Windows Pro Defence is a malware that pretends to be legal security software. This article should serve as a warning to our readers not to install the product. Doing so will create a bunch of faults on your PC. As soon as it is installed, it initiates a number of tricks in order to persuade user to pay for the product.
Its misleading tactics will start in exhibition of alerts and system tray messages. Then, a series of virus scan is run on the computer. Such scan will provide nothing but false information. Quite a number of Trojans and viruses are included in the report that is pre-configured with Windows Pro Defence. Same results are reflected wherever the rogue software is loaded. Moreover, the malware can issue much deceitful information once you run a program or use the Internet.
Victim may get Windows Pro Defence from a number of sources. Typically, it is pack with a Trojan. Authors of this malware created a Trojan that will install it on computer resisting the protection put up by your antivirus program. Security web analysts that monitor malicious web sites found that a lot are spreading Windows Pro Defence. Peer-to-peer (P2P) connection and social networking sites are probably the least used way by hackers to propagate this malware.
In order to remove Windows Pro Defence, you will require a tool that can remove both the malware and Trojan. On our guide below, we make it to a point that user may follow the procedures with ease.
What are the Symptoms of Windows Pro Defence Infection?
Once this malware is installed on the computer, it will run a scan each time Windows starts. Refer to the image below for the fake scanner you will see on the screen.
It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “mkcysupwms”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmsjuwye.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe
The threat will drop the following malicious files:
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%CommonStartMenu%\Programs\Windows Pro Defence.lnk
%Desktop%\Windows Pro Defence.lnk