Master Utilities

2 September 2011 Rogue 2 Comments

Fake hard drive optimization group of rogue programs have released its opening variant for the month of September 2011. The malware is called Master Utilities virus. This unwanted software shows same graphical user interface copied from its previous versions. It also offers same functions that aim to mislead computer users. Some of the ineffective features are the following:

• Display real-time computer status reports
• Report system drive status
• Diagnose current memory condition
• Show system registry information

Having Master Utilities on the computer means great risks not just on your stored files but it also may lead to unsafe usage of credit card when used via online transaction to obtain the licensed version of Master Utilities. Right from the start, the program aspires to gain trust from users like you by falsely discovering threats on the system. Although Trojans, viruses and malware does not really exist, Master Utilities makes it so simple to produce imaginary revelation as a way to scare victims. Unnecessary pop-up alerts and warning notices are repeatedly flash to induce users into paying for the paid version of this program.

Take note that Master Utilities will be setup to have start-up entry. Loading itself instantly once Windows starts is made through the registry. Malicious files are written on system folders and crucial system files are made hidden to prevent any installed software from running. When user attempts to launch program, it will put system to an idle for the meantime, then Master Utilities will announced that system is infected.

Master Utilities is a typical rogue program than needs immediate removal. A good and trusted anti-malware program should take care of it when a complete scan is carried on the affected PC.

Screen Shot Image:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Added Registry Entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'

Associated Files and Folders:

%Temp%\smtmp\
%UserProfile%\Desktop\Master Utilities.lnk
%AppData%\[random]
%AppData%\[random].exe
%AppData%\~[random]
%AppData%\~[random]
%StartMenu%\Programs\Master Utilities\
%StartMenu%\Programs\Master Utilities\Master Utilities.lnk
%StartMenu%\Programs\Master Utilities\Uninstall Master Utilities.lnk

File Location for Windows Versions:

• %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
• %AppData% for Vista/7 refers to C:\Users\<Current User>\AppData\Roaming, while for Windows XP/2000 user it is C:\Documents and Settings\<Current User>\Application Data.
• %StartMenu% on Vista/7 it refers to C:\Users\<Current User>\AppData\Roaming\Microsoft\Windows\Start Menu while for Windows XP/2000 this is C:\Documents and Settings\<Current User>\Start Menu\.
• %Temp% refers to C:\Windows\Temp\.

Master Utilities Virus Removal Tool

For not so technical users that cannot comprehend with the manual removal. This automatic detection and cleaner is recommended. However, you need to download and install a tool to complete this process. The tool is free to download. We highly advise the use of this program to automatically delete all files and registry entries created by Master Utilities. Remember that erasing system files required by the operating system may cause erratic behavior. It may also lead to system malfunction. Proceed with Master Utilities automatic removal.

Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.

Manual Removal Procedure

1. Press Ctrl+Alt+Del on keyboard to stop the process associated to "Master Utilities". When Windows Task Manager opens, go to Processes tab. Find and end this process.
(random characters).exe

2. You need to update your installed antivirus software. Please connect to the Internet and download the most recent database. This is a one-click process from your AV program’s console.
3. Thoroughly scan the computer and remove any threats found by your antivirus program. If delete option is not available, your best next choice is to quarantine the infected file. There is also a need to manually locate and delete malicious files. Please see the file section for items that are relevant to Master Utilities Virus.

4. Next, you need to remove registry entries created by Master Utilities. Please refer to registry section to view entries related to the rogue program. [how to edit registry]
5. Exit registry editor when you are done.

6. Get rid of Master Utilities start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. It will launch a new window containing System Configuration Utility. Click on the Startup tab and uncheck the following item.
(random characters).exe

7. Click Apply. You need to restart Windows.