You're in: Panda Security > Home Users > security-info > overview
Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

SecurityMasterAV

Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

SecurityMasterAV is an adware program that carries out the following actions:

  • It reaches the computer in a file with any of the following icons:

    Icons of SecurityMasterAV
  • If users run any of these icons, an installation screen is displayed:

    Installation window of SecurityMasterAV
  • Once installed in the computer, it diplays alert messages indicating that the computer is infected and that the problem can be solved with the program Security Master AV:

    Alert message displayed by SecurityMasterAV
  • If users follow the recommendations of this message, the interface of the program, which has the following appearance, will be displayed:

    SecurityMasterAV interface
  • This screen indicates users that the computer is unprotected, as no antivirus is activated. In order to do so, it entices users to carry out a system scan.
  • If users accepts this, the program starts scanning the computer and, once finished, deceiving results are displayed, as it will detect malware that is not really found in the computer:

    Scan carried out by SecurityMasterAV
  • Then, it displays a fake infection alert like the following:

    Infection alert displayed by SecurityMasterAV
  • If users decide to remove these threats and to follow the recommendations of the program, an activation key will be required:

    Activation key required by SecurityMasterAV
  • Curiously, this key can be obtained in the box of the product, so as users will not have it, they will be redirected to the website where the product can be purchased:

    Website to purchase SecurityMasterAV

 

On the other hand, SecurityMasterAV carries out the actions below:

  • It prevents users from accessing websites belonging to certain web search engines and even to websites from which other falke antivirus programs are downloaded.
  • It prevents processes related to certain security programs, like antivirus solutions or firewalls that are active from being run, leaving the computer unprotected. Additionally, it also prevents processes belonging to fake antivirus programs from being run.

Infection strategy 

SecurityMasterAV creates the following folders:

  • SECURITY MASTER AV, in the folder Application data of the Documents and Settings directory of the user that has logged in.
  • several folders with random alphanumeric characters, in the folder Application Data of the Documents and Settings directory of all users.

 

SecurityMasterAV creates a shortcut to the program called SECURITY MASTER AV.LNK in the following directories:

  • in the Windows Quick Launch Bar.
  • in the Desktop:

    Shortcut to SecurityMasterAV
  • in the paths C:\Documents and Settings\%username%\Start Menu and C:\Documents and Settings\%username%\Start Menu\Programs.
    where %username% is the username of the user that has logged in.

 

SecurityMasterAV modifies the HOSTS file, so that the user cannot access certain search websites and websites from which other fake antivirus programs can be downloaded.

 

SecurityMasterAV creates the following entry in the Windows Registry:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\3F2BBC05-40DF-11D2-9455-00104BC936FF

 

It also creates many entries in the Windows Registry like the following: 

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%filename%
    Debugger = svchost.exe
    where %filename% belongs to files belonging to several security suites.
    By creating these entries, it prevents several processes from being run which belong to antivirus suites, firewalls and even to other fake antivirus programs.

The following are some examples:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe
    Debugger = svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe
    Debugger = svchost.exe

 

Additionally, SecurityMasterAV attempts to remove entries from the Windows Registry belonging to several legitimate antivirus programs. If so, the computer would be unprotected and the only antivirus program in execution would be this fake antivirus.

Means of transmission 

SecurityMasterAV can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.

Further Details  

SecurityMasterAV is 189,440 bytes in size.