Windows Pro Defence is one of those rogue anti-spywares that come inside the system through its backdoors. This is done with a help of trojan horses used to download malware files to the target PC without any user's permission asked. As soon as it gets there, this scam is set to start every time you reboot your PC and starts displaying its misleading alerts and scanners without any delay. Windows Pro Defence seems to be particularly aggressive rogue because it has also been found to block legitimate antivirus software installed on one’s computer. Be sure you remove Windows Pro Defence in order to avoid this or other unwanted activities.
As soon as Windows Pro Defence is downloaded, it starts reporting about numerous infections 'found' on the system. However, these threats are not there for real because they either are invented or harmless system files. This brainwashing technique is common for rogue anti-spywares hailing from FakeVimes family and used for the only reason – to make users buy its licensed version. However, we do NOT recommend paying for Windows Pro Defence license because it is useless just like its trialware.
As we have already mentioned, Windows Pro Defence runs its startup scanners and displays popup notifications every time you reboot your PC. In most of the cases it claims:
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
By reporting all these errors and warnings, Windows Pro Defence tries to make you believe you should rely on it and pay for its license. However, paying for it is the same as sharing your money with scammers because situation on your computer remains the same. We highly recommend to remove this dangerous malware from your computer instead of paying for its licensed version. Use a reputable anti-spyware programs, such as Reimage“] or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus to forget this malware for good.
The latest parasite names used by FakeVimes:
Windows Pro Defence manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe
There are more similar entries, you should let spyware Doctor to identify them.