Security warning: Security Master AV

There's apparently a new virus on the block, and it's a particularly tricky one, as it poses as an anti-virus tool. There's quite a few recent posts about it floating around on the Internet, so we figured we would warn you through this channel as well.

There's a piece of software called "Security Master AV", which poses as an anti-virus package (and has been designed in such a way that it closely resembles the Microsoft Security tools), that will flash fake warnings about virus infections at you. The idea is that an unsuspecting user will think their normal anti-virus might have missed something. The program will make it look as if it offers better protection, and if as user falls for it and installs it, it will drop a bunch of files on their harddrive, start scanning, and then flag the newly dropped files as horrible nasty viruses.



You can recognise the fake anti-virus message by the name of the tool, as shown and highlighted in the screenshot above.

Naturally, the program will state it will not be easy to remove the viruses, but luckily, if the user upgrades to the full version of the software, the world will be safe once again. Truth is, if the user does fall for it, their money is gone, and this new anti-virus package itself is actually... a virus/trojan.

It will take steps to prevent you from being able to remove it, including renaming specific Windows programs that are meant to get rid of malware, and it will also hijack your browser so you will end up using a different search engine than normal. The idea there is most likely to serve you ads.


Removal instructions can be found here:

http://www.bleepingcomputer.com/virus-removal/remove-security-master-av

Basically, you will have to download and run MalwareBytes to get rid of all files dropped on your system by the virus. Finally, you will have to undo the damage to your hosts-file (which is how the browser-hijacking was done). In the case the virus blocks you from obtaining MalWareBytes, there's even a workaround offered as well, which tricks the virus by renaming the removal tool.


Should you have fallen for the scam, call your bank, and have them reverse the payment. For your own safety, have your credit card blocked and ask for a replacement one to prevent these criminals from using your card. Should you have used a common password (meaning you use it for other purposes as well) when you bought the software, please change your passwords immediately.