Security Shield 2011 Removal

This post is also available in: Spanish

What is Security Shield 2011?

Security Shield 2011 also known as simply Security Shield is a false anti-virus client. These kinds of programs are known as malware. The sole purpose of this program is to get the infected user to purchase the client. This is done by showing false scans showing your computer to be infected and by showing scary messages like your data is being hacked and your banking info is being sent out.

 How Did I get infected with Security Shield 2011?

In our testings we only got infected on our test computer from actually installing the client. It was maskerading as a video update. In many cases users may be tricked into intalling the software thinking it is a video update, security update and the like.

I’m sure there are other ways Security Shield is getting installed on users computers. It’s not uncommon for drive by downloads to occur where a user is infected through a security hole on their computer. This is were anti-virus software is supposed to kick in and stop the virus from installing.

What is Security Shield 2011 Doing to My Computer Right Now?

The good news out of all this is none of your personal files nor personal information seems to be at rick off the bat with this malware. It basically will hold your computer for ransom by not allowing you to use programs on the computer and constantly anoying the hell out of you with it’s bogus error messages. Of course all this can change over time and you may have other infections like a bot or banker trojan that is trying to steal information and your passwords. This is why you should STRONGLY consider removing this virus ASAP.

Security Shield 2011

Security Shield 2011

» Download Security Shield 2011 Removal Software

What Do I Do To Remove Security Shield 2011?

Simple. Well kind of simple for a savvy computer user. Just follow our manual Security Shield removal guide below. It should work well for you. If you have problems just post a question in the comment section.

Automatic Security Shield 2011 Virus Removal

SpyHunter DownloadSpyHunter is very user friendly, providing you with a simple interface that will allow you to properly understand the options and functions available. SpyHunter succeeds at both cleaning your already infected computer from viruses and to prevent virus infections in the future. Simply put IT WORKS!

SpyHunter Download

 

 

Online Security Shield 2011 Virus Removal Service

Computer RepairDo you need Expert Help! PCNinja.com has experts standing by that can fully remove Security Shield 2011 from your computer. Based in the U.S.all repairs are down by certified computer repair experts. They have fixed thousands of computers over the years and RemoveVirus.org is proud to recommend this U.S. based company to service your computer. Visit http://www.pcninja.com or call 1-888-392-2785

8am-10pm PST


Remove Proxy Setting so You Can Connect to the Internet Again. Some need this some do not.

Proxy Settings

Security Shield | Security Shield 2011 Removal Video for Windows 7 and Vista. Works for XP as well but you will need to use the manual guide to locate the file paths.

This text will be replaced

 

Security Shield 2011 Manual Removal Procedures

The first step you must take in order to remove Security Shield 2011 is to stop the following process. Watch the video for guidance.

  • Security Shield.exe ( This file name will mutate and change over time. Expect your file name to be different )

Know File Path Locations

XP

  • C:\Documents and Settings\[Username]\Application Data\

    C:\Documents and Settings\YOUR USER NAME\ApplicationData\Local\Temp\

Vista / Windows 7: One of the below

  • c:\users\[username]\AppData\local\
  • C:\Users\YOUR USER NAME\AppData\Local\Temp\
  • C:\Users\[Username]\AppData\

To Stop this process you can

A. Browse to the file location shown below and re-name the file first and then restart your computer. Then browse to that file location again and delete the file. Take note that you can sort the files by date and help rule out most files and folders. Chances are you will only have a few files that appear within the date range you first became infected.

B.  Boot into Safe Mode and delete the file

C:  Use the Task Manager  to find the location of the file and re-name it then delete after re-boot. Most people will have this disabled and not working. However some users can use it the very second you log into the operating system. You have about 10 seconds to locate the file before the Task Manager will close.

D:  Log-into another users account and see if you can delete the file.

E:  Start the Task Manager the very second you login and terminate the process that way.

The next step in Security Shield 2011 removal is to delete the following file. You NEED to re-boot your computer first if you re-named the file as you can not remove a file that is running.

If you are unable to find the Executable you need to delete then you should boot into safe mode with Networking and install the SpyHunter Client and run a full scan.

KNOWN LOCATIONS OF THIS VIRUS

XP

  • C:\Documents and Settings\All Users\Application Data\

Vista / Windows 7:

  • c:\users\[username]\AppData\\Security Shield 2011\
  • C:\Users\YOUR USER NAME\AppData\Local\Temp\
  • C:\Users\[Username]\AppData\

Be sure to run a full virus scan once you are done. This ensures you have gotten all the virus traces and that you have no other malware on your computer.

Security Shield 2011 Registry Removal Procedures

Editing the Windows Registry is not recommended for most users. One little slip and you can kiss your operating system good by. It’s better to just let antivirus software repair and edit the rgistry. You may also want to consider using the PC Health Advisor Trial Here to clean out the registry and scan for other malware.

Here are the registry traces for your refference only. Please help update these traces by posting a comment below

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Security Shield 2011
  • HKEY_CURRENT_USER\Software\Security Shield 2011
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Manager”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Shield 2011?
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Security Shield 2011
  • HKEY_CURRENT_USER\Software\Security Shield 2011
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform “(Default)” = ”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Shield 2011”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Shield 2011 Security”

Security Shield 2011 Directories:

XP

  • C:\Documents and Settings\All Users\Application Data\

Windows 7 / Windows Vista

  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Security Shield 2011.lnk
  • %AppData%\Security Shield 2011\
  • %AppData%\Security Shield 2011\IcoActivate.ico
  • %Temp%\ ( REMOVE ALL TEMP FILES )
  • %UserProfile%\Start Menu\Programs\Security Shield 2011.lnk
  • %StartMenu%\Programs\Security Shield 2011\
  • %StartMenu%\Programs\Security Shield 2011\Activate Security Shield 2011.lnk
  • %StartMenu%\Programs\Security Shield 2011\Help Security Shield 2011.lnk
  • %StartMenu%\Programs\Security Shield 2011\How to Activate Security Shield 2011.lnk
  • %StartMenu%\Programs\Security Shield 2011\Security Shield 2011.lnk

Outside Resources:

http://answers.yahoo.com/question/index?qid=20110613210107AAA1flO

  • Moira

    I tried to close it and then delete it but it would not let me. I tried going to another useder’s account and that did not work ether. Last night I tried using safe mod (before I found this sight) but again no luck. It refuses to delete but I also don’t have it as a green shield (it is a green recycleing bin. I am using Windows 7. I use MBam for free. Please try and help! In order to come here I have to use my brothers computer.

