Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Rogue Anti-Virus Program Windows Antivirus Master

Windows Antivirus Master

By ESGI Advisor in Rogue Anti-Virus Program
Translate To:
English

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 7
First Seen: February 7, 2014
Last Seen: August 21, 2019
OS(es) Affected: Windows

Windows Antivirus Master Image

Windows Antivirus Master is a rogue security application classified as a member of the FakeVimes family of threats. Windows Antivirus Master is used to trick inexperienced computer users by making them believe that there are numerous threats installed on their computers. Using Windows Antivirus Master, its creators may profit by convincing computer users to pay for a 'full version' of Windows Antivirus Master. If Windows Antivirus Master is installed on your computer, it is imperative that you remove Windows Antivirus Master immediately. Computer users should understand that Windows Antivirus Master is not a legitimate security program. Windows Antivirus Master does not possess the skills to find or disable threats and is, in reality, a kind of threat itself. Because of this, a real security application should be utilized to erase all traces of Windows Antivirus Master from the infected computer.

Windows Antivirus Master – Not an Anti-Virus, Much Less a Master

Windows Antivirus Master is part of a misleading practice that has been in use for an extended period of time. In fact, rogue security programs like Windows Antivirus Master and its clones are among the most well used threats of all time. Some of Windows Antivirus Master's clones are Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst. The Windows Antivirus Master strategy typically follows the progression listed below:

  1. Windows Antivirus Master may enter a computer often using threat distribution methods such as corrupted email attachments, attack websites or social engineering.
  2. Once installed, Windows Antivirus Master makes harmful changes to the victim's computer's settings. These changes allow Windows Antivirus Master to start up automatically, interfere with other software and display bogus error messages.
  3. Windows Antivirus Master will try to convince computer users that their machines are severely infected with threats. To do this, Windows Antivirus Master will spam the computer user with numerous bogus error messages and will also display a fake system scan.
  4. If computer users try to use Windows Antivirus Master to fix these supposed problems, they are misdirected to a Web page where they are asked to pay for a 'license' to use Windows Antivirus Master. Security experts strongly counsel against acquiring Windows Antivirus Master, since Windows Antivirus Master is a fake security program with no capacity to detect or remove threats.

SpyHunter Detects & Remove Windows Antivirus Master

File System Details

Windows Antivirus Master may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. svc-gjvv.exe 8d28b266c35fc9028ab2266d1a973078 2
2. %AppData%\data.sec
3. %AppData%\svc-[RANDOM CHARACTERS].exe

Registry Details

Windows Antivirus Master may create the following registry entry or registry entries:
HKEY..\..\{CLSID Path}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd "ImagePath" = "123123.sys"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bckd
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PrSft"=%AppData%\svc-[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
File name without path
Windows Antivirus Master.lnk

Messages

The following messages associated with Windows Antivirus Master were found:

Error System data security is at risk! To prevent potential PC errors, run a full system scan.
Error Trojan activity detected. System integrity at risk. Full system scan is highly recommended.
Firewall has blocked a program from accessing the Internet C:\Program Files\Internet Explorer\iexplore.exe is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Related Posts

Trending

Most Viewed

Loading...