Home Malware Programs Rogue Anti-Spyware Programs Windows Armature Master

Windows Armature Master

Posted: July 9, 2011

Windows Armature Master is a fake security application with a display that pretends to monitor security and media-related updates. However, Windows Armature Master offers inaccurate information instead of a real analysis of your PC and will even create messages about infections that aren't on your hard drive. These actions are created alongside attacks on your application usage, most notably browser hijacking, to make you purchase Windows Armature Master while you panic over a multitude of nonexistent PC threats. Buying Windows Armature Master exposes your credit card to criminal entities and is a solution that should be avoided at all costs; instead, you should strongly consider using a reputable anti-virus program to delete Windows Armature Master from your PC.

Windows Armature Master is Only a Master of Fake Threat Alerts

Dating from July 2011, Windows Armature Master is a copy of other rogue security applications that use the same external skin and internal code. This includes the abuse of a Windows logo and various security-monitoring grading systems that work on a percentile basis - all the easier to make it look as though your PC is failing in critical areas. Some rogue anti-spyware programs that are related to Windows Armature Master include, but aren't limited to examples like Windows Vulnerabilities Rescuer, Windows Accurate Protector, Windows Easy Supervisor, Privacy Center, Windows Debugging Agent, Windows Salvor Tool and Windows Debugging Center.

As noted earlier, Windows Armature Master doesn't try to inspect your PC, but instead, creates prefabricated scores and warnings that assume that your computer is infected and out of date. Even the purchasable version of Windows Armature Master is equally lacking in value as a security program and should never be bought.

Some of the common error messages you may see from Windows Armature Master include:

Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot

Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!

Ignoring these errors is the best thing that you can do until you've found a way to remove Windows Armature Master, since taking Windows Armature Master at its word will result in you performing destructive actions against innocent programs and files. Any symptoms that appear to be infection-related is actually caused by Windows Armature Master itself, or by the Fake Microsoft Security Essentials Alert Trojan that often installs Windows Armature Master and similar rogue applications.

Don't Get Suckered by Windows Armature Master's Browser-Snatching Sales Pitch

Pretending to find problems on your computer isn't enough to satisfy the Windows Armature Master scam, which will also involve more problematic types of attacks that make it look like other infections really are attacking your computer. Regardless of the exact attacks that you suffer, you should remove Windows Armature Master with the best anti-virus application that's at your disposal. Windows Armature Master uses a heavy arsenal of deadly weapons (other malware) to achieve its goal, and it has been known to do the following actions.

  • Windows Armature Master can launch itself without your consent and may remain active after you've tried to close it. This simple Registry-based exploit allows Windows Armature Master to launch some of the other attacks that are listed below. Safe Mode or another safe form of booting Windows may let you stop Windows Armature Master from launching itself.
  • Windows Armature Master will use Trojans to block a variety of programs and will make every effort to disable your real anti-virus software, as well as basic Windows tools like the Task Manager and Registry Editor. This attack is often doubled up with fake infection warnings to imply that Windows Armature Master is blocking the program to protect your computer.
  • Although Windows Armature Master may allow your web browser to function, there aren't any guarantees that Windows Armature Master will not use a browser hijacker to hijack your web browser. Hijackers are used by many rogue security programs in the Windows Armature Master family, primarily for the purpose of redirecting you to Windows Armature Master's home website or another malicious website. Browser hijackers can also load fake 'dangerous website' warning screens that block you from visiting safe websites.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Application Data\Microsoft\[RANDOM CHARACTERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR " = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = '0'

Additional Information on Windows Armature Master

  • The following messages's were detected:
    # Message
    1 Warning!
    Location: [application file path]
    Viruses: Backdoor.Win32.Rbot
    2 Warning! Database update failed!
    Database update failed!
    Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
    Click here to get the full version of the product and update the database!
    3 Warning!
    Name: [application file name]
    Name: [application file path]
    Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
    4 System component corrupted!
    System reboot error has occurred due to lsass.exe system process failure.
    This may be caused by severe malware infections.
    Automatic restore of lsass.exe backup copy completed.
    The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
    5 System Security Warning
    Attempt to modify register key entries is detected. Register entries analysis is recommended.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Windows Armature Master may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.