Repair, Windows XP Restore, Vista Security 2012, and Windows Steady Work.

  • Windows Test Master enters your computer system without your knowledge, or at least the computer user is not aware that the rogue program they downloaded is a scam. Rogue anti-spyware programs are delivered usually by super-stealth Trojans. These Trojans come from bogus malware online scanners or malicious sites that ask PC users to download a (fake) Adobe Flash Player update or player needed to view a video online. Once the Trojan has usurped its way into the computer, it will display a fake notification with the headline "Microsoft Security Essentials Alert" which lures the computer user into believing he/she PC is infected with viruses so that he/she will then feel the need to install and purchase Windows Test Master. To make removal of this harmful Trojan and rogue security program more difficult, the Trojan will block legitimate security applications from running.
  • Windows Test Master makes itself at home in your computer. It makes changes to your Registry, Internet browser, and system settings. It will also consume system resources, making your computer slow and unresponsive.
  • Windows Test Master will cause deliberately many problems on your computer. These problems include a decreased performance; constant security alerts and notifications; general instability and random crashes; and blocked access to your own files and to the Internet.
  • Windows Test Master will try to charge you money to fix the problems it caused on your computer. It does this by pestering you constantly with fake security alerts and system scans.
  • Windows Test Master cannot solve any computer problems. In fact, once you give it your credit card information, your computer will still be infected, and you will have lost the money you paid.
  • Kick Windows Test Master Out

    To remove Windows Test Master completely, use a legitimate anti-malware application. Just as you would get rid of your home invader by calling the police, call on the help of a reliable anti-malware program to remove Windows Test Master completely. Just as you would be able to remove the invader yourself, you can also remove Windows Test Master manually. However, this isn't recommended for everyone and should only be done if you’re knowledgeable in the inner workings of your computer.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

    SpyHunter Detects & Remove Windows Test Master

    File System Details

    Windows Test Master may create the following file(s):
    # File Name MD5 Detections
    1. qhoonxl.exe 03b9a2c925e19ed0192dc0b781b8d6c2 3
    2. %AppData%\Microsoft\[RANDOM CHARACTERS].exe

    Registry Details

    Windows Test Master may create the following registry entry or registry entries:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe “Debugger” = ‘svchost.exe’
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ‘svchost.exe’
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0?
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ‘svchost.exe’
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0?


    The following messages associated with Windows Test Master were found:

    Microsoft Security Essentials Alert
    Potential Threat Details
    Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.
    System Security Warning
    Attempt to modify register key entries is detected. Register entries analysis is recommended.
    System component corrupted!
    System reboot error has occurred due to lsass.exe system process failure.
    This may be caused by severe malware infections.
    Automatic restore of lsass.exe backup copy completed.
    The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
    Threat prevention solution found
    Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
    Risk of system files infection:
    The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.
    Location: c:\windows\system32\taskmgr.exe
    Viruses: Backdoor.Win32.Rbot
    Name: [application file name]
    Name: [application file path]
    Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
    Warning! Database update failed!
    Database update failed!
    Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
    Click here to get the full version of the product and update the database!
    Warning! Running trial version!
    The security of your computer has been compromised!
    Now running trial version of the software!
    Click here to purchase the full version of the software and get full protection for your PC!


    Most Viewed