Rogue software details: Security Master AV

Security Master AV is a rogue security application. In order to remove it, find out what files and registry entries to look for below.

Known system changes:

Files
c:\ApplicationData\Microsoft\Internet Explorer\Quick Launch\
Security Master AV.lnk
c:\StartMenu\Security Master AV.lnk
c:\StartMenu\Programs\Security Master AV.lnk
c:\Desktop\Security Master AV.lnk

Folders
c:\ApplicationData\Security Master AV

Registry entries
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run
Value: Security Master AV
Data: “C:\Documents and Settings\All Users\Application Data\
90d03a6\SM90d0.exe” /s /d
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
Value: C:\Documents and Settings\All Users\Application Data\
90d03a6\SM90d0.exe
Data: C:\Documents and Settings\All Users\Application Data\90d03a6\SM90d0.exe:*:Enabled:Security Master AV
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
Value: C:\Documents and Settings\All Users\Application Data\
90d03a6\SM90d0.exe
Data: C:\Documents and Settings\All Users\Application Data\90d03a6\SM90d0.exe:*:Enabled:Security Master AV

Source: Lavasoft Malware Lab’s Rogue Gallery.