    • Rasec Sorcerer

      Did you terminate it first?

      • Anonymous

        Also good to terminate first if you can.

  • http://www.facebook.com/Deaacoonnn Elliott Bennett

    I seem to have got rid of the virus because its letting me open up stuff now but I have no money to buy Stopzilla or Spyware Doctor but im currently using the free scan from Spyware Doctor. Will it be okay to leave it after the scan or will I have to do something about it?

  • Toneyj22

    Really good tutorial. I found the virus as rzzdqig.exe on my windows 7 box.

    • Fincit

      What do you mean “box”? I cannot find the virus and need help to locate the file that most other people seem to be able to find quite easily.

  • Em

    Thank you very much, it worked well for me. But the file’s icon was not a green shield, it was a kind of red “D” on a dark grey background.
    But it was last modified today, it was under AppData/Local and it had a weird name like eernaaakdj, so I renamed it, I rebooted my computer, I deleted it worked! Thanks a lot.

  • Em

    Thank you very much, it worked well for me. But the file’s icon was not a green shield, it was a kind of red “D” on a dark grey background.
    But it was last modified today, it was under AppData/Local and it had a weird name like eernaaakdj, so I renamed it, I rebooted my computer, I deleted it worked! Thanks a lot.

  • Scarscream

    thank you so much, you guys are lifesavers

  • Pennokee

    Help I can’t find the file

    • Anonymous

      As the bottom of the guide states. Please enter more information so we can help.

  • Ozzy_griffith

    thanx man i found that son of a bitch on my computer u guys are lifesavers for real

    • Rasec Sorcerer

      Language please.

  • Don

    Take this crap off on my computer,I didn’t ask for it and it is jaming up my computer! This must be illegal and I will file a complaint to the proper authority if you don’t!

    • Anonymous

      RemoveVirus.org is a Virus Removal website. We have several volunteers who donate hours of their time each week to help people remove virus infections. We do not create or distribute viruses. Read the virus removal guide to learn how you can remove this virus from your computer. I even spent hours tracking down this virus and create a video showing you how to remove this threat. Please read the guide before flaming.

      • Rasec Sorcerer

        About the illegal thing, why isn’t Security Shield illegal? Does it really take out viruses if you buy it?

    • Anonymous

      RemoveVirus.org is a Virus Removal website. We have several volunteers who donate hours of their time each week to help people remove virus infections. We do not create or distribute viruses. Read the virus removal guide to learn how you can remove this virus from your computer. I even spent hours tracking down this virus and create a video showing you how to remove this threat. Please read the guide before flaming.

  • Kim

    My task manager does not show a description only image name?

    • Anonymous

      So what is your question? If you are asking should a description be there the answer is, It does not matter.

      • Kim

        I can not find the file..where the video says the description is the same as the image name in the task manager.

        • Kim

          I have XP and am having trouble finding it…Thanks

  • Rasec Sorcerer

    I looked at the video you have posted about Security Shield on Youtube. You explained it very concisely, and I congratulate you on that. However, when I opened my Task Manager, there was no 6-10 digit number. I searched on every possible option on the Task Manager, and it wasn’t there. I set the option for showing the hidden files and what was running on every account, and still, likewise happened. So, I did the other option that was for XP users. I do have a Vista, but I had no other option. After doing the steps the video showed, I found a file that had been recently used the day this all happened. Apparently, the same file name was running on the Task Manager. I terminated it, and the Security Shield went away. I afterwards deleted it. What happened to me was similar to what happened to Em. However, I have a question: did I do the right thing? After all, what I deleted did not have the Security Shield Logo, and there was no such thing on the App Data folder with the logo. Did I do it correctly?

    • Anonymous

      Sounds like you did the right thing

    • Rasec Sorcerer

      Why thank you.

  • Spartacles

    Excellent guide. Easy to follow, easy to delete.

  • Monty103

    i have the security shield virus on my other laptop and ive watched the help video and i cant find security shield when i search for it in the start menu and it wont let me use the task manager what should i do?

    • Anonymous

      What have you done already in the guide? Did you check the folder paths?

      • Monty103

        i have already deleted it now but i didnt have an antivirus before i got the virus and now i cant connect to the internet

        • Anonymous

          Did you already reset your proxy like the guide says? Easy way to do this is just reset IE.

  • Nicholas Haase

    does windows defender work to remove this

    • Anonymous

      Have not tested Windows Defender against it.

  • Jo

    Thanks, this really helped!! Sidenote: my shield wasn’t green it was black in the appdata file

  • Bronagh

    I tried to follow the guide (using W7) but when I went to go AppData file, it isn’t there. I also searched for Security Shield in my programs but it’s not there either. Help?

    • Anonymous

      Doing a search for Security Shield is pointless as it will not be named that. Also AppData is not a file, it’s a folder. To see the folder you should un-hide hidden files and folders to be able to browse to it. Or just manually type in the folder folder to the AppData. Will look like C:UsersJacobAppData except with your user name.

