Home Malware Programs Rogue Anti-Spyware Programs Windows Armament Master

Windows Armament Master

Posted: July 13, 2011

Windows Armament Master is rogue security software that uses a misinforming security-grading display and shows fake error pop-ups to mislead you about your computer's safety. After convincing you that your PC is nearing a breakdown, Windows Armament Master will inform you that it can fix all the problems Windows Armament Master found, if only you'll bother to pay for the full version of Windows Armament Master. If you fall for Windows Armament Master's scam, this purchase will give your credit card information and money to criminals. Your PC also will continue to be attacked by Windows Armament Master, which will hijack your browser and disable applications that have the real security features that Windows Armament Master tries to fake. Prompt removal of Windows Armament Master with anti-virus software is strongly suggested in all cases.

A Display of Windows Armament Master's Mastery of Feeding You Bad Intelligence

Those who aren't familiar with Windows Armament Master and Windows Armament Master's relatives (Windows Necessary Firewall, Windows Virtual Firewall, Windows Armature Master, Windows Debugging Agent and Windows Easy Supervisor, to name just a few) may be amazed at how broad Windows Armament Master's security features appear to be. Windows Armament Master will tell you that Windows Armament Master monitors almost every aspect of your computer's security along with important software updates, and will even offer system scans and active threat detection.

All of these features are, sadly, a pipe dream that Windows Armament Master builds up as the foundation of a credit card-grabbing scam. Windows Armament Master and similar rogue security programs have no anti-virus or security-related functions – in fact Windows Armament Master's only real functions involve creating fake system information or attacking your real computer security.

Most Windows Armament Master infections occur as the result of being attacked by a separate Trojan, with the Fake Microsoft Security Essentials Alert being the most likely possibility for installing Windows Armament Master. You may see error messages that try to persuade you into believing that Windows Armament Master is real security software. Windows Armament Master itself has its own error messages to convince you of Windows Armament Master's value:

Warning!
Location: [application file path]
Viruses: Backdoor.Win32.Rbot

Warning!
Name: [application file name]
Name: [application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!

Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe
corruption.

Being incapable of doing more than creating messages with deceptive content, Windows Armament Master can't offer your computer real advice or detect real threats to your PC, and you should never purchase Windows Armament Master.

Disarming Windows Armament Master's Nastiest Tricks

Although Windows Armament Master would be an unusually meek example of scamware, if you stopped Windows Armament Master's attacks at the above actions, unfortunately, Windows Armament Master has more in store for your PC.

  • Windows Armament Master doesn't require your permission to launch. In fact, Windows Armament Master doesn't require you to do anything at all other than start Windows. This startup exploit is common to all members of the Windows Armament Master family of rogue security software and utilizes the Windows Registry, making changes hard to detect and just as difficult to undo.
  • As a rather jealous piece of fake security software, Windows Armament Master will attack any program that exhibits the real security functions that Windows Armament Master tries to fake. Usual targets of Windows Armament Master's blockage include Windows Task Manager, MSConfig, the Registry Editor and various types of well-known anti-virus scanners.
  • Last of all, Windows Armament Master will allow you to surf the web, but only under Windows Armament Master's own conditions. Your web browser will be hijacked by Windows Armament Master and redirected to the Windows Armament Master homepage in a variety of ways, including fake error screens that link back to the malicious site.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 [RANDOM CHARACTERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = '%UserProfile%\Application Data\.exe'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe "Debugger" = 'svchost.exe'.00HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe "Debugger" = 'svchost.exe'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'HKEY..\..\..\..{RegistryKeys}"Debugger" = 'svchost.exe'
Loading...