Description: My Security Shield is a notorious rogue anti-malware program related to such heavyweights in the malware field as Security Master AV, Virus Doctor and My Security Engine.
It attempts to trick users into purchasing a software license that is completely fake. My Security Shield gets installed on a user’s system via Trojan viruses that get downloaded through bogus websites which claim to have security scanners and along with fake video codec packs. Once installed, My Security Shield disables all security software present on the system along with essential system tools such as Windows Task Manager and Registry Editor, and proceeds to load at startup. It then performs fake security scans on the system, returning false results that claim that the computer is severely infected with malicious software.
It also displays a large number of fake pop-ups from the Windows taskbar, which warn the user of potential ‘threats’ to the computer. Meanwhile, My Security Shield constantly request the user to purchase the ‘full’ version of the software, claiming that the currently installed ‘trial’ version of My Security Shield is insufficient to completely clean the system. However, it is important to note that My Security Shield is a fake application and therefore its so-called ‘full’ version is just as incapable of scanning or cleaning any system as the ‘trial’ version.
My Security Shield
» Download My Security Shield Removal Software
As soon as you find a copy of this malicious program on your system, you should take steps to immediately remove My Security Shield. For My Security Shield removal, it is necessary to stop processes, unregister DLLs, delete files and folders and remove registry entries.
Remove Proxy Setting so You Can Connect to the Internet Again.
My Security Shields Removal Video
My Security Shield Manual Removal Procedures
The first step you need to take in order to remove My Security Shield is to stop the following processes from execution:
- MS345d_2129.exe
- DBOLE.exe
- kernel32.exe
Next, it is necessary to unregister the following DLL files to ensure My Security Shield removal:
- mozcrt19.dll
- sqlite3.dll
- fan.dll
- PE.dll
- std.dll
The next step you need to take in order to delete My Security Shield is to delete the following files and folders:
Windows XP:
- c:\Documents and Settings\All Users\Application Data\345d567\
- c:\Documents and Settings\All Users\Application Data\345d567\4475.mof
- c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
- c:\Documents and Settings\All Users\Application Data\345d567\MS345d_2129.exe
- c:\Documents and Settings\All Users\Application Data\345d567\MSS.ico
- c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
- c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
- c:\Documents and Settings\All Users\Application Data\345d567\MSSSys\
- c:\Documents and Settings\All Users\Application Data\345d567\MSSSys\vd952342.bd
- c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Item\
- c:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\
- c:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\MSJYQMS.cfg
Windows Vista/Windows 7:
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk
- %UserProfile%\AppData\My Security Shield\
- %UserProfile%\AppData\My Security Shield\cookies.sqlite
- %UserProfile%\AppData\My Security Shield\Instructions.ini
- %UserProfile%\Desktop\My Security Shield.lnk
- %UserProfile%\Recent\cid.drv
- %UserProfile%\Recent\CLSV.tmp
- %UserProfile%\Recent\DBOLE.exe
- %UserProfile%\Recent\delfile.sys
- %UserProfile%\Recent\fan.dll
- %UserProfile%\Recent\grid.sys
- %UserProfile%\Recent\kernel32.exe
- %UserProfile%\Recent\kernel32.sys
- %UserProfile%\Recent\PE.dll
- %UserProfile%\Recent\PE.tmp
- %UserProfile%\Recent\runddlkey.drv
- %UserProfile%\Recent\SICKBOY.drv
- %UserProfile%\Recent\std.dll
- %UserProfile%\Recent\tempdoc.tmp
- %UserProfile%\Recent\tjd.sys
- %UserProfile%\Start Menu\My Security Shield.lnk
- %UserProfile%\Start Menu\Programs\My Security Shield.lnk
My Security Shield Registry Removal Procedures
Removing files and folders is not enough to ensure complete My Security Shield removal. To completely remove My Security Shield, you need to delete the following keys and settings from the Windows Registry:
- HKEY_CURRENT_USER\Software\3
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "control/7.02129"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Shield"
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
You should now run a full security scan to ensure no other threats are installed on your computer if you have not already done so.
My Security Shield Directories:
Vista / Windows 7
- %UserProfile%\AppData\My Security Shield\
XP
- c:\Documents and Settings\All Users\Application Data\
Outside Resources:
I’m getting security shield popups, and the task manager is disabled, but there is no icon for security shield on my desktop.
Not a big deal at all. Watch the video. That is only one single way to find the location of the threat. The manual guide