Security Master AV

Security Master AV is a virus that will disguise as a security application that will remove threats and protect a computer from future attacks. This rogue anti-virus program will be dropped on computers and installed without users consent when visiting an infected website equipped with a Trojan that can perform this malicious actions. If installed on the computer, Security Master AV will generate excessive warning messages and prompt that several infected files were detected. One sample fake alert states that:

System Alert
Potentially harmful programs have been detected in your system and need to be dealt with immediately. Click here to remove them using Security Master AV.

Security Master AV Alert

System Message
Your PC may still be infected with dangerous viruses. Security Master AV protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.

System Message - Fake Alert

An advise to remove this threats is displayed by purchasing the registered version. This is the only solution it will give to the infested victim and annoyances will be brought until such time that a purchase was made. But with rogue programs like this, no one can assure that computer will be restored back to its original and normal working condition. Fake antivirus program was created only to mislead and cannot do anything good on the computers where it is present.

As experts suggest, remove potentially unwanted programs immediately before it can further harm the computer by connecting to a remote server and download more threats – as configured by its developers. Use a legitimate anti-malware program to remove Security Master AV together with its associated files and process.

Security Master AV Screen Shot:

Security Master AV Scanner

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Security Master AV Removal Procedures

Manual Removal:
1. Stop malicious process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
(random characters).exe
SM345d.exe
DBOLE.exe
sld.exe

2. Update your installed anti-virus program.
3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.
4. Edit Windows registry and delete Security Master AV entries. [how to edit registry]
5. Exit registry editor.
6. Remove Security Master AV start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and unchecked the following Start up item(s):
(random characters).exe
SM345d.exe
DBOLE.exe
sld.exe

7. Click Apply and restart Windows.

Security Master AV Removal Tool:
In order to completely remove the threat, it is best to download and run SuperAntiSpyware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.

Technical Details and Additional Information:

By executing a link on its virus scanner or simply removing the threat, this program will open a new browser window asking computer owners to get Security Master AV activation code. A payment processing website where credit card can be used to purchase the software will be displayed afterwards.

Security Master AV Activation

Malicious Files Added by Security Master AV:
c:\Documents and Settings\All Users\Application Data\[random]\16.mof
c:\Documents and Settings\All Users\Application Data\[random]\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\[random]\SM345d.exe
c:\Documents and Settings\All Users\Application Data\[random]\SMAV.ico
c:\Documents and Settings\All Users\Application Data\[random]\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\[random]\Quarantine Items\
c:\Documents and Settings\All Users\Application Data\[random]\SMAVSys\
c:\Documents and Settings\All Users\Application Data\[random]\SMAVSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\SMNPCTCAV\SMMPIBBZGHAV.cfg
%UserProfile%\Application Data\Security Master AV\cookies.sqlite
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\DBOLE.tmp
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\FS.sys
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\runddl.sys
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\sld.drv
%UserProfile%\Recent\sld.exe
%UserProfile%\Recent\sld.sys
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.tmp

Security Master AV Registry Entries:
HKCU\Software\3
HKCU\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Security Master AV”
HKCU\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala . com/?&uid=7&q={searchTerms}”
HKCU\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKCR\SM345d.DocHostUIHandler
HKCU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala . com/?&uid=7&q={searchTerms}”
HKCR\Software\Microsoft\Internet Explorer\SearchScopes “URL” = http://findgala . com/?&uid=7&q={searchTerms}

Alternative Removal Method for Security Master AV

Option 1 : Use Windows System Restore to return Windows to previous state

If Security Master AV enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Security Master AV infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.