New graphical user interface (Security Shield 2011)
Old graphical user interface
(Thanks to rogueamp)
While Security Shield is running, it will display fake security warnings and notifications saying that malware is trying to steal your passwords and send them to a remote server. Some of the fake security alerts will display the following information:
Security Shield Warning
Spyware.IEMonster activity detected. This form of spyware attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other commonly used programs. Click here to immediately remove it with Security Shield.
Security Shield Warning
Intercepting malicious software that may violate your privacy and harm your computer has been detected. Click here to remove now with Security Shield.
Furthermore, Security Shield will block certain programs on your computer, e.g. task manager, command prompt, registry editor and security software saying that you have chosen to open a program which is infected and may cause serious problems. The fake warning that you will see when you attempt run a program is:
Security Shield
"taskmgr.exe" is infected with "Worm.Win32.Autorun.bnb". Do you want to register your copy and remove all threats now?
Security Shield may also hijack your web broswers and redirect you to various malicious websites full of adware and other malicious software. It also displays fake virus attack warning in Internet Explorer:
SecurityShield is from the same family as Security Tool rogue. As you can see, Security Shield is is nothing more but a scam. If you have already purchased this bogus program, please contact your credit card provider and dispute the charges. Then please follow the removal instructions below to remove Security Shield from your computer. If you have any questions or additional information about this malware, please leave a comment. Good luck and be safe online!
Optional: You can use this serial 64C665BE-4DE7-423B-A6B6-BC0172B25DF2 to register Security Shield in order to stop the fake security alerts that are really annoying. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.
Security Shield removal instructions:
Download recommended anti-malware software (STOPzilla) to remove this virus from your computer.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Open Internet Explorer and download STOPzilla. Once finished, go back into Normal Mode and run it. That's It!
Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
Alternate Security Shield removal instructions:
1. Delete Security Shield files manually. Go into:
- C:\Documents and Settings\[User Name]\Local Settings\Application Data\ (Windows XP)
- C:\Users\[User Name]\AppData\Local\ (Windows Vista/7)
2. Find hidden executable file in this folder. In our case it was called ufoesziizo.exe, but I'm sure that the file name will be different in your case. Rename ufoesziizo.exe to ufoesziizo.vir and click Yes to confirm file rename. Then restart your computer.
3. Download recommended anti-malware software (STOPzilla) to remove this virus from your computer.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
Security Shield associated files and registry values:
Files:
Windows XP:
- C:\Documents and Settings\[User Name]\Local Settings\Application Data\[SET OF RANDOM CHARACTERS].exe
- C:\Users\[User Name]\AppData\Local\[SET OF RANDOM CHARACTERS].exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"
No comments:
Post a Comment