  • http://www.facebook.com/people/Cullen-Flake/100000712486275 Cullen Flake

    Yes, it works!!! I will be buying one of the recommended virus scans

    • Anonymous

      Thank you. You purchase of any of the recommended products helps to keep the virus removal guides coming.

  • Rebecca Luo

    Security shield wouldn’t let me start the task manager, so I tried searching the file in my computer and no matches were found! I tried multiple times and checked the spelling I don’t know what to do! please help

    • Anonymous

      What are you searching? The virus name mutates and changes for every user. Best thing to do is browse to the file paths shown in the guide. C:UsersJacobAppDataLocal or C:UsersJacobAppData . from there you can sort the files by date. You should only see a few files from around the date you were infected. Chances are one of them is named similar to jh34jh53jh45.exe . Basically just giberish. Re-name that file and re-boot.

  • http://www.facebook.com/jennyflake Jenny Lewis Flake

    @ Rebecca – The same thing happened to me. Restart your computer and when it pulls up hit ctrl, shift, esc at the same time and the task manager should stay up.

    • Rebecca

      thank you so much! but when I look at the processes and find matching or similar image name and description it doesn’t have the same location (I know it’s t not security shield). Is there a specific image name it has, or is it all random?

      • Anonymous

        All Random. However a better way to do this is to browse to the folder it’s most likely in and sort the files by date. From there you should be able to identify what the threat is. See one of my replies just a few seconds ago for more details.

  • http://www.facebook.com/jennyflake Jenny Lewis Flake

    I am curious on why the video shows that a commission is earned with Stopzilla but all I see advertised on the site now is Spyware Doctor?? I guess I’ll lean to Spyware Doctor.

    • Anonymous

      It’s because Stopzilla pissed me off. Plain and simple don’t want to recommend them out. SDA I feel is a better client anyways so that is what I’m sticking with recommending.

  • Joe Kick-Ass

    Thank you for removing one of the sources of frustration in my now slightly less miserable existence!

  • Petr

    I have XP operating system and i cant find a way to locate the virus in the first step do you have any suggestions?

    • Anonymous

      Did you already look in the folder that is shown in the guide? IF so please copy the path in here so I can take a look at it to ensure you are looking in the right direction.

  • Yangzan

    I have a security threat and tried to remove it but i can’t open the security sheild menu. I type in my “Start” for search but can’t find it.

    • Anonymous

      Don’t know what you mean by Security Shield menu. You do not need to go into that program to remove it. Doing a search is more or less useless as the name always changes. You can do a search for all .exe files and sort by date. From there you can see which .exe files match the day you were infected and remove / rename it from there. Other wise your best bet is to just follow the guide and browse to the correct folder and remove it from there.

  • Rocky

    Hi, I am trying to locate the folder to rename it and I do not see it anywhere. I have already selected the option to view hidden folders. I’m at the step where I go to my C: doc & settings , user folder, local settings, and app data there are a couple of other folders and a couple of icons but I do not see Security Shield. Help please!

    • Rocky

      Oh! I’ve found two black shields ! Didn’t know that was it slipped my mind ^.^

      • Anonymous

        Rock on Rocky!

    • Anonymous

      It will not be named security shield. Sort the files by date and you should vastly narrow down the file that it could be as you should know roughly the day you got infected. From there it’s normally easy to pick out the correct file and delete / rename it.

  • Mbmarweg

    The YouTube video worked wonderfully!! Removed the virus in NO time!! Thumbs up!

    • Anonymous

      I found the videos really help people. I get hate mail about them as well but for the most part they have many fans.

  • Paul

    Awesome. Done. Thanks for giving me my evening back…

    • Anonymous

      Glad we were able to help sort your issue. If you have not already please like the page so others know the guide can be trusted.

  • Fincit

    I cannot find the shield icon/file in “local” or “roaming”. Where could it be. Is it definitely a shield icon? Or could it be a DAT file or a Configuration settings? I am stuck right now…

    • KW

      on mine it’s rfihn in appdata local- the icon is not a shield, it’s some little brightly colored square.

      • Anonymous

        The virus changes and mutates all the time. Think of the guide more as a master guide for removing this threat then an exact guide.

    • Anonymous

      what is your OS

      Have you looked at
      XP: c:Documents and settingsusernameLocal SettingsApplication Data
      Win 7 / Vista: C:Users[Username]AppDataLocal

  • Anonymous

    I have windows XP and I found the files by searching for all *.exe files created at the same date as the malware was installed. I found the files in the directory c:Documents and settingsusernameLocal SettingsApplication Data Trying to find the files by filename is not possible, since they seem to have different names each time.

    • Anonymous

      Love it. Thanks for the tip. This is a great idea people. Use it!

  • Jonesn54

    Windows 7, booted into safe mode and I was able to use COMBOfix to remove this with no problem.

    • Anonymous

      FYI: Combofix should be used more as a last result. In 3% of cases it can cause your os / files to become corrupt.

  • InfectedOne

    I was surprised to become infected with this just now. On Windows 7 it installed to C:Users[Username]AppDataLocalisxfy.exe
    I also found a registry entry at:
    HKEY_USERSS-1-5-21-1214436747-3549784325-1303464509-1000SoftwareClassesLocal SettingsSoftwareMicrosoftWindowsShellMuiCache
    The key was named the same as the actual path of the file, “C:Users[Username]AppDataLocalisxfy.exe”

    I hope this helps, I was lucky to discover the name of the executable easily by right clicking on it in the task bar. When I tried it a second time it hid the menu that would normally appear.

