Alright, there’s a new rogue making the rounds on the internet today. It’s called Windows Security Master.
For those of you who do not know, a rogue antivirus program is a piece of malware that pretends to be an antivirus program. It then scans your computer and detects threats that are not actually on your computer. It is just trying to make you purchase it.
Here is how to remove it:
Step #1: Reboot your computer. As soon as you see anything on your screen, press the F8 key.
Step #2: On the boot menu, choose Safe Mode with Command Prompt.
Step #3: Once the computer has started up, in the command prompt window, type in regedit and press enter.
Step #4: On the left side of the new window, navigate to the following location: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\
Step #5: Highlight Winlogon.
Step #6: Double-click Shell and clear the entry data and replace it with “explorer.exe” (without quotes)
Step #7: Run explorer.exe.
Step #8: Navigate to %appdata% and delete guard-xxxx.exe. (Please note that the “xxxx” may be just a random string of letters)
Step #9: Reboot into regular mode.
Step #10: In order to make sure that your computer is fully cleaned, we will run MalwareBytes Anti-Malware. Download it here: http://www.malwarebytes.org/mwb-download/
Step #11: Run Malwarebytes Anti-Malware and install it.
Step #12: Run a full scan. This may take some time depending on the number of files on your computer. So I suggest that you go do something else while you are waiting for the scan to finish.
This may be a good time to watch a 30 minute show you’ve been meaning to see, or finish that good book you have been reading that you just cannot seem to put down.
Step #13: Once the scan is done, click OK on the dialog box in order to see the results.
Step #14: Should it find anything, click Remove Selected and allow it to reboot your computer if it asks you to.
Step #15: Your computer should now be free of Windows Security Master.