Security Shield Virus Removal Guide

This post is also available in: Spanish

Security Shield is a false security client.  This malicious software will prevent legit programs like the Task Manager and other real security software from running.  Security Tool is a clone of Security Tool, Smart Security, System Tool and Total Security 2009.

On June 9th 2011 a newer version called Security Shield 2011 came out.  This threat is similar to the one shown in this guide.  Basically it's a clone so either guide should still work for you.

If Security Shield becomes as prevalent as Security Tool than this virus will infect tens of millions of people if not hundreds of millions of people.  In 2010 Security Tool was the most common rogue security client to hit the market.  It looks like this clone may just be the replacement of that fake security client.

Some of the FAKE warning messages you may see:

Intercepting malicious software that may violate your privacy and harm your computer has been detected. Click here to remove now with Security Shield.

Spyware.IEMonster activity detected. This form of spyware attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other commonly used programs. Click here to immediately remove it with Security Shield.

Some of the important system files on your PC were modified by malicious software. It may cause system crashes and data losses.
Click here to prevent non-authorized changes and remove threats (Recommended)

Security Shield Firewall Alert
Security Shield has prevented a program from accessing the internet.
“iexplore.exe” is infected “Trojan-Dropper.Win32.Agent”. This worm has to tried to use “iexplore.exe” to connect to remove host and send your credit card information

Security Shield

Security Shield

» Download Security Shield Removal Software

As soon as you find a copy of Security Shield on your computer, you should take steps to remove Security Shield. Security Shield removal is a process which involves stopping the main executable and after that you delete it as well as other traces in the registry and in temp file locations

Remove Proxy Setting so You Can Connect to the Internet Again. ( MAY NOT BE NEEDED )

Proxy Settings

The above video is for Internet Explorer.  Chrome users should follow the video as well because Chrome uses the same settings.  For Firefox users please read the manual guide under the How to Guides section.  There is a manual guide for IE there as well.

Security Shield Removal Video

Security Shield

» Download Security Shield Removal Software

Security Shield Manual Removal Procedures

1.The first step you must take in order to remove Security Shield is to stop the following processes. Your traces will NOT be the same as bellow. They will be unique to your computer.

  • random-6 to 10 digit number.exe

  • HINT: The random folder may look similar to 54066343254.exe or six to ten charecters in lenth

To stop the above processes we recommend you do one of the following

1A. Open up the Task Manager and terminate the above executable.

1B. Right click on the Security Shield icon on the desktop and select properties. Now copy the file path on your computer and than re-name the executable and re-boot your computer. After you re-boot you should be able to delete the file.

1C. Browse to

XP

  • C:\Documents and Settings\YOUR USER NAME\Local Settings\Application Data\random-6 to 10 digit number.exe

Vista / Windows 7

  • C:\Users\Jacob\AppData\Local\random-6 to 10 digit number.exe

The next step in Security Shield removal is to delete the following file:

  • random-6 to 10 digit number.exe
  • c:\programdata\microsoft\Windows\start menu\Programs\security shield.lnk

Once the above steps have been completed, Security Shield should no longer be running. At this time you need to run a FULL VIRUS SCAN. Don't skip this step.

Security Shield Registry Removal Proedures

Removing files and folders alone is not sufficient to completely remove Security Shield. The following keys and settings should also be removed from the Windows registry to complete Security Shield removal:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Shield

Security Shield Directories:

Windows XP

  • None at this time however it may change to the below directory
  • %Documents and Settings%\All Users\Application Data\local\[random]\

Windows Vista/7:

  • None at this time however it may change to the below directory
  • C:\Users\USER NAME\AppData\local\RANDOM\

Outside Resources:

http://malwaretips.com/blogs/security-shield-virus/

https://community.mcafee.com/thread/48217

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.