  • Oskari Vinko

    I found it with name: “byytdmd” from AppData/Local folder

  • Lapland

    In my case, files were xzingiah.exe and jguifo.exe.
    Notice, that files were hiden, so you have to go to edit folder options, to see all files.
    Use start-up safe mode to operate.

    • Anonymous

      Correct. Sound advise. Take note others, the file names will be different for you. Every install has a different name

  • Sjwalshy

    it wont let me do anything i think i have a new version i cant even open up task manager help please

    • Anonymous

      As the guide states you most likely will not be able to open the task manager. Read through the guide, watch the video. If you get stuck let me know EXACTLY what you have done in the guide and were you are stuck at. Also need to know your OS. I can only help those who help themselves

  • Sjwalshy

    figured it out thanks for the vid keep up the good work

  • Mikeohh

    On Win 7, if you start the task manager as soon as your computer loads, it will open. Security shield will still open but you can now stop it with your opened task manager.

  • Guest

    IF YOU CAN’T OPEN TASK MANAGER on WINDOWS 7: Go to your start menu, select “Shut Down” or “Reboot” WITHOUT closing your programs. Security Shield will be the first program to close, and then you will be given the “Close programs?” warning message before the shut down/reboot completes. When you are offered this option, Cancel the shutdown. You should then regain full control of all your programs. Search your AppData for all .exe files, and sort files by date. This will make it easy to find any executables that appeared in the AppData within the range of time you were infected with the malware.

    • Nagarajan

      Super…It really helps….

  • Guest

    IF YOU CAN’T OPEN TASK MANAGER on WINDOWS 7: Go to your start menu, select “Shut Down” or “Reboot” WITHOUT closing your programs. Security Shield will be the first program to close, and then you will be given the “Close programs?” warning message before the shut down/reboot completes. When you are offered this option, Cancel the shutdown. You should then regain full control of all your programs. Search your AppData for all .exe files, and sort files by date. This will make it easy to find any executables that appeared in the AppData within the range of time you were infected with the malware.

  • Aldris247

    Okay I’m on XP and Security Shield got onto my computer but it hasn’t gone active yet (I saw the message saying it was installed but it isn’t actually doing anything yet. I can’t find any of the files mentioned here. Any way to catch it while it’s napping?

    • Anonymous

      Have you looked in the folders shown in the guide for XP? That is were you need to go. Sort the files by date and you should be able to narrow down what the .exe program is and delete it. As it’s not running I would recommend you go ahead and download and install an AV client like Spyware Doctor with Antivirus and run a full scan. This should also tell you exactly were the file is located and if you are infected with anything else.

  • ArtLikre

    I didn’t even use your latest 2011 video and there were some differences, but the principles of your instructions on the 2010 video allowed me to get rid of this disabling malware. I am most appreciative. Thanks Jacob.

  • http://www.facebook.com/people/Siobhan-Veitch/1062427985 Siobhan Veitch

    Thanks so much. This nasty little bugger had my laptop tied up. But tooling through some of your options helped me find it and give it the boot. BIG Thumbs up!!!

  • http://www.facebook.com/profile.php?id=616567957 Mads Kommedal

    I did it. Their icon changed though

  • Stubo

    The file was not easy to find. Even following these links and videos. I found a weird looking file in the Local folder. It’s icon was the recycle bin, it was a string of letters, “fmpfnkwz.exe”. I loaded up in safe mode, via msconfig.exe boot options.
    Once in safe mode, I deleted this file, as nothing else looked as suspect as this. When I rebooted (after turning off safe mode boot in msconfig), the pc loaded normally. I downloaded antispyware, and avg free antivirus.
    Antispyware detected 2 trojans, and bam cleaned that $%^& up quick smart.
    Thanks for the info!

  • Guest

    I am running Windows 7, but not finding any strange files in my AppData/Local folder. I have also looked in the Roaming folder and didn’t see any strange files. Should I be looking in the various folers in Local? Only the Temp folder has been created recently.

    • Anonymous

      C:Users[Username]AppDataLocal is were this threat tends to be. It may be in a sub folder under local. Once you are in this directory sort the files/folders by date. From there you should be able to pick out the giberish file and remove it. You can also boot into safe mode with networking and install/update Spyware Doctor with Antivirus and run a full scan. This will show you were the file it located and you can manually delete it that way as well.

      Lastly you can hit the Windows start button and type without the quotes “msconfig” Now go to the startup tab and look through your startup files. You should see a file in there that makes no sense and that has no Manufacturer. You can vied the location of the file under the command column.

      • Guest

        Thanks. I am in Safe Mode and running Spyware Doctor now.

        After running msconfig, I didn’t see any suspicious files in the list of Startup files.

        • Anonymous

          Another tip is to search your whole computer for .exe and once done sort by date. If you know the day or around the day you were infected that should narrow down the .exe file to just a small handful of options.

  • Stuartmees

    Really great help, guys thanks!

    FYI my file was called cbigo.exe and was 324 KB.

    • Anonymous

      Glad we could help. Keep in mind others that the above file name will not be you file name. It should be used as an example. Great tip on the 324 KB. Should help some people out

  • Guest2012

    Looks like this things keeps modifying itself…
    *could not bring up task manger [blocked]
    *not found when searching for “security shield” with windows search function
    *In my Win 7 OS, do not see any .exe files in “C:Users[Username]AppData” folder (or Local or Temp subfolders)
    *but do see the following in “AppData”:

    “sdoqvgfbmc” (it reads as an application file, no explicit .exe extension)

    *it is not a green shield icon, an icon that is mostly a blue square with a bit of green (looks like windows start menu icon)
    *size 315 KB
    *only one with date in last 2 days since infection showed up
    ->This must be the infected file in question, so I changed it, rebooted, and then deleted as instructed

    Then after full scan (by AVG free), these 3 files were also removed:
    -C:Users[Username]AppDataLocalTempLowaev.dll
    -C:Users[Username]AppDataLocalTempLowaev.exe
    -C:Users[Username]AppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5KZE4FDNB7cca2[1].pdf

    Of course other filenames and paths will undoubtedly continue to differ, but just to give others and idea of where it’s at in my case in Feb 2012.
    Thanks very much for the help. Very useful.

