Windows Defence Master is another virus, which belongs to FakeVimes virus family and has nothing in common with a real anti-malware. It displays only fake alerts and system scanners that all report about invented viruses. This scareware seeks the only thing – to make people purchase its useless license. However, instead of doing it and giving your money for scammers, you should ignore Windows Defence Master's alerts and scan your computer with reputable anti-spyware. It will help you to detect all malicious components of this rogue and will eliminate them from the system. If you decide just to ignore its ads, you may notice that your computer became sluggish, it started malfunctioning and similar issues. Besides, leaving Windows Defence Master on the system may cause infiltration of other viruses and the loss of your personal information.
How can Windows Defence Master infect my computer?
Windows Defence Master is spread on the Internet just like any other rogue anti-spyware. Basically, its infiltration can hardly be imagined without trojans that infiltrate computers via security vulnerabilities. As soon as this malware is installed, it modifies some of PC's settings so that it could start its work as soon as people reboot their computers. In addition, it begins showing such and similar security notifications that should never be trusted:
Firewall has blocked a program from accessing the Internet
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.
System data security is at risk!
To prevent potential PC errors, run a full system scan.
Warning! Identity theft attempt detected
Hidden connection IP: xx.xxx.xxx.xxx
Target: Microsoft Corporation keys
Your IP: XXXXXXXXXXX
Please, stay away from Windows Defence Master alerts because it's another rogue anti-spyware, which seeks to steal your money. If you have already paid for its license, you should contact with your bank and dispute these charges. In addition, follow a guide below and fix your computer:
How to remove Windows Defence Master?
You can hardly notice infiltration of Windows Defence Master virus. However, you can hardly miss its misleading alerts and system scanners. If you are interrupted by this rogue as soon as you start your browsing, you should waste no time and check your computer with reliable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware. You should avoid manual removal because you may remove wrong files and initiate more problems on your computer.
If you noticed that Windows Defence Master blocks these programs, we recommend using these instructions:
1. Reboot your computer to Safe Mode with Networking. Just reboot your PC and, as soon as it starts booting up, start pressing F8 repeatedly.
2. Loggin as the same user as you were in normal Windows mode.
3. Now click on IE or other browser and select 'Run As' or 'Run As administrator', enter your Administrator account password (if needed).
4. Enter this link to your address bar: http://www.2-spyware.com/download/hunter.exe and download a program on your desktop. Launch it to kill the malicious processes and remove its files.
The latest parasite names used by FakeVimes:
Windows Defence Master manual removal:
Delete registry values:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "EnableLUA" = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "EnableVirtualization" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "MS-SEC" = %AppData%svc-
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "ZSFT" = %AppData%svc-
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "S_SC" = %AppData%svc-
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution OptionsMpCmdRun.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution OptionsMpUXSrv.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution OptionsMSASCui.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution Optionsmsconfig.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution Optionsmsmpeng.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftWindows NTCurrentVersionImage File Execution Optionsmsseces.exe
HKEY_LOCAL_MACHINESoftwaremicrosoftWindows NTCurrentVersionImage File Execution Optionsk9filter.exe
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesbckd "ImagePath" = 22.sys
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = 1
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon "Shell" = "%AppData%svc-
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "ConsentPromptBehaviorAdmin" = 0
%UserProfile%DesktopWindows Defence Master.lnk
%AllUsersProfile%Start MenuProgramsWindows Defence Master.lnk