Windows Pro Defence

By | June 25, 2012 | 0 Comment

Windows Pro Defence is a malware that pretends to be legal security software. This article should serve as a warning to our readers not to install the product. Doing so will create a bunch of faults on your PC. As soon as it is installed, it initiates a number of tricks in order to persuade user to pay for the product.

Its misleading tactics will start in exhibition of alerts and system tray messages. Then, a series of virus scan is run on the computer. Such scan will provide nothing but false information. Quite a number of Trojans and viruses are included in the report that is pre-configured with Windows Pro Defence. Same results are reflected wherever the rogue software is loaded. Moreover, the malware can issue much deceitful information once you run a program or use the Internet.

Victim may get Windows Pro Defence from a number of sources. Typically, it is pack with a Trojan. Authors of this malware created a Trojan that will install it on computer resisting the protection put up by your antivirus program. Security web analysts that monitor malicious web sites found that a lot are spreading Windows Pro Defence. Peer-to-peer (P2P) connection and social networking sites are probably the least used way by hackers to propagate this malware.

In order to remove Windows Pro Defence, you will require a tool that can remove both the malware and Trojan. On our guide below, we make it to a point that user may follow the procedures with ease.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Pro Defence Infection?

Once this malware is installed on the computer, it will run a scan each time Windows starts. Refer to the image below for the fake scanner you will see on the screen. 

Windows Pro Defence Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “mkcysupwms”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmsjuwye.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Pro Defence.lnk
%Desktop%\Windows Pro Defence.lnk

Leave a Reply

Your email address will not be published. Required fields are marked *