Security Shield (2012)

Security Shield - How to remove?

Security Shield is a widely distributed fake antivirus program, previous version of this fake security scanner was called MS Removal Tool. Distribution of this rogue program continues in year 2012. When installed on your computer this rogue program will initiate a security scan and will generate a big list of infections detected on your system. Your work will be constantly interrupted by warning messages stating that your computer has virus infections and that you should purchase a licence for Security Shield to remove them.

When analyzing this program we couldn't find a virus definition database or a virus scan engine, this fact clearly shows that Security Shield is a fake security program created to sell you it's useless licence key. You shouldn't purchase Security Shield, this program was created by Cybercriminals to trick you into giving away your banking information.

Security Shield is a renewed version of a widely spread fake computer scanner. This rogue scanner pretends to check your computer for security threats and then displays fake results. This is done to make you believe that your computer is highly infected with various malware. If after a scan you click "Remove" button you will be redirected to payment site. Don't enter your banking information when asked by Security Shield - this program is a scam. You will lose your money and your computer will still be infected. This rogue scanner is distributed through misleading websites. Most commonly you will get infected with this fake scanner while downloading video codecs from rogue websites. When you enter such website you will see a video window with a big play button, when you click the play button a pop-up window will be displayed saying that you have to download video codecs prior to watching the video. Instead of the codecs you will download Security Shield. To further scare you into thinking that your PC is infected Security Shield will display various security warning pop-ups. Don't be impressed by the professional looks of this program, this scanner was developed by Internet criminals with one intention - stealing money from your credit card account. Remove Security Shield from your computer as soon as you notice it. Security Shield is a cleverly designed fake antivirus program which uses misleading strategies to sell it's licence. You should always do some research before purchasing a security program to protect your computer, Internet criminals are releasing fake ones on daily basis and you could easily become a victim of such bogus program as Security Shield. This program doesn't actually check you computer for security infections, this process in only imitated, the list of security threats detected on your system is fake. This program is designed to scare you into thinking that your PC is highly infected with spyware and then selling you  licence key to remove them. The truth is that there's nothing wrong with your computer apart that it's has bin infected with a rogue antivirus program called Security Shield which is imitating a legitimate security program. You shouldn't trust this program, all the information displayed by this program is fake - you should remove Security Shield from your computer as soon as you notice it in your PC. Use the provided removal guide to get rid of this rogue antivirus program.

Such fake security warning messages are generated by Security Shield:

"Security Shield Security Shield Firewall Alert Security Shield has prevented a program from accessing the Internet. “iexplore.exe” is infected “Trojan-Dropper.Win32.Agent”. This worm has to tried to use “iexplore.exe” to connect to remove host and send your credit card information"

"Security Shield Warning Intercepting malicious software that may violate your privacy and harm your computer has been detected. Click here to remove now with Security Shield"

"Security Shield Warning Spyware.IEMonster activity detected. This form of spyware attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other commonly used programs. Click here to immediately remove it with Security Shield"

All of these security warning messages are fake. After you have noticed that your computer is infected with Security Shield you should remove it immediately. Follow this removal guide of Security Shield.

Automatic Security shield removal:

Before downloading automatic remover, try entering this license key in registration window (Click "register" button at the top of the main Cecurity Shield window):
64C665BE-4DE7-423B-A6B6-BC0172B25DF2
It will not remove the infection, but will enable you to install spyware remover

remover for Security Shield

NOTE: Some spyware can block downloading spyware removers. If You can't download it using default location, try one of the alternative download locations below:

• Location 1 (The file is renamed to "iexplore.exe" because most of spyware doesn't block this file)
• Location 2

If you can't use your browser (Internet explorer, Firefox, Opera, Chrome)

Depending on the version of this infection, sometimes you can't use your browser to download removal software or the browser doesn't work at all. If you have this problem, you may try to do the following:

Click Start then click Run. (Windows logo button on Win7/Vista)

In Windows XP, When the Run dialog appears enter this text:  www.pcrisk.com/download-spyware-remover and then press ENTER. In Windows 7 and Vista you can just type this text directly in search field and press ENTER (when pressed Windows logo button)

After pressing enter, File download dialog of spyware remover will appear. Click Run and follow the on-screen instructions to scan your computer.