    • Anonymous

      Good to know. Thanks for taking the time to document and post your findings. It should help others. Just an FYI. As with most free clients, the free AVG Antivirus will not really protect your computer. Most people who end up on this site are using free based clients and that is why they keep coming back.

      • Wolveskago

        I had the same issue as the above person states (different names of course). The icon that showed up for my files was a recycle bin icon in the hidden locations. After renaming and deleting I have access to everything but the Internet. Any suggestions on other places to look? I ran a full scan(with
        Avira) and deleted one more item [ ].exe but still no access. Running a full scan with Malwarebytes now as well…

  • Guest

    Was able to remove this by booting into Safe Mode with Networking and running Malwarebytes. Result:

    Files Detected: 2
    C:Users*****AppDataLocalsktqcuz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:Users*****AppDataLocalLowSunJavaDeploymentcache6.035642a63-69b94953 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Been running fine since.

  • Mike

    You guys totally saved me. Thanks a bunch

    • Anonymous

      That is what we are here for. Glad removevirus.org was able to get you back on your way. If you can take a quick second and like the the site or make a post somewere about it. Every little link will help others find us when they need us.

  • Corychan29

    in the video, the name in the task manager, i didnt have the same name that it had on the video. Help!

    • Anonymous

      AS the guide says you are not going to. It is unique to every computer. View the steps in the manual guide and let me know if you get stuck. Be as specific as possible. The first step is to browse to the file paths shown in the guide according to your operating system.

  • Dhschan

    The “how to” video really helped, however I have a couple of questions.
    The guy on the video said to do a full virus scan and use Stopzilla or whatever
    it’s called. I have McAfee, will that work? Also, for the disk cleanup part,
    the temporary junk files that need to be taken care of, are those the ones
    that are automatically checked in the box? How do I “clean” them?

    • Anonymous

      Stopzilla is no longer recommended by removevirus.org for most threats. Spyware Doctor with Antivirus does a far better job. The newest version really rocks. Out of all the paid clients out there Mcafee is my least favorite. In many cases it misses a lot of these fake AV clients. I would at least run a scan with the free trail version of SDA to ensure you don’t have any other threats.

      In most cases the temp files are removed when you run disk cleanup. Not all of them but the ones were the viruses hide out at are generally purged.

  • Darkest Rioteer

    Please help with this. I don’t know if I still have Security Shield inhabiting my computer.

    At first, I thought I had the virus. It had the icon, the browser and everything, it also kept throwing stupid warning messages at me.
    After a failed attempt to open Task Manager, I opened my Anti-virus, setting it to Full Scan then proceeded to stare at it for roughly an hour. After it was done, It showed that there were no viruses or trojans. At which point, it came to my realisation that I had not received a warning message or anything like that for the past half hour, which was strange. Then, I found I could open task manager again, this time, not being able to find the process with the weird name in both description and name. I also went to all the locations in an attempt to find the program, using the date modified tab to find anything that had been changed in the past week and seeing if it resembled anything like Security Shield. unfortunately, all 3 locations for the Windows 7, were empty, by that I mean of anything resembling.

    I then restarted my computer, wondering if Security Shield had just somehow disappeared, or if it just stopped itself.

    It is now my third time restarting my computer, and for some reason, I have yet to find any indication what so ever, of ever possessing the spyware on my computer.

    Is there any advice anyone could offer me on this matter?

    • Darkest Rioteer

      Also, I would like to mention that I’m currently using ‘Rising’ Anti-virus.
      I have attempted to do all the steps in the guide, but having been stopped at opening the Task manager, I was unable to find the main exe.

      I have have also looked in these 3 places for the spyware as I’m currently using Windows 7
      C:Users/Username/Appdata/Local
      C:Users/Username/Appdata/Local/Temp
      And
      C:Users/Username/Appdata
      For any general resemblance to Security Shield

      Please and Thank you.

      • Anonymous

        I do not think you are no longer infected. Not sure what “Rising Antivirus” is. Download and install Spyware Doctor with Antivirus and run a full scan. That is the best way I know of to ensure you have no virus threats left.

  • Gp3530

    i need help

    • Anonymous

      You have to give me more then that! Read the guide and then if you need help let me know exactly what step it is you are stuck on and what you are trying to do. Your operating system is also needed for me to ensure you are looking in the right place

  • Gp3530

    i have windows xp. i am in safe mode. I cannot locate the virus. i do not know what the name if it should be.

    • Anonymous

      name will be random. As you have XP you should browse to the paths shown in the guide and then sort those files by date. Keep in mind you may need to show “hidden files and folders” in order to browse to the directory.

      • Joebad

        how do you know if you have the correct file to delete? I think I have one as i386 which was last modified today, but that is in the C drive path. Do I risk deleting it. I’m in XP and when the path of C/DocsSettings/Alluser/App Data i don’t see anything unusal

        • Joebad

          Found it by searching *.exe files 316kb modified this am. thanks for the forum question and answers

          • Anonymous

            Way to take the initiative. Were was the folder location for you. The previous path you typed in is not a valid file path.

          • Joebad

            I didn’t see where it was. When I searched *.exe as soon as I saw the file with the green box and random numbers I deleted it. But now I have a problem with my internet connection. Computer seems to not be able to find the modem. I also get a win32 appl. not valid error

  • Tremill

    Thanks for the quick, easy and clear instructions. For someone who’s not tech saavy, they were very helpful

    • Anonymous

      You are very welcome. Glad we could help you out.

