Security Shield

Security Shield is a rogue anti-virus program that aggressively displays reports of fake security threats found on the computer. This malware also issues pop-up false alerts and warning messages to make computer users believe that the system is under virus attack. Other than that, Security Shield malware runs a scan on every Windows start-up. This scan mimics the actions of genuine antivirus program; however, results you may see on this fake tool are false.

Security Shield is known to propagate by means of a Trojan and fake security web sites. It also disguises as a required player on fake multimedia web sites that prompts visitors to download and install it to be able to view online video. This player is actually fake and has an embedded Security Shield installer in it. When executed on the system, this rogue program will modify system registry to be able to run itself automatically together with Windows. This process can make Security Shield to over-power any installed anti-virus software. Worst, you antivirus program may stop responding.

Its presence on one’s computer will force user to obtain the registered version. It will keep on displaying alerts and messages about system errors and detected threats. Some of these fake warnings contain these messages:

“Security Shield Firewall Alert
Security Shield has prevented a program from accessing the internet.
“iexplore.exe” is infected “Trojan-Dropper.Win32.Agent”. This worm has to tried to use “iexplore.exe” to connect to remove host and send your credit card information.”

“Security Shield
“cmd.exe” is infected with “Worm.Win32.Autorun.bnb”. Do you want to register your copy and remove all threats now?”

These reports are just imaginary and do not really exists on the computer. Getting the licensed version of Security Shield will not help in solving computer issues. To stop these annoyances and completely remove Security Shield, we advise victims to download and use only legitimate and trusted security products. A combination of anti-virus and anti-malware can fully locate and delete system files dropped by Security Shield infection.

TypeRogue
Sub-TypeFakeAV
OS AffectedWindows

What are the Symptoms of Security Shield Infection?

Screen Shot Image of Security Shield

It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Shield”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Shield
HKEY_LOCAL_MACHINE\SOFTWARE\Security Shield
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “(random)”

The threat will drop the following malicious files:
%System Root%\Samples
%User Profile%\Local Settings\Temp
%Program Files%\Security Shield
%Program Files%\Security Shield
C:\ProgramData\[random numbers]\
%Documents and Settings%\All Users\Start Menu\Programs\Security Shield
%Documents and Settings%\All Users\Application Data\Security Shield
doguzeri.dll
(random).exe
(random).cfg

How to Remove Security Shield Manually

1. Restart your computer in SafeMode
- Press F8 on keyboard as soon as you turn on the computer
- Select SafeMode to start the computer loading only minimal resources

2. Delete Windows registry entries the malware created. It is important to BACKUP YOUR REGISTRY FIRST.
- On Windows Start Menu, Click Start > Run
- Type in the field, regedit
- Find registry entries mentioned above and delete if necessary

3. Files related to Security Shield must be deleted:
- Browse and delete malicious files detected above.
- Some files cannot be deleted instantly. Press Ctrl+Alt+Del to open Windows Task Manager, look for any virus-related files mentioned on this page and highlight it, click End Process. Try to delete the file once more.

4. Run Antivirus Program
- You must be connected to Internet to be able to update your anti-virus program. This is needed to have the latest database available and detect newer threats.
- Thoroughly scan the computer and clean or delete all detected threats.

How to Easily Remove Security Shield

1. Print this procedure as we need to close all running programs later.
2. Download AntiMalware Application here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exe to start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
- Update the program
- Launch the program

7. The tool will run and update itself after installation. Close it after the update.

8. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

9. Click on the icon and start to Perform Full Scan to begin scanning your computer for Security Shield related files.
10. After scanning, a message will appear stating that the scan is completed successfully. Click OK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit AntiMalware Apps and restart your computer.

14. Security Shield and all its files are now removed from your computer. To guard your computer from this threat and avoid future infections, you may want real-time protection from a full version of anti-malware program..

Leave a Reply

Your email address will not be published. Required fields are marked *

(Required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>