Security Master AV is fake anti-spyware program which imitates a legitimate antimalware application and is related to My Security Engine and Cleanup Antivirus. It acts in the same manner as any other rogue software by trying to convince users to buy a license for the software. Security Master AV enters a user’s computer via Trojans that get downloaded from websites which promote fake audio/video codec packs. Once it has been installed, Security Master AV blocks any legitimate antivirus software that the user may have installed on the system as well as disabling essential Windows utilities such as Task Manager and Registry Editor. Then it starts performing fake system scans at regular intervals, returning results that claim that the user’s system is under serious threat. It also creates a number of harmless files that it later detects as dangerous viruses. Security Master AV uses a Windows-style GUI and pop-ups generated from the Windows taskbar to convince users that this is the real thing. Then it claims that the currently installed ‘trial’ version is inadequate to remove the previously detected false ‘threats and urges the user the pay for the ‘full’ version of the software. However, the ‘full’ version is no more capable of cleaning a user’s system than the ‘trial’ version; therefore no user should ever purchase the false license to this rogue software.

Security Master AV

As soon as you find a copy of this malicious software installed on your computer, you should take steps to delete Security Master AV. Security Master AV removal involves the stopping of processes, unregistering of DLLs, removal of files and folders and the deletion of registry entries. However, before attempting this you should restart your computer in Safe Mode.

File Removal Procedures

The first in Security Master AV removal is the stopping of the following processes:

  • SM8d7c.exe
  • ANTIGEN.exe
  • std.exe
  • SM345d.exe

Next, it is necessary to unregister the following DLL files to continue with Security Master AV removal:

  • cid.dll
  • ddv.dll
  • runddlkey.dll
  • sqlite3.dll
  • mozcrt19.dll

The next step that has to be taken to remove Security Master AV is the deletion of the following files and folders:

Windows XP:

  • %CommonAppData%\8d7ca11\25.mof
  • %CommonAppData%\8d7ca11\SM8d7c.exe
  • %CommonAppData%\8d7ca11\SMAV.ico
  • %CommonAppData%\8d7ca11\SMAVSys\vd952342.bd
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
  • %AppData%\Security Master AV\cookies.sqlite
  • %Desktop%\Security Master AV.lnk
  • %UserProfile%\Recent\ANTIGEN.drv
  • %UserProfile%\Recent\ANTIGEN.exe
  • %UserProfile%\Recent\cid.dll
  • %UserProfile%\Recent\CLSV.drv
  • %UserProfile%\Recent\DBOLE.sys
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\ddv.sys
  • %UserProfile%\Recent\energy.tmp
  • %UserProfile%\Recent\FS.drv
  • %UserProfile%\Recent\gid.drv
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\PE.exe
  • %UserProfile%\Recent\PE.sys
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\std.exe
  • %UserProfile%\Recent\tjd.drv
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Recent\runddlkey.dll
  • %StartMenu%\Security Master AV.lnk
  • %StartMenu%\Programs\Security Master AV.lnk
  • c:\Documents and Settings\All Users\Application Data\345d567\
  • c:\Documents and Settings\All Users\Application Data\345d567\16.mof
  • c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\SM345d.exe
  • c:\Documents and Settings\All Users\Application Data\345d567\SMAV.ico
  • c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items\
  • c:\Documents and Settings\All Users\Application Data\345d567\SMAVSys\
  • c:\Documents and Settings\All Users\Application Data\345d567\SMAVSys\vd952342.bd
  • c:\Documents and Settings\All Users\Application Data\SMNPCTCAV\
  • c:\Documents and Settings\All Users\Application Data\SMNPCTCAV\SMMPIBBZGHAV.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
  • Windows Vista / Windows 7:
  • %CommonAppData%\8d7ca11\25.mof
  • %CommonAppData%\8d7ca11\SM8d7c.exe
  • %CommonAppData%\8d7ca11\SMAV.ico
  • %CommonAppData%\8d7ca11\SMAVSys\vd952342.bd
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
  • %AppData%\Security Master AV\cookies.sqlite
  • %Desktop%\Security Master AV.lnk
  • %UserProfile%\Recent\ANTIGEN.drv
  • %UserProfile%\Recent\ANTIGEN.exe
  • %UserProfile%\Recent\cid.dll
  • %UserProfile%\Recent\CLSV.drv
  • %UserProfile%\Recent\DBOLE.sys
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\ddv.sys
  • %UserProfile%\Recent\energy.tmp
  • %UserProfile%\Recent\FS.drv
  • %UserProfile%\Recent\gid.drv
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\PE.exe
  • %UserProfile%\Recent\PE.sys
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\std.exe
  • %UserProfile%\Recent\tjd.drv
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Recent\runddlkey.dll
  • %StartMenu%\Security Master AV.lnk
  • %StartMenu%\Programs\Security Master AV.lnk
  • c:\Users\%USER%\AppData\345d567\
  • c:\ Users\%USER%\AppData \345d567\16.mof
  • c:\ Users\%USER%\AppData \345d567\mozcrt19.dll
  • c:\ Users\%USER%\AppData \345d567\SM345d.exe
  • c:\ Users\%USER%\AppData \345d567\SMAV.ico
  • c:\ Users\%USER%\AppData \345d567\sqlite3.dll
  • c:\ Users\%USER%\AppData \345d567\Quarantine Items\
  • c:\ Users\%USER%\AppData \345d567\SMAVSys\
  • c:\ Users\%USER%\AppData \345d567\SMAVSys\vd952342.bd
  • c:\ Users\%USER%\AppData \SMNPCTCAV\
  • c:\ Users\%USER%\AppData \SMNPCTCAV\SMMPIBBZGHAV.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk

Registry Removal Procedures

File deletion alone is not sufficient to completely remove Security Master AV. The following keys and settings should be removed from the Windows Registry for complete Security Master AV removal:

  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\SMAVSys.DocHostUIHandler
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Master AV”
  • HKEY_CLASSES_ROOT\CLSID\3F2BBC05-40DF-11D2-9455-00104BC936FF
  • HKEY_CLASSES_ROOT\SM345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q=searchTerms”
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q=searchTerms”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q=searchTerms”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”

Now it is safe to say that Security Master AV will no longer affect the security of your computer system, however, it is still recommended to conduct a full system scan using genuine antivirus software such as Spyware Doctor with Antivirus.

Conclusion

Manual Security Center AV removal is not recommended for inexperienced users as any wrong move made during removal could cause damage to the system. The best tactic that inexperienced users can employ is to make use of web-based computer scanning/cleaning service such as www.onlinecomputerrepair.org or legitimate antivirus software such as Spyware Doctor with Antivirus to ensure complete and safe Security Master AV removal.

Be Sociable, Share!