Windows Defence Master

What is Windows Defence Master?

You should know that you have probably encountered Windows Defense Master if you see a strange program running on your desktop and cannot access your programs. Unfortunately, we have to upset you by saying that your system is infected with a rogue application, which is not going to do anything good for you. Instead, it just seeks to extort money from computer users. It does not matter which version of Windows is running on your PC; it has been found out that this fake program might appear on all the computers. However, Windows XP users should be extremely careful because it is known that Windows Defense Master might borrow the interface that belongs to legal Windows XP programs. It means that this rogue application might easily fool the users of this operating system. However, you should definitely not trust any word of it.

How does Windows Defence Master act?

You should remove Windows Defence Master whenever you have an opportunity. Even though it will try to convince you that your system is infected with different malicious software and it is able to help you, do not believe it and definitely not buy the license. In order to convince you that your system is full of threats, this rogue application will display various fake pop-ups and other warnings in order to scare you. Thus, you should definitely ignore similar messages (see an example below) and rush to remove Windows Defence Master from the system.

Microsoft (R) HTML Application host

C:\windows\syswow64\mshta.exe

is suspected to have infected your PC.

This type of virus intercepts entered data and transmits them to a remote server.

You might wonder whether we advise you not to upgrade this program. Let us explain you. Firstly, it is already known that this program is fake, which means that it is not going to help you remove various infections, if there are any on your system. Secondly, if you enter your credit card details like CVC2/CVV2, expiration date, card number, and other essential data that is required to perform any operations with your card, it is very likely that your credit card might be used for some kind of unfair purposes in the future because all the necessary data will be known for the publishers of Windows Defence Master.

How to remove Windows Defence Master?

Thus, our only advice is to erase this rogue application as soon as possible. It is not very easy to remove FakeVimes family infections manually and Windows Defence Master is not an exception. Thus, you should better let an antimalware tool to erase it. For instance, you can use SpyHunter because it will not only detect and erase even the most dangerous infections, but also protect your system from future threats. You can also enter the following activation key 0W000-000B0-00T00-E0021 to disable the symptoms of Windows Defence Master.

How to erase Windows Defence Master

  1. Restart your computer.
  2. Start tapping F8 when BIOS screen disappears.
  3. Select Safe Mode with Command Prompt from Advanced Boot Options menu.
  4. Tap Enter.
  5. Type cd.. straight after C:\Windows\system32\.
  6. Type explorer.exe alongside C:\Windows and tap Enter.
  7. Open the Start menu when you log into Windows.
  8. Click RUN/Search and then enter %appdata% to access the Application Data.
  9. Locate svc-{random file name}.exe and right-click on it. Select Delete.
  10. Reboot your computer normally.
  11. Click the Start button again. Select RUN/Search and type regedit this time.
  12. Move to HKEY_CURRECT_USER\Software\Microsoft\WindowsNT\Current Version\Winlogon .
  13. Locate Shell, right-click on it. Select Modify and enter %WinDir%\Explorer.exe as Value.
  14. Click OK.
  15. Open your browser and visit http://www.anti-spyware-101.com/download-sph .
  16. Download the recommended tool, install it on your system and then scan your PC.

Do not forget to keep your antimalware tool enabled all the time if you want to protect your system from future threats. 100% FREE spyware scan and
tested removal of Windows Defence Master*

Stop these Windows Defence Master Processes:

%AppData%\svc-[random].exe

Remove these Windows Defence Master Files:

%AllUsersProfile%\Start Menu\Programs\Windows Defence Master.lnk
%UserProfile%\Desktop\Windows Defence Master.lnk
%AppData%\svc-[random].exe
%AppData%\data.sec

Remove these Windows Defence Master Registry Entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ZSFT" = %AppData%\svc-[random].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "S_SC" = %AppData%\svc-[random].exe
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *