Im-Infected / Rogue / Security Master AV

Security Master AV

This part of web site contains full description and analysis on Security Master AV as well as removal procedures and necessary tools.

Options : » Discuss » Print » Bookmark

Date Posted: May 26th, 2010

Discussion: No Response

Security Master AV is a virus and fake security software that will pretend as “Windows Advanced Security Center” that can provide multiple security services on the computer including Virus Scanning, Firewall and Protection. Security Master AV is a program created specifically to penetrate a computer by means of a Trojan that will take advantage of computers weakness or often called security vulnerabilities. When inside the computer this malicious program will alter system settings and registry to make itself run when Windows is started. This may result to repeated pop-ups of warning messages that advises victims to obtain the registered version of the program. A virus scan by Security Master AV will be generated with fabricated results in order to convince user that computer is really under attack. All this trick was carried to force its target users from paying for the Security Master AV registration key.

You must ignore anything that this unwanted program suggested you to do or buy. All you have to do is download, install  and update a real anti-malware application capable of removing fake security program like Security Master AV.

Type Rogue
Sub-Type FakeAV
Aliases  
OS Affected Windows
Detected By MalwareBytes

What are the Symptoms of Security Master AV Infection?

Security Master AV Screen Shot Image

It will modify Windows Registry and add the following entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run “Security Master AV”
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\Security Master AV.DocHostUIHandler
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes “URL”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\5.0\UserAgent\Post Platform “[xSP_2:61a6083b6194a2314e3dd54cf9615e36_7]“
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings\5.0\User Agent\Post Platform “876902803″

The threat will drop the following malicious files:

  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
  • %UserProfile%\Application Data\Security Master AV
  • %UserProfile%\Application Data\Security Master AV\cookies.sqlite
  • %UserProfile%\Desktop\Security Master AV.lnk
  • %UserProfile%\Recent\cb.sys
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\eb.sys
  • %UserProfile%\Recent\energy.exe
  • %UserProfile%\Recent\pal.sys
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\ppal.exe
  • %UserProfile%\Recent\tempdoc.tmp
  • %UserProfile%\Start Menu\Security Master AV.lnk
  • %UserProfile%\Start Menu\Programs\Security Master AV.lnk
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml
  • c:\Documents and Settings\All Users\Application Data\c9ba
  • c:\Documents and Settings\All Users\Application Data\c9ba\83.mof
  • c:\Documents and Settings\All Users\Application Data\c9ba\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\c9ba\sqlite3.dll
  • c:\Documents and Settings\All Users\Application Data\c9ba\unins000.dat
  • c:\Documents and Settings\All Users\Application Data\c9ba\WED.ico
  • c:\Documents and Settings\All Users\Application Data\c9ba\Security Master AV.exe
    c:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys
    c:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys\vd952342.bd
    c:\Documents and Settings\All Users\Application Data\SMAVSys
    c:\Documents and Settings\All Users\Application Data\SMAVSys\smav.cfg

How to Remove Security Master AV Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary

3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.

4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.

How to Easily Remove Security Master AV

1. Download and run Removal Tool to remove this computer threat.

Security Master AV Discussions

  1. No comments yet.
  1. No trackbacks yet.