FacebookTwitterLinkedIn

Security Shield (2012)

Also Known As: Security Shield Rogue
Damage level: High

What is Security Shield (2012)?

Security Shield is a widely distributed fake antivirus program, derived from a previous version called MS Removal Tool. Distribution of this rogue program began in 2012, and when installed on your computer, it initiates a security scan and generates a large list of infections 'detected' on your system.

Your work will be constantly interrupted by warning messages reporting that your computer has virus infections and that you should purchase a license for Security Shield to remove them.

Security Shield 2012 fake antivirus program

When analyzing this program, we found no virus definition database or virus scan engine, clearly indicating that Security Shield is a fake security program created to sell you a useless license key. Do not purchase Security Shield, since this program was created by Cyber-criminals in order to trick you into divulging your banking information.

 Security Shield is an updated version of a widely distributed fake computer scanner. This rogue scanner imitates the checking of your computer for security threats and then displays fake results.

This is in order to convince you that your computer is highly infected with various malware. If, after a scan, you click the 'Remove' button, you are redirected to a payment site.

Do not enter your banking information when asked by Security Shield - this program is a scam. You will lose your money and your computer will remain infected.

This rogue scanner is distributed through misleading websites, and infection commonly occurs whilst downloading video codecs from rogue websites. When you enter such websites, you will see a video window with a large 'Play' button.

When you click this button, a pop-up window is displayed, suggesting that you have to download video codecs prior to watching the video. Rather than codecs, however, you will be downloading Security Shield.

To further scare you into believing that your PC is infected, Security Shield displays various security warning pop-ups. Do not be impressed by the professional appearance of this program, since this scanner was developed by Internet criminals with one intention - stealing money from your credit card account.

Remove Security Shield from your computer as soon as you notice it. Security Shield is a cleverly-designed fake antivirus program, which uses misleading strategies to sell a license.

Always carry out careful research before purchasing a security program to protect your computer, as Internet criminals release fake ones on daily basis. You could become the victim of a bogus program such as Security Shield.

This program does not actually check your computer for security infections, the process in merely imitated, and the list of security threats supposedly detected on your system is fake. This program is designed to scare you into believing that your PC is highly infected with spyware and then selling you a license key to remove them.

In fact, there is likely to be nothing wrong with your computer, apart from infection by the rogue antivirus program, Security Shield. Do not trust this program - the information displayed by this program is fake and you should remove Security Shield from your computer immediately.

Use the removal guide provided to remove this rogue antivirus program.

Update: The most recent name of this infection is System Care Antivirus. Instructions on how to remove this infection can be found here.

The following fake security warning messages are generated by Security Shield:

"Security Shield Security. Shield Firewall Alert. Security Shield has prevented a program from accessing the Internet. 'iexplore.exe' is infected by 'Trojan-Dropper.Win32.Agent'. This worm has to tried to use 'iexplore.exe' to connect to remove the host and send your credit card information."

"Security Shield Warning. Intercepting malicious software that may violate your privacy and harm your computer has been detected. Click here to remove now with Security Shield."

"Security Shield Warning. Spyware.IEMonster activity detected. This form of spyware attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other commonly used programs. Click here to immediately remove it with Security Shield."

           security shield warning messages                    security shield browser block message             

These security warning messages are fake. If you notice that your computer is infected with Security Shield you should remove it immediately. Follow this removal guide of Security Shield.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Automatic Security shield virus removal:

Before downloading the automatic remover, try entering this license key in the registration window (click the 'Register' button at the top of the main Security Shield window):
64C665BE-4DE7-423B-A6B6-BC0172B25DF2
It will not remove the infection, but will enable you to install the spyware remover

NOTE: Some spyware can block the downloading of spyware removers. If you cannot download it using the default location, try one of the alternative download locations below:

  • Location 1 (the file is renamed to "iexplore.exe", since most spyware does not block this file)
  • Location 2

If you cannot use your browser (Internet explorer, Firefox, Opera, Chrome)

Depending on the version of this infection, sometimes you will be unable to use your browser to download the removal software, or the browser will not work at all. If you have this problem, try the following:

Click Start then click Run. (Windows logo button on Win7/Vista)

In Windows XP, When the Run dialog appears enter this text: www.pcrisk.com/download-spyware-remover and then press ENTER. In Windows 7 and Vista you can just type this text directly in search field and press ENTER (when pressed Windows logo button)

manual download -XP

Manual download - Win7

After pressing enter, the file download dialogue of the spyware remover will appear. Click Run and follow the on-screen instructions to scan your computer.

Security Shield virus manual removal:

1. Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK.

During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

2. Download HijackThis and save it to your desktop. Some malicious programs are able to block HijackThis, so when you click the download link, in the Save dialog, rename HijackThis.exe to iexplore.exe and only then click the Save button.