  • Ldicastri

    Help. I can’t have access to my browser to download a removal tool and my task manager doesn’t right click to properties so I can NOT find the exe file to delete it. I ran a scan from trend micro in safe mode but it didn’t find it.

    • Anonymous

      Manually browse to the directories shown in the guide and then sort the file by date. From there you should be able to pin point the name of the threat and delete it or rename it. I would also re-set your browser. That should restore internet access for you.

  • Nate

    Im pretty sure I located the .exe file…it was in appdata/local…by the way I’m on Vista…I renamed in “gay as Fuck” I then tried to delete it andthe window that will POP up when something is being recylced and the little green bar moves left to right…well mine is a fully red bar and it claims to he recycling but it says “recycling 1 item (329 kb) from LOCAL (C:usersownerappdatalocal) discovered 0 items (0 bytes)” then when I try and click the “x” it sings at me and won’t close…Idk wtf is goin on…and the application I believe is the virus was created today (15th) the same day this started to occur….any ideas?

    • Anonymous

      You can not delete a file while it is in use. After you re-named it you need to re-boot your computer, then delete it.

  • D55iamond

    Thank you for creating this site. I managed to get security shiel 2012 off of my new laptop without my parents knowing. Thank You so much!

    • Anonymous

      You are very welcome. Nothing better then being virus free and having your PC working again!

  • Brian

    Thank You SO much. Using your guide I was able to clean up my Mom’s computer. You’re a good man. I’ve already liked you on facebook and posted up a link to your site on my wall. I’ll repeat every week or so. You rule.

    • Anonymous

      Right on!. Glad we could help you remove your virus and very happy you are helping to spread the word.

  • Ron Brantley

    Thanks Jacob for all the help you provide here for people dealing with viruses. As an IM I’m very impressed the the value you share here. Because at the end of the day thats what business is all about….providing value to customers.

    Thanks again,

    Ron

    • Anonymous

      Thanks for the kinds words Ron. Glad we could help get you sorted

  • Janehenfrey

    After a couple or trial and errors made on my behalf! I can now say that I successfully got rid of a computer virus! Thankyou SO much for giving this information to us all on the world wide web! 😀

  • HomicidalWhales

    For Windows XP users, my computer would never enter safe mode. When I tried the msconfig thing it would be blocked by SS2011, so what I recommend you do is to open the Task Manager using Ctrl+Alt+Del. After, track to process because mine didn’t appear in random numbers; just letters. You wanna find the location of it in a folder (the folder is gonna be hidden so go to My Computer and un-hide those folders), change the name of it to whatever you want, then end the process of it and then delete the icon once found. Download something like Spyware Doctor to track anything else SS2011 could have left behind. Luckily it did not. It was only on my PC for about 24 hours; more or less. I did re-install Norton and had updated and upgraded it to a newer version. I have Norton 360 and I can’t believe Norton did not block SS2011 after I went to a website that I normally visit (which is now temproarily infected)! Good luck to everyone! If you need any help email me at: HomicidalWhales@yahoo[dot]com.

  • Guest458

    Jacob I really appreciate what you guys are doing here.

    I am running XP and cannot find the virus. I have looked in C:Documents and SettingsAll UsersApplication Data and in C:Documents and Settings[User name]Application Data and there are no recently modified execution files in either location.

    I am running in safe mode and I am displaying hidden files.

    I was able to access the task manager before starting in safe mode but there is no description column nor is there any option to display the description column so I could not identify the virus using that method either.

    Any suggestions? Thanks.

  • Fletchbell

    Hi. I have xp and was getting nowhere. I then opened up the task manager as soon as I logged on (as you suggested) and saw security shield in the task menu. I deleted (or end tasked it) it and nothing has popped in the past couple of hours and I can run pretty much everything. However this just seemed to easy and I feel its lurking there somwhere but I cannot find it at all before or after I closed it down through task manager. Any advice??

    • Stco

      I encountered exactly the same situation, is your computer working ok now?

  • Nancy

    When I go to task manager and click on processes, I can’t seem to locate the file. I’ve had Security Shield for a few days now. Does that have anything to do with how I cant find the file? Also, I searched the file ‘AppData’ and I couldn’t find a file that was different in any way. Help??

    • Anonymous

      copy in the link to the location you looked at on your computer so I can verify you are looking in the correct location.

  • Georgie

    Windows 7:
    When security sheild opens and you get the little green sheild icon on your taskbar right click it and it’ll have about 3 options,the last one being close this window,the first one will be an icon and a weird name,if this is the case then THAT is the name security sheild is hiding under so if you look for this icon and this name when you’re going through the steps off going into the App Data and Local folders then delete it and security sheild will be gone
    and this is coming from a 15 year old who had the virus yesterday and followed this guide then got rid of the virus 2 and a half hours later 😛

    • Harleyetchells69

      great advice, cheers

    • Harleyetchells69

      great advice, cheers

  • Joeffa

    DUDE THANK U SO MUCH

    • Anonymous

      glad we could help you out.

  • Andrea

    Thank you so much! I’m glad I found your website, this was my first virus I’ve ever encountered and I was really stressing out. Just a heads up, it took me a really long time to find the little green shield icon because while the virus was still hiding under a funny name, it wasn’t a little green shield anymore! It looked like a small green globe and, ironically enough, like 2 little green credit cards in front of it. There was 3 of these “applications”, one in my C:Documents and Settings[Username]Application Data and 2 in my C:Documents and SettingsYOUR USER NAMEApplicationDataLocalTemp. The file size was 316. I assumed by the funny name and date modified that this was the virus, thankfully it was and your steps helped me get rid of it! (: So if anyone has trouble finding it, it might be because it’s hiding under a different icon and check both AppData locations!

