How to Remove Security Master AV

Security Master AV is a rogue anti-spyware that aggressively sells itself to users by showing fake threat reports and scan results. It is related to the notorious rogue programs known by the names of My Security Engine and Cleanup Antivirus. Security Master AV gets installed on a user’s computer through fake websites that install a Trojan. Once installed, Security Master AV immediately disables essential Windows utilities such as Task Manager and Registry Editor to prevent the user from attempting to manually remove it. Then, Security Master AV starts to display fake pop-ups, claiming that the integrity of the system has been compromised due to the presence of dangerous spyware. Its GUI is extremely authentic-looking, and starts conducting fake scans as soon as it is open, flagging legitimate user programs as viruses and spyware. It also tries to convince the user that the currently installed ‘trial’ version is not sufficient to remove these threats, and that the user should pay for ‘activation’ of Security Master AV. It should be noted that the ‘full’ version of Security Master AV, once purchased, has no capability whatsoever to clean your computer and this is a trick that you should never fall for.

Security Master AV

The following sections outline how to remove Security Master AV. Security Master AV removal involves the stopping of processes, unregistering of DLLs, removal of files and folders and the deletion of registry entries. However, before attempting this you should restart your computer in Safe Mode.

File Removal Procedures

The first in Security Master AV removal is the stopping of the following processes:

  • SM8d7c.exe
  • ANTIGEN.exe
  • std.exe
  • SM345d.exe

Next, it is necessary to unregister the following DLL files to continue with Security Master AV removal:

  • cid.dll
  • ddv.dll
  • runddlkey.dll
  • sqlite3.dll
  • mozcrt19.dll

The next step that has to be taken to remove Security Master AV is the deletion of the following files and folders:

Windows XP:

  • %CommonAppData%\8d7ca11\25.mof
  • %CommonAppData%\8d7ca11\SM8d7c.exe
  • %CommonAppData%\8d7ca11\SMAV.ico
  • %CommonAppData%\8d7ca11\SMAVSys\vd952342.bd
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
  • %AppData%\Security Master AV\cookies.sqlite
  • %Desktop%\Security Master AV.lnk
  • %UserProfile%\Recent\ANTIGEN.drv
  • %UserProfile%\Recent\ANTIGEN.exe
  • %UserProfile%\Recent\cid.dll
  • %UserProfile%\Recent\CLSV.drv
  • %UserProfile%\Recent\DBOLE.sys
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\ddv.sys
  • %UserProfile%\Recent\energy.tmp
  • %UserProfile%\Recent\FS.drv
  • %UserProfile%\Recent\gid.drv
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\PE.exe
  • %UserProfile%\Recent\PE.sys
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\std.exe
  • %UserProfile%\Recent\tjd.drv
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Recent\runddlkey.dll
  • %StartMenu%\Security Master AV.lnk
  • %StartMenu%\Programs\Security Master AV.lnk
  • c:\Documents and Settings\All Users\Application Data\345d567\
  • c:\Documents and Settings\All Users\Application Data\345d567\16.mof
  • c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\SM345d.exe
  • c:\Documents and Settings\All Users\Application Data\345d567\SMAV.ico
  • c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items\
  • c:\Documents and Settings\All Users\Application Data\345d567\SMAVSys\
  • c:\Documents and Settings\All Users\Application Data\345d567\SMAVSys\vd952342.bd
  • c:\Documents and Settings\All Users\Application Data\SMNPCTCAV\
  • c:\Documents and Settings\All Users\Application Data\SMNPCTCAV\SMMPIBBZGHAV.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
  • Windows Vista / Windows 7:
  • %CommonAppData%\8d7ca11\25.mof
  • %CommonAppData%\8d7ca11\SM8d7c.exe
  • %CommonAppData%\8d7ca11\SMAV.ico
  • %CommonAppData%\8d7ca11\SMAVSys\vd952342.bd
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
  • %AppData%\Security Master AV\cookies.sqlite
  • %Desktop%\Security Master AV.lnk
  • %UserProfile%\Recent\ANTIGEN.drv
  • %UserProfile%\Recent\ANTIGEN.exe
  • %UserProfile%\Recent\cid.dll
  • %UserProfile%\Recent\CLSV.drv
  • %UserProfile%\Recent\DBOLE.sys
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\ddv.sys
  • %UserProfile%\Recent\energy.tmp
  • %UserProfile%\Recent\FS.drv
  • %UserProfile%\Recent\gid.drv
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\PE.exe
  • %UserProfile%\Recent\PE.sys
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\std.exe
  • %UserProfile%\Recent\tjd.drv
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Recent\runddlkey.dll
  • %StartMenu%\Security Master AV.lnk
  • %StartMenu%\Programs\Security Master AV.lnk
  • c:\Users\%USER%\AppData\345d567\
  • c:\ Users\%USER%\AppData \345d567\16.mof
  • c:\ Users\%USER%\AppData \345d567\mozcrt19.dll
  • c:\ Users\%USER%\AppData \345d567\SM345d.exe
  • c:\ Users\%USER%\AppData \345d567\SMAV.ico
  • c:\ Users\%USER%\AppData \345d567\sqlite3.dll
  • c:\ Users\%USER%\AppData \345d567\Quarantine Items\
  • c:\ Users\%USER%\AppData \345d567\SMAVSys\
  • c:\ Users\%USER%\AppData \345d567\SMAVSys\vd952342.bd
  • c:\ Users\%USER%\AppData \SMNPCTCAV\
  • c:\ Users\%USER%\AppData \SMNPCTCAV\SMMPIBBZGHAV.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk

Registry Removal Procedures

File deletion alone is not sufficient to completely remove Security Master AV. The following keys and settings should be removed from the Windows Registry for complete Security Master AV removal:

  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\SMAVSys.DocHostUIHandler
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Master AV”
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\SM345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”

Now it is safe to say that Security Master AV will no longer plague your system. Even if this will be true in most cases, it is recommended to conduct a full system scan using genuine antivirus software such as Spyware Doctor with Antivirus in order to identify any additional possible malicious components.

Conclusion

Even if you have a good knowledge on how to remove Security Master AV, you should not attempt to do it manually if you are an inexperienced computer user. Any mistake made during removal could cause untold damage to the operating system. Therefore it is recommended to use a legitimate antivirus application such as Spyware Doctor with Antivirus or web-based repair service such as www.onlinecomputerrepair.org for safe Security Master AV removal.