Security Shield manual removal:

1. Load your computer in safe mode with networking. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.

2. Download HijackThis and save it on your desktop. Some malicious programs are able to block HijackThis so when you click the download link, in the Save dialog rename HijackThis.exe to iexplorer.exe and only then click the Save button. After saving the file on your desktop, double click it. In the main HijackThis window click “Do a system scan only” button. Select these entries (place a tick at the left of the entry):

O4 - HKCU\..\RunOnce: [<random characters>] %LocalAppData%\<random characters>.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>

After selecting required entries, click "Fix Checked". After this procedure you can close HijackThis and proceed to the next removal step.

3. Download and install a legitimate anti-spyware software to completely remove this infection.

remover for Security Shield

NOTE: Some spyware can block downloading spyware removers. If You can't download it using default location, try one of the alternative download locations below:

• Location 1 (The file is renamed to "iexplore.exe" because most of spyware doesn't block this file)
• Location 2

Other tools, known to remove Security Shield:

• iS3 STOPzilla
• Malwarebytes Anti-Malware

4. After removing Security Shield reset your Hosts files. Don't skip this step, this fake AV modifies your Hosts files, and you will encounter browser redirect problems.

Hosts file is used to resolve some canonical names of websites to ip addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft FixIt tool, that restores your hosts file to windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:

You can also try this registration code 64C665BE-4DE7-423B-A6B6-BC0172B25DF2. After entering this code Security Shield should stop showing security warnings. This could help you in the removal process. This code disables Security Shield only temporary, after entering this code you should scan your computer with a legitimate antispyware program.

*If you can't download anti-spyware software: Click on the download link, when the save dialog opens change the file name (example: when downloading mbam-setup.exe rename it to iexplore.exe).
*If you have installed anti-spyware program but you can't run it: Click Run, type %ProgramFiles% and press Enter. Open folder of your anti-spyware program, search for executable file and rename it. (example: Open Malwarebytes’ Anti-Malware folder, right-click on the main executable file (mbam.exe) then click rename. Rename the mbam.exe file to iexplore.exe, winlogon.exe firefox.exe ...
*If you can't access your anti-spyware software, try creating a new user account:
Click Start -> Settings -> Control panel.
Click User Accounts and create a new account.
Reboot your computer and login using a newly created user account.
*After this procedure you should be able to access your anti-spyware programs. Update and run a full system scan.

Additional information:

Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.

General tips on removing Security Shield:

Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.

Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.

Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, uncheck it and press OK.

After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program. Then run a full system scan.

If you are unable to remove Security Shield, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these Security Shield processes:

[random].exe

Remove these Security Shield registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]"

Delete these Security Shield files:

C:\Documents and Settings\[User]\Local Settings\Application Data\[random].exe

Security Shield is a fake antivirus program which tries to mimic a legitimate security program. When installed on your computer this program will set itself to run automatically on every system start-up. Furthermore it will modify the registry of your operating system to block execution of legitimate Windows programs. Your browsers will also be hijacked by Security Shield, every time you try to browse the Internet you will be displayed a message which states - "Warning message from Internet browser. This page under virus attack. This may crash your system." As the other warning messages this one is also false - Security Shield is trying to scare you into thinking that your computer is infected with high risk security threats. All of these processes are generated and are fake, Internet criminals who created this fake program are trying to sell you a licence for a totally useless security program. Security Shield is a widely distributed fake antivirus program, Cyber criminals are using various methods to spread their rogue program. Your computer could have got infected with this fake security scanner while you were visiting misleading websites or you might have got tricked to install it by fake online security scanner pop-ups. You shouldn't trust Security Shield - this program has nothing in common with a real security program and should be removed from your computer. Use the provided removal instructions to get rid of this rogue antivirus program.