After saving the file to your desktop, double click it. In the main HijackThis window click the “Do a system scan only” button. Select the following entries (place a tick at the left of the entries):

O4 - HKCU\..\RunOnce: [] %LocalAppData%\.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

After selecting the required entries, click "Fix Checked". After this procedure you can close HijackThis and proceed to the next removal step.

3. Download and install legitimate anti-spyware software to completely remove this infection.

NOTE: Some spyware can block the downloading of spyware removers. If you cannot download it using the default location, try one of the alternative download locations below:

  • Location 1 (the file is renamed to "iexplore.exe", since most spyware does not block this file)
  • Location 2

Other tools, known to remove Security Shield:

4. After removing Security Shield, reset your Hosts file. Do not skip this step, since this fake program modifies your Hosts file and you will encounter browser redirect problems.

The Hosts file is used to resolve canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious websites, despite observing legitimate URLs in the address bar.

It is difficult to determine if a website is genuine when the Hosts file is modified. To fix this, please download the Microsoft FixIt tool that restores your Hosts file to the Windows default.

Run this tool when downloaded and follow the on-screen instructions. Download link below:

You can also try this registration code 64C665BE-4DE7-423B-A6B6-BC0172B25DF2. After entering this code, Security Shield should stop displaying security warnings.

This might help with the removal process. This code disables Security Shield only temporarily, and therefore, after entering this code you should scan your computer with a legitimate anti-spyware program.

*If you cannot download anti-spyware software: Click on the download link, when the save dialogue opens, change the file name (example: when downloading mbam-setup.exe rename it to iexplore.exe).


*If you have installed an anti-spyware program but you cannot run it: Click Run, type %ProgramFiles% and press Enter. Open the folder of your anti-spyware program, search for the executable file and rename it.

(example: Open Malwarebytes’ Anti-Malware folder, right-click on the main executable file (mbam.exe) then click rename. Rename the mbam.exe file to iexplore.exe, winlogon.exe firefox.exe ..


*If you cannot access your anti-spyware software, try creating a new user account:
Click Start -> Settings -> Control panel.
Click User Accounts and create a new account.
Reboot your computer and login using a newly created user account.
*After this procedure, you should be able to access your anti-spyware programs. Update, and run a full system scan.

If you are unable to remove Security Shield, you can use these manual removal instructions. Use them at your own risk, since if you do not have strong computer knowledge, you could harm your operating system.

Use them only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these Security Shield processes:

[random].exe

Remove these Security Shield registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]"{jcomments on}

Delete these Security Shield files:

C:\Documents and Settings\[User]\Local Settings\Application Data\[random].exe

Security Shield is a fake antivirus program which tries to mimic a legitimate security program. When installed on your computer this program will set itself to run automatically on every system start-up.

Furthermore it will modify the registry of your operating system to block execution of legitimate Windows programs. Your browsers will also be hijacked by Security Shield, every time you try to browse the Internet you will be displayed a message which states - "Warning message from Internet browser.

This page under virus attack. This may crash your system." As the other warning messages this one is also false - Security Shield is trying to scare you into thinking that your computer is infected with high risk security threats.

All of these processes are generated and are fake, Internet criminals who created this fake program are trying to sell you a license for a totally useless security program. Security Shield is a widely distributed fake antivirus program, Cyber criminals are using various methods to spread their rogue program.

Your computer could have got infected with this fake security scanner while you were visiting misleading websites or you might have got tricked to install it by fake online security scanner pop-ups. You shouldn't trust Security Shield - this program has nothing in common with a real security program and should be removed from your computer.

Use the provided removal instructions to get rid of this rogue antivirus program.

Summary:

The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.

A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in fake antivirus distribution:

Fake pop-up used in rogue antivirus distribution example 1

Fake pop-up used in rogue antivirus distribution example 2

Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of security shield rogue and other rogue antivirus programs:

example of a webpage used to collect payments for fake antivirus programs

To protect your computer from security shield rogue and other rogue antivirus programs users should:

  • Keep their operating system and all of the installed programs up-to-date.
  • Use legitimate antivirus and anti-spyware programs.
  • Use caution when clicking on links in social networking websites and email messages.
  • Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.

Symptoms indicating that your operating system is infected with a fake antivirus program:

  • Intrusive security warning pop-up messages.
  • Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
  • Slow computer performance.
  • Disabled Windows updates.
  • Blocked Task Manager.
  • Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.

If you have additional information on security shield rogue or it's removal please share your knowledge in the comments section below.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Security Shield Rogue QR code
Scan this QR code to have an easy access removal guide of Security Shield Rogue on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.