Security Master AV

Posted: May 26, 2010

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	14

First Seen:	May 28, 2010
Last Seen:	March 22, 2023
OS(es) Affected:	Windows

Security Master AV is a rogue anti-virus program that pretends to alert you about viruses and other types of PC threats when its error messages, in reality, lack any relevance to infections on your computer. Although Security Master AV is a relatively-elderly type of scamware that's been in circulation since 2010 SpywareRemove.com malware experts warn that Security Master AV has seen a variety of updates over the years and may be undetectable by anti-malware scanners that haven't been patched with their latest threat databases. Despite the extra trouble that removing Security Master AV requires, deleting Security Master AV is strongly encouraged, since Security Master AV will also create other issues for your PC besides presenting inaccurate system info – most particularly, by littering junk files throughout your hard drive to make you feel threatened by other types of malicious software that aren't on your PC at all.

Security Master AV – a Master of Lying to Your Face

Security Master AV has only had minor alterations from the interface that's shared between other members of its family, the FakeVimes family which include Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security.

Each of these rogue AV products pretends to be a handy anti-virus utility when their real functions merely display fake warnings about PC threats that aren't on your computer in the first place. Because Security Master AV doesn't have anything resembling actual anti-virus features, SpywareRemove.com malware analysts strongly-discourage any efforts to purchase Security Master AV, even if this is only done to make it easier to remove Security Master AV than it would be otherwise.

Some of the fake warning messages that Security Master AV can create include, amongst other possibilities:

Your PC may still be infected with dangerous viruses. [Rogue AV program's name] protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.

Warning! Virus detected
Threat Detected: Trojan-Spy.HTML.Citifraud

Warning! Identity theft attempt detected
Hidden Connection IP:
Security Risk: High
Target: Microsoft Corporation Keys

Security Master AV will also launch itself automatically via typical Registry-based exploits and may initiate fake system scans without your permission. You needn't worry about these scans holding your computer's health in their results, since scans by Security Master AV are just as fraudulent as its pop-up alerts.

Being the Master of Your Own Computer by Putting Down Security Master AV

Common attacks from scamware in Security Master AV's subgroup can also extend to other issues besides showing inaccurate system analyses, such as:

The creation of junk files that have no purpose except to make you think that they're unrelated PC threats.
Browser redirects to Security Master AV's website. Redirects may also display fake warning screens that block PC security websites. You should avoid sites that are promoted by Security Master AV, since they can be considered security risks and may attack your PC with drive-by-download scripts.
Issues with your anti-malware and security software; these problems can usually be solved by disabling Security Master AV before you try to remove Security Master AV with said software. SpywareRemove.com malware researchers note that Safe Mode is often the most convenient method of achieving this, although other means of shutting down Security Master AV are also available for Windows computers.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%CommonAppData%\8d7ca11\SM8d7c.exe

File name: %CommonAppData%\8d7ca11\SM8d7c.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%CommonAppData%\8d7ca11\25.mof

File name: %CommonAppData%\8d7ca11\25.mof
Mime Type: unknown/mof
Group: Malware file

%CommonAppData%\8d7ca11\SMAV.ico

File name: %CommonAppData%\8d7ca11\SMAV.ico
Mime Type: unknown/ico
Group: Malware file

%CommonAppData%\8d7ca11\SMAVSys\vd952342.bd

File name: %CommonAppData%\8d7ca11\SMAVSys\vd952342.bd
Mime Type: unknown/bd
Group: Malware file

%AppData%\Security Master AV\cookies.sqlite

File name: %AppData%\Security Master AV\cookies.sqlite
Mime Type: unknown/sqlite
Group: Malware file

%AppData%\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk

File name: %AppData%\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%StartMenu%\Security Master AV.lnk

File name: %StartMenu%\Security Master AV.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%StartMenu%\Programs\Security Master AV.lnk

File name: %StartMenu%\Programs\Security Master AV.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%Desktop%\Security Master AV.lnk

File name: %Desktop%\Security Master AV.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%UserProfile%\Recent\cid.dll

File name: %UserProfile%\Recent\cid.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

%UserProfile%\Recent\gid.drv

File name: %UserProfile%\Recent\gid.drv
File type: Device Driver
Mime Type: unknown/drv
Group: Malware file

%UserProfile%\Recent\energy.tmp

File name: %UserProfile%\Recent\energy.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file

%UserProfile%\Recent\CLSV.drv

File name: %UserProfile%\Recent\CLSV.drv
File type: Device Driver
Mime Type: unknown/drv
Group: Malware file

%UserProfile%\Recent\DBOLE.sys

File name: %UserProfile%\Recent\DBOLE.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file

%UserProfile%\Recent\ddv.dll

File name: %UserProfile%\Recent\ddv.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

%UserProfile%\Recent\ddv.sys

File name: %UserProfile%\Recent\ddv.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file

%UserProfile%\Recent\FS.drv

File name: %UserProfile%\Recent\FS.drv
File type: Device Driver
Mime Type: unknown/drv
Group: Malware file

%UserProfile%\Recent\ANTIGEN.drv

File name: %UserProfile%\Recent\ANTIGEN.drv
File type: Device Driver
Mime Type: unknown/drv
Group: Malware file

%UserProfile%\Recent\ANTIGEN.exe

File name: %UserProfile%\Recent\ANTIGEN.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%UserProfile%\Recent\PE.exe

File name: %UserProfile%\Recent\PE.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%UserProfile%\Recent\PE.drv

File name: %UserProfile%\Recent\PE.drv
File type: Device Driver
Mime Type: unknown/drv
Group: Malware file

%UserProfile%\Recent\PE.tmp

File name: %UserProfile%\Recent\PE.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file

%UserProfile%\Recent\PE.sys

File name: %UserProfile%\Recent\PE.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file

%UserProfile%\Recent\std.exe

File name: %UserProfile%\Recent\std.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%UserProfile%\Recent\tjd.sys

File name: %UserProfile%\Recent\tjd.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file

%UserProfile%\Recent\tjd.drv

File name: %UserProfile%\Recent\tjd.drv
File type: Device Driver
Mime Type: unknown/drv
Group: Malware file

%UserProfile%\Recent\runddlkey.dll

File name: %UserProfile%\Recent\runddlkey.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\3HKEY_CLASSES_ROOTS\MAVSys.DocHostUIHandler

Additional Information

The following directories were created:

%AppData%\Security Master AV

5 Comments

limp says:

June 26, 2010 at 6:46 pm

gooooooooood
arber says:

July 17, 2010 at 8:45 am

how i can remove this program?
Simon says:

August 2, 2010 at 4:08 am

TROUBLE IS
Master AV virus completly occupies the cpu and everytime i try to run internet explorer it closes it before i can enter a single letter in the search bar
and Task Manager wont load and mcafee program has been scrambled
genrally your only option is to format the hard drive

I had to unplug my speakers because everytime i mute the sound it unmutes and turns the volume up to full blast before it makes that pointless scream

THIS IS E-TERRORISM
w32 blaster worm removal says:

March 28, 2012 at 7:14 am

I also had the AntiSpy Safeguard infection on my computer yesterday. It was blocking IE from launching and I couldn't open Task Manager.
Elene Beed says:

March 29, 2012 at 8:57 am

I am using a couple of anti-virus solutions for many years at the same time. But I guess I only use 1 for active defense and the other 1 is utilized to check data files which I duplicate on thumb drive for download just before I open them. This has kept my computer protected and might certainly be a good approach for many people.