    • Anonymous

      Glad we could help you get your problem sorted

    • kelli

      Have to agree with you Andrea – I had to look very hard and thought I had found the one file with the little green shield icon.
      From your advise above, I looked in that second file and found a second ‘green shield’ file and have deleted it, and also emptied my trash bin.
      Still doing a full scan of my computer, with PC tools antivirus, hoping that will be the end of it.

  • Talbert1

    I am running on windows and i am unable to open task manager or find security sheild in AppData and the virus is not letting me run spyware doctor what else can i do?

  • Oneeye500

    Get this goddamm Security Shield thing off my computer right now!!!!!!!!

    • Anonymous

      LOL. If you took a second to read around a little on the site you will see we have nothing to do with Security Shield. It’s a virus. This is a virus removal website to help people remove virus threats and to educate the public about such threats.

  • mc

    Thanks. Your advice works.

  • numbers

    if you buy into the scam and purchase it with a credit card can they steal your identity. and what can be done??????

    • Anonymous

      check out http://www.removevirus.org/what-to-do-if-you-paid-for-a-fake-security-client for answers. Personally I have known many people who have paid for a fake client and none that I know of had any other charges. That is not to say it could not happen. As the guide states. Call the issuer of the card, report the fraud, get your money back and a new card.

      • numbers

        Thank you very much for all your help. Truly appreciated the knowledge and know-how:)

  • sum-random-teen

    I am home-schooled, i have 2 computers, and i was infected with security shield on the computer that is incompatible with my home school, Cava K12, well the one that is infected is great, windows 7, 64 bit, and Intel i3 core processor. the one that is OK is a hybrid, i don’t know why, but it completely sucks with my home-school. Anyway, i was watching your video a few minutes ago, and they took the laptop away, in the middle of me trying to get rid of this, see, i told my mom a couple days ago, when the computer got infected, and she fiddled with it for a few minutes, and said it was gone, but it wasn’t, and that situation repeated itself many times. so yesterday, i came to website, much like yours, and looked it over, and showed her the instructions on how to remove it. she took the computer to her room. and didn’t do anything. she kept procrastinating. So i felt if my parent don’t understand this is huge problem, then its time for me to study up. so i surfed the web, until i came across your website you tube video, and was doing what it said.and now here we are again. No infected computer, no way to get rid of security shield, no way to do my schoolwork. so, how can i fix this?, can i convince them do let me do what has to be done? or does have to come down to me sneaking it in the middle of the night? what will it take for them to understand it is affecting my grades? most likely, they will keep being brainless, and my mom will eventually give in, and my the program, which will be a big freaking mistake. then her credit card is hacked, and we are broke, and screwed in so many more ways then you can imagine! Please help me! these fools are going to screw me out of high school!!!well, maybe that was to long of a story, i am sorry, i just needed to tell someone who has a brain that works. anyway, thats it, uh, idk, help me devise a game-plan.

    • Anonymous

      I can answer the “How do I fix this”. The guide has worked for thousands of people. Go through it and follow the directions. If you have a specific problem or can’t figure out how to do something in the guide then feel free to ask. Let me know what you have already done, your operating system and what exactly you are trying to do that you need help with.

  • Ray

    download the free malware and will solve the problem without going through complex process

  • GUEST

    OKAY IM HAVING ISSUES GETTING THIS OFF MY XP WHAT DO I NEED TO DO.. HELP!!!!! I CANT FIND THE PATH I CANT FIND IT IN THE TASK MANAGER BECAUSE I DONT HAVE A DESCRIPTION TAB AND I DONT KNOW WHAT TO DO

  • user178

    Got the virus on my laptop and can’t even start up anymore to try delete or run anti malware disc. System will start and then – no matter how I try to open (tried safe mode, safe mode with networking, normal…), my laptop will show message UNMOUNTABLE BOOT VOLUME. Any idea what I can do?

    • user178

      …running on XP and was using a free version of AVG….

    • Anonymous

      Sounds like your harddrive no longer has an operating system. My guess is the MBR or something along those lines was wiped. I would try a few things.

      1. Run a checkdisk (Most likely will not help but easiest to do)
      2. Test your memory (Others will say this has nothing to do with it but I have found memory issues to cause this exact error. Rare but easy to test)
      3. Run a diagnostic on the hard drive to see if it’s damaged.
      4. You can attempt a partition recovery using programs like Recover My Files. This will cost 100 bucks for the program. Worst case you use this program to recover your data and then do a fresh install. You may be at this point.

  • Al

    Thank you very much for this guide Jacob! I got a panicked call from my Mom this morning after the Security Shield bogus warning came up on her computer. Using the manual removal guide via LogMeIn allowed me to remove it for her. After another virus scan, I’m confident that the problem has been resolved. Thanks again for the help.
    Al

  • No

    for me, the filename was srekfa.exe. renamed it, re-started pc, deleted file, security shield doesn t come up anymore

  • UsRoses

    Its odd, I got the security shield attack today my McAfee told me that I was infected by a trojan and that is took care of it and right after the security shield took over. My McAfee went crazy about a program called Kaaonoobkb.exe, but I ignored it considering I had a ton of issues with SS already. Well I stopped security shield from restarting at startup and restarted my computer. SS didnt start up and I was able to find my way here (Great website by the way!) and watched your tutorial. After following the instructions on my windows 7 pc I found no SS shield icon in my appdata local folder but I did find the Kaaonoobkb.exe file. I’m going to delete the Kaaonoobkb.exe file and hope thats the security shield. If anyone has any similar experiences let me know.

