Removal of Windows Security Master malware to eliminate misleading popups and real ban applied to harmless apps

Windows Security Master notifies its users of threats that do not actually exist in the locations it refers to, unless an incredible coincidence would occur. Anyway, this name designates a piece of software that has neither facility nor any intention to detect computer infections. It does not run any such activities; instead, it comes up with plenty of popups that contain many names of computer parasites allegedly just detected on your PC. Remove Windows Security Master, or else the program is going to make you watch its popups at increasing frequency.
Important to note, the application introduces changes to system registry and modifies other aspects of your operating system to ensure it is permitted to start automatically and prevail over other processes on your PC, the latter entails it is permitted to ban any other programs operating at the machine it holds. In the wild, it does terminate common applications such as e.g. media players, web-browsers. It comments such developments with a statement that it has found the just stopped programs affected by a virus. Any such claims are misleading, of course; get rid of Windows Security Master and target true computer parasites with free scan powered solution available here.

windows-security-master

Screenshot of Windows Security Master GUI (graphic user interface)

Windows Security Master malware generates the following fake alerts:

Firewall has blocked a program from accessing the Internet
c:\windows\system32\cmd.exe
is suspected to have infected your PC.
This type of virus intercepts entered data and transmits them
to a remote server.

Error
Trojan activity detected. System data security is at risk.
It is recommended to activate protection and run a full system scan.

Torrent Alert
Recommended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notification means that you have violated:
– the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and break of law under the SOPA legislation…. and others

Method 1: Using Safe Mode with Networking + antimalware to remove Windows Security Master infection:

Step 1 > Please restart your PC, but do not wait for regular session to start. Instead, once anything comes to your monitor, press
F8
reputedly and frequently enough so that a screen like the one below would get loaded. This is the menu where you need to select the suggested operating mode. Arrows on you keyboard enable you to navigate through the menu and mark Safe Mode with Networking. Once this is done, activate it by pressing Enter on your keyboard.

How to switch to Safe mode?

Step 2 > Prior to initiating any procedures, the processes run by Windows Security Master must be killed for good. This will prevent in from meddling into the extermination routine. Get RKill browsing to the link below so that this requirement could be satisfied.

downloadDownload RKill
Run it to stop malware processes

Set desktop in “Save as” routine. Once it is downloaded, double-click on the it in order to automatically attempt to stop any processes associated with Windows Security Master and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next Step.

rkill

If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Windows Security Master when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate Windows Security Master. So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again. If you continue having problems running RKill, you can rename it to “Iexplorer.exe”,“chrome.exe” and then try to start.

rkill download

Step 3 > Open your browser and download TDSSKiller. Run the utility and click “Start Scan” to anti-rootkit scan.

downloadDownload TDSSKiller
Utility for removing malicious rootkits.

tdss killer kaspersky

Step 4 >Download and install SpyHunter. It has a great capability as an antivirus and complex security suite to recognize,
identify, contain and remove any and all threats, including, but not limited to, viral infections, malicious software, parasites that propagate using worm and trojan type routine, potential risks (PUP). Choosing to load and install onto your PC SpyHunter, free edition or advanced edition, ensures that you remove Windows Security Master PUP referred to as infection for the purposes of this guide.

downloadDownload SpyHunter
Adaptive Spyware Detection and Removal Tool

    • NOTE: There is a risk of the infection you are about to remove interfering with the above (Rkill, TDSS Killer, SpyHunter) and probably any other installations into compromised machine. Under such circumstances, please download the content specified herein into removable memory at a PC void of the infection. Upon completing this step, attach the removable media (USB, external drive, CD/DVD) to affected machine so that you could install the solution despite the tricks.
    • OR follow these instructions:
      1. Click Start->Run
      2. Enter “http://manual-removal.com/windows-security-master-removal-tool” and press ‘Enter’.
      3. Press ‘Continue unprotected’
      4. Save the file on your desktop.
      5. Rename the .exe from xxx.exe to antivir.com and run it.
      6. Now you have to remove Windows Security Master files that will be detected by a program.

       

Method 2: Removing Windows Security Master using the debugged activation key \ unlock code:

Step 1 >Use the debugged keys listed below to register this infection and stop the fake security alerts.

0W000-000B0-00T00-E0021

After you active the rogueware, you are able to access the Internet and download anti-virus or anti-malware program to kill the Windows Security Master.

Step 2 > Download, install the automatic remover – SpyHunter to scan out and remove the residing files of the infection.

downloadDownload Windows Security Master Removal Tool
Spyhunter – the Ultimate Malware and Spyware Protection

Method 3: Windows Security Master Manual removal:

Important! Experienced users only!

Step 1> Locate, stop and delete the following processes and files:

    • %AppData%\guard-<random>.exe
      %AppData%\result1.db

To find [random].exe malicious process Right click on “Windows Security Master” icon >Properties:

You can locate process file in “Target” field:

Step 2> Remove or change the following registry entries, using “Start>Run> print “regedit” command:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd “ImagePath” = “123123.sys”
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;”
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = 1
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “GuardSoftware” = %AppData%\svc-lefx.exe
      HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%AppData%\safe-<random>.exe”
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableVirtualization” = 0

Step 3> Download reliable anti-malware solution to remove other malicious files and potentially unwanted applications:

downloadDownload SpyHunter
Windows XP, Windows Vista, Windows 7, Windows 8

Leave a Reply

Your email address will not be published. Required fields are marked *