Thursday, December 9, 2010

How to Remove Security Shield (Removal Guide)

Security Shield is a rogue anti-spyware program that gives exaggerated reports of infections on your computer. It performs a fake system scan and states that your computer is infected with trojans, adware, worms and other malicious software. After the fake scan it will prompt you to activate the program in order to remove supposedly found malware. If you choose to purchase this bogus program you will be redirected to a predefined web page and perform a payment transaction. Do not buy it; otherwise you will give your credit card details to cyber criminals. If you have this rogue program on your computer, please follow the step in the removal guide below to remove Security Shield for free using legitimate anti-malware software.

New graphical user interface (Security Shield 2011)


Old graphical user interface



(Thanks to rogueamp)

While Security Shield is running, it will display fake security warnings and notifications saying that malware is trying to steal your passwords and send them to a remote server. Some of the fake security alerts will display the following information:


Security Shield Warning
Spyware.IEMonster activity detected. This form of spyware attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other commonly used programs. Click here to immediately remove it with Security Shield.

Security Shield Warning
Intercepting malicious software that may violate your privacy and harm your computer has been detected. Click here to remove now with Security Shield.


Furthermore, Security Shield will block certain programs on your computer, e.g. task manager, command prompt, registry editor and security software saying that you have chosen to open a program which is infected and may cause serious problems. The fake warning that you will see when you attempt run a program is:
Security Shield
"taskmgr.exe" is infected with "Worm.Win32.Autorun.bnb". Do you want to register your copy and remove all threats now?


Security Shield may also hijack your web broswers and redirect you to various malicious websites full of adware and other malicious software. It also displays fake virus attack warning in Internet Explorer:



 SecurityShield is from the same family as Security Tool rogue. As you can see, Security Shield is is nothing more but a scam. If you have already purchased this bogus program, please contact your credit card provider and dispute the charges. Then please follow the removal instructions below to remove Security Shield from your computer. If you have any questions or additional information about this malware, please leave a comment. Good luck and be safe online!

Optional: You can use this serial 64C665BE-4DE7-423B-A6B6-BC0172B25DF2 to register Security Shield in order to stop the fake security alerts that are really annoying. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.


Security Shield removal instructions:

Download recommended anti-malware software (STOPzilla) to remove this virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Open Internet Explorer and download STOPzilla. Once finished, go back into Normal Mode and run it. That's It!

Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.


Alternate Security Shield removal instructions:

1. Delete Security Shield files manually. Go into:
  • C:\Documents and Settings\[User Name]\Local Settings\Application Data\ (Windows XP)
  • C:\Users\[User Name]\AppData\Local\ (Windows Vista/7)
Note: by default, Application Data folder is hidden. If you can't see such folder/files, please read Show Hidden Files and Folders in Windows

2. Find hidden executable file in this folder. In our case it was called ufoesziizo.exe, but I'm sure that the file name will be different in your case. Rename ufoesziizo.exe to ufoesziizo.vir and click Yes to confirm file rename. Then restart your computer.



3. Download recommended anti-malware software (STOPzilla) to remove this virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.


Security Shield associated files and registry values:

Files:

Windows XP:
  • C:\Documents and Settings\[User Name]\Local Settings\Application Data\[SET OF RANDOM CHARACTERS].exe
Windows Vista/7:
  • C:\Users\[User Name]\AppData\Local\[SET OF RANDOM CHARACTERS].exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"
Share this information with other people:

No comments:

Post a Comment