    Also I know you recomend a paid antispyware program but I’m unemployed father of two and money is very tight, spending any money that isnt completely necessary (The internet is helping me get a job so it is necessary) is not an option. Is anyone able to recomend a free antispyware program for me. Sorry I know you guys make a commission on us buying and I will when I’m on my feet again but can you guys help a down and out guy out.

    Thanks!

  • jrade

    I rebooted my computer and started task manager right away. Saw the “Security Shield” running running in the “Applications” tab, right-click and select “Go to process”. That will go to the “Processes” tab and selected with be the executable application for the virus. Mine was named “ymprx.exe”. Rename it and reboot again. Then follow the guide on this page.

  • Tmcniff

    I can’t seem to find what the file is named under task mgr, anybody know what name is going by?

  • AtomicAnton

    i went to app data then local, but i can’t find the .exe file. i went to roaming too and i had no luck D: what do I do?

  • Madpistol

    Please pass this on. I may have accidentally found a fault in this program.

    If you are infected with Security Shield 2012 and are running Windows 7 or Vista, try the following before doing anything else.

    1. right click on your desktop and choose “personalize”
    2. if you are running an aero theme, choose a basic theme. If you are running a basic theme, choose an aero theme.

    Your computer may freeze for about a minute, but when it becomes responsive again, SS 2012 should stop running and close, leaving you to get rid of the program easily and without interruption.

    Please let me know if this works. I found this by chance trying to remove the bug myself, but it saved me tons of time and heart ache.

  • Eminynay

    I went to a couple of websites earlier (while on my friend’s laptop) to try to get this virus off my personal computer, and it told me to go into safe mode, which I did. I followed the instructions, but couldn’t find the virus anywhere. I decided to try this site and rebooted my computer without safe mode on. However, I still can’t find the virus. I have been able to access every part of my computer that I tried, There are no popups now, but I didn’t uninstall anything on my laptop. I was able to run a full scan and it got rid of two trojans and some tracking cookies. Did that get rid of it or is it possible for it to just disappear like that?

    • Anonymous

      All I can suggest is to run a full scan using Spyware Doctor with Antivirus like we recommend. That AV client does detect this threat. If nothing is found then I would consider it gone.

  • Guest

    In Windows XP, I found it in C:Documents and SettingsUserLocal SettingsApplication Data

  • Guest

    Jerdei – thank you so much for this post. I unwittingly downloaded this on my work laptop an hour ago and it was killing me with pop-ups. when i tried to connect to the internet, it was not letting me open my browser, either IE or firefox.
    then I opened my personal laptop and happened to pick u r video on how to remove the SS which was so easy to understand and do; and viola it was done in 10 seconds. thank you so much for your post…it helped me great deal….i have windows 7 and IE 8. I am currently scanning my system and pray it really is wiped out. i am using McAfee.

  • GUEST

    I have XP and I am completely lost on how to find the virus. I have gone to All Users and Admin and under Application Data I am not finding the virus. Can you give me any suggestions these pop ups are really frustrating me????

    • Anonymous

      It’s not under Admin. It will be under your user name

      Example: C:Documents and Settings[Username]Application Data and or C:Documents and SettingsYOUR USER NAMEApplicationDataLocalTemp

  • Grrrr

    This thing is pissing me off, god damn…..I followed all your steps im running Windows 7, i got into the AppData folder, went under local and it isint there at all, i checked all the other folders in AppData Too not there…. But the god damn pop ups continue…..i’m right fed up with this god damn thing, Any advice you can give would be most appreciated

  • Peds

    Thanks a ton!! And i don’t know if this is any help to anyone, but i think my computer got it from the Canadian Ukash virus….

  • Maud

    I can’t find it in the taskmanager thing, but I still see it! Please help me!

    • Anonymous

      Skip it and move on if you are having troubles brining up there task manager. It’s just one of the ways to stop this threat. There are several others shown in the guide.

  • Yasminn

    YOU ROCK!!! Mum made me help her and she now reckons I should have gotten into computer tech…

    • Anonymous

      It’s not too late to change your field. Computer work is wide and vast. It offers something for just about everyone.

  • James

    Hi, before I found your video I already deleted the file before renaming it from appdata>local. I found it as a hidden file. It seemed to delete normally + I also removed it from the recycle bin. However, I can still see the file listed under “Notification area icons” as hlbgufbxf.exe. Does this mean it is still on my PC / is it still an issue?

    • Anonymous

      No. Left over trace that is benign as you deleted the .exe file already. Run an AV scan to be sure and call it good. Alternatively you should now be able to do a system restore and take your computer back to when you were not infected. That will remove the notification.

  • Marinageorgiou01

    Security Shield keeps popping up but it is not listed as a process on windows task manager? I don’t know how to remove it now….

    • Anonymous

      It will be listed. The name is always unique. If you are in safe mode the threat will not be running so it will not be in the task manger while in safe mode. The folder paths are all valid. If you want check out this video http://www.removevirus.org/how-to-use-msconfig . Covers another way of finding out the virus name. That our browse to the folder paths shown in the guide and sort your files by date.

  • Steph

    I wish i found this video sooner. When I got the virus I did a system restore resulting in the pop up and alerts to disappear. However the computer did note that system restore had an error. My antivirus has detected virus and I have deleted the ones I can. I cant seem to find any file types listed in the comments and video. Is my virus gone or is it still lingering?

    • Steph

      Apparently my file was in AppData/Local Low it was deleted through my antivirus scan, so I am assuming thats where the Shield virus was. Unless I have another virus. :S

  • Georgieb_77

    Thank you for such a helpful video! Easy to follow and such a trustworthy site you guys have here. Excellent!

  • Pingback: Security Central – Delete It Right Now

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.