Windows Protection Master

Windows Protection Master Description

Windows Protection Master Screenshot 1Windows Protection Master holds membership in a broad group of fake anti-malware and debugging scanners that imitate Microsoft Security Essentials by providing fraudulent error reports. These reports are delivered as a way to scam victims into spending money on Windows Protection Master’s complete version to fix nonexistent issues and should always be disregarded as irrelevant and deceptive in nature. Because rogue debuggers from Windows Protection Master’s family have been noted for their ability to disable many types of security and system analysis applications, malware research team recommends that you treat Windows Protection Master as a severe threat to your computer’s security until you’ve removed all of Windows Protection Master’s components, ideally with a competent anti-malware scanner.

Windows Protection Master: Scamware That’s Protective Only for Itself

Windows Protection Master was first noted by many PC security companies in February of 2012, although Windows Protection Master’s family has been in existence since early 2011. Some of the many clones from the same family as Windows Protection Master include Windows Advanced Toolkit, Windows Web Combat, PrivacyGuard PRO, Windows Maintenance Guard, Windows Component Protector, Windows Internet Guard, Internet Security Essentials, Windows Antivirus Release, Windows PC Aid, Windows Expert Series, Malware Protection, Windows Malware Firewall, Windows Web Watchdog, Windows Trojans Inspector, Extra Antivirus, Windows Safety Wizard, Windows Defence Master, Windows AntiBreach Helper, Windows Guardian Angel, Windows Efficiency Master, Windows Privacy Extension, Windows Crucial Scanner, Windows Antivirus Rampart, Windows Enterprise Suite, Personal Security Sentinel, System Smart Security, Windows Safety Manager, Windows Pro Defence, Windows Sleek Performance, Windows Security Booster, Windows Security Renewal, Windows Antivirus Patch, Windows Defence Unit, Volcano Security Suite, Windows Antihazard Solution, Enterprise Suite, Windows Cleaning Tools, Windows Privacy Module, Windows Secure Workstation, Total Anti Malware Protection, Windows Protection Unit, Windows Protection Tool, Windows Prime Booster, Windows Safety Module, Windows Secure Surfer, Windows Foolproof Protector, Smart Security and Smart Virus Eliminator. These applications use a combination of fake percentile-based ratings of your computer’s safety and a feature set that imitates the appearance of the look of Microsoft Security Essentials to make you think that nonexistent attacks against your PC are occurring on an ongoing basis.

However, malware analysts stress that Windows Protection Master, like other products from the FakeVimes group, isn’t able to detect or eliminate real problems with your PC. Hence, if you see warning messages that resemble the following samples, you should ignore them as fraudulent examples of Windows Protection Master’s scam:

System Security Warning
Attempt to modify register key entries is detected.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Register entries analysis is recommended.

Location: [Application file path]
Viruses: Backdoor.Win32.Rbot

Name: [Application file name]
Name: [Application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can’t [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!

Mastering a Defense Against Windows Protection Master’s Attacks

Windows Protection Master and similar PC threats have also received attention for their ability to detect and close processes that they deem to be undesirable; in most cases, such processes are noted to be related to system security, analysis or the removal of malicious software like Windows Protection Master. malware research team has found that some of the programs that Windows Protection Master may close include:
  • Windows monitoring tools like Task Manager that could detect or close malicious processes like Windows Protection Master’s own memory process
  • Registry tools like the Registry Editor that could be used to remove Windows Protection Master’s automatic startup entries.
  • Torrent and other types of mass-downloading applications.
  • Webcam utilities.
  • Photoshop-related applications and other types of Adobe programs.
  • Certain types of e-mail clients, including Outlook.
  • Some web browsers (such as Opera).
  • Popular brands of instant messaging clients.
  • Script packages such as Flash and Java.
  • Google-brand products.
  • iTunes.

Because Windows Protection Master may enumerate your memory processes on a constant basis, Windows Protection Master may also use up excessive system resources and cause performance issues. Nonetheless, although Windows Protection Master and its clones are able to attack a wide range of applications, malware researchers also note that Windows Protection Master hasn’t been found to attack most types of anti-malware scanners. Thus, a competent anti-malware program should be able to delete Windows Protection Master without encountering issues.

Windows Protection Master Automatic Detection Tool (Recommended)

Is your PC infected with Windows Protection Master? To safely & quickly detect Windows Protection Master we highly recommend you run the malware scanner listed below.

Visual & GUI Characteristics

Windows Protection Master Screenshot 2Windows Protection Master Screenshot 3Windows Protection Master Screenshot 4Windows Protection Master Screenshot 5Windows Protection Master Screenshot 6Windows Protection Master Screenshot 7Windows Protection Master Screenshot 8Windows Protection Master Screenshot 9Windows Protection Master Screenshot 10Windows Protection Master Screenshot 11

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 %APPDATA%\ Inspector-svo.exe 290
    2 %APPDATA%\ Inspector-cux.exe 228
    3 %APPDATA%\ Inspector-mhk.exe 206
    4 Windows Protection Master.lnk 50
    5 %APPDATA%\Inspector-[RANDOM CHARACTERS].exe 47
    6 %APPDATA%\ Inspector-trb.exe 34
    7 %AllUsersProfile%\Start Menu\Programs\Windows Protection Master\Windows Protection Master.lnk N/A
    8 %AppData%\Inspector-[random three characters].exe N/A
    9 %AppData%\NPSWF32.dl N/A
    10 %AppData%\result.db N/A
    11 %StartMenu%\Programs\Windows Protection Master.lnk N/A
    12 %UserProfile%\Desktop\Windows Protection Master.lnk N/A
    13 [RANDOM].exe N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"HKEY_CURRENT_USER\Software\Windows Protection MasterHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe "Debugger"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe "Debugger"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe "Debugger"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\[RANDOM]_is1
Posted: February 12, 2012 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 3.33 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 10/10
Detection Count: 33

Leave a Reply

What is 10 + 6 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)