Thursday, May 27, 2010

Security Master AV Removal GuideSecurity Master AV Removal Guide

Security Master AV Removal Guide
Security Master AV is a fake antivirus which will infect the computer after a Trojan opens a backdoor on the computer. Normally this program is installed to the computer without the permission of the users when they visit some websites. Security Master AV start automatically when the computer boot. It will scan the infected computer and shows that the computer has been infected by many malwares. In fact, the computer is infected by itself! Then, Security Master AV will persuade the user to purchase the license in order to activate it. This fake antivirus should be removed immediately.

Security Master AV lie to you that it will help protect your PC. It provide an Advanced Security Center which show that it will helps you to manage your Windows Security Settings. Moreover, It warned you that there are a lot of severe/high alerts detected in your PC! If you activate it, you will get ultimate protection against Identifiy Theft, Viruses, Malware and other threats!

Security Master AV must be removed from your computer immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
std.exe
pe.exe
antigen.exe
SM8d7c.exe
SM345d.exe
DBOLE.exe
sld.exe

Unregister DLL files
%UserProfile%\Recent\runddlkey.dll
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\cid.dll

Delete Registry
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\SM345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Master AV"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"

Remove Folders and Files
%UserProfile%\Recent\runddlkey.dll
%UserProfile%\Recent\tjd.sys
%UserProfile%\Recent\tjd.drv
%UserProfile%\Recent\std.exe
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\gid.drv
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\ANTIGEN.exe
%UserProfile%\Recent\ANTIGEN.drv
%Desktop%\Security Master AV.lnk
%AppData%\Security Master AV\cookies.sqlite
%AppData%\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
%CommonAppData%\8d7ca11
%AllAppData%\345d567
%AllAppData%\SMNPCTCAV
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
%UserProfile%\Application Data\Security Master AV
%UserProfile%\Desktop\Security Master AV.lnk
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\DBOLE.tmp
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\FS.sys
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\runddl.sys
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\sld.drv
%UserProfile%\Recent\sld.exe
%UserProfile%\Recent\sld.sys
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Start Menu\Security Master AV.lnk
%UserProfile%\Start Menu\Programs\Security Master AV.lnk

No comments:

Post a Comment