Windows Test Master
Posted: July 8, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 14 |
| First Seen: | July 8, 2011 |
|---|---|
| Last Seen: | January 8, 2020 |
| OS(es) Affected: | Windows |
Windows Test Master is a rogue application that borrows the same interface and code that have been passed down through many preexisting rogue programs. The appearance of Windows Test Master suggests that it's a security product that can keep track of your PC's settings and updates, but Windows Test Master is an empty vessel of a security program that's full of deceptive information. In addition to not providing any real feedback on your computer's health, Windows Test Master may also create false positive warnings, block programs or interfere with your web browsing habits. Try to avoid deleting Windows Test Master without help unless you have absolutely no way to access a real anti-virus program.
Why Windows Test Master Isn't Afraid of Failing Your PC
In spite of acting like an individual and reputable anti-virus and security program, Windows Test Master is no more than a copy of other rogue applications. A few of Windows Test Master's most recent relatives include Windows Salvor Tool, Windows Debugging Agent, Windows Debugging Center, Windows Easy Supervisor and Windows System Integrity. All of these rogue security programs use the same basic trick of pretending to find a variety of problems with your PC before asking you to purchase Windows Test Master or another piece of scamware to fix these issues.
Even Windows Test Master's basic interface is crammed full of scores about how secure and updated your PC is. It shouldn't alarm you that these scores are almost wholly negative, since Windows Test Master doesn't make any effort to analyze your computer - instead, it simply creates fake scores along with its other scares.
Another fear-mongering technique that Windows Test Master uses is to create fake pop-ups about infections that aren't actually on your computer, such as:
Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot
Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
Passing the Real Exam: Getting Rid of Windows Test Master
Removing Windows Test Master may be made difficult by other attacks that will continue even if you've made up your mind not to waste money on Windows Test Master's nonexistent safety features.
Windows Test Master may be installed by Trojans, especially the Fake Microsoft Security Essentials Alert trojan. Deleting Windows Test Master is ideally done with an anti-virus application that can scan your computer for all possible harmful programs, including Windows Test Master.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\Microsoft\[RANDOM CHARACTERS].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell "%AppData%\Microsoft\[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0?HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe “Debugger” = ‘svchost.exe’HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastsvc.exe “Debugger” = ‘svchost.exe’HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ‘svchost.exe’HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSRHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0?
Additional Information on Windows Test Master
- The following messages's were detected:
# Message 1 Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click 'show details' to learn more.2 Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a serious possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press 'OK' to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.3 System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.4 Warning!
Location: c:\windows\system32\taskmgr.exe
Viruses: Backdoor.Win32.Rbot5 Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.6 Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!7 Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!8 System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%APPDATA%\Microsoft\qhoonxl.exe
File name: qhoonxl.exeSize: 1.68 MB (1688064 bytes)
MD5: 03b9a2c925e19ed0192dc0b781b8d6c2
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft
Group: Malware file
Last Updated: January 8, 2020
OMG!!! This junk was amazingly annoying. I could not even surf to my favorite sites without popup after popup. And then the Windows Test Master kept on scanning as if it found something. I was able to only remove it in safe mode using F8 key on Windows boot. You program Spyhunter saved me and many thanks to you all.
it wont let me start my task manager, that stupid pop up keeps coming up
Master? Yeah right! Windows Test Master was a master at pissing me off. Thankfully I found your removal instructions. Folks, you can remove this manually all you got to do is load windows in safe mode and then edit your registry. Be careful not to delete the wrong entries like I did. Had to do system restore but found the right entries you listed! SPOT ON!
Before I gave up on spyhunter i tried on more time and redownloaded, installed and then booted into safe mode from what you said Peggy. WORKED!!!! thanks a million!
safe mode was the way to go even if you are running an antivirus program. my norton was usless and never found windows test master even when i did safe mode. I took a chance for your spyhunter and it worked. you all rock! thanks many times
testing testing. my comments wont go through. okay, you must boot into safe mode F8 and then run a spyware remover or an antivirus like the full avast. i been running full avast and somehow it did not catch windows test master. strange! thx for the tips.
Im giving up. I cannot figure out removing Windows Test master. I tried the registry edit thing but somehow i get a boot error when windows starts now and still see the Windows Test Master scan window. I am going to try the remover program spyhunter. Keeping fingers crossed!
MASTER? GTFOH! this program aint no master. It kept messing up my internet access and my pc was slow as hell. I removed it on my own but could not figure out for the life of me where all of the files were. Just deleted registry ones and it stopped loading during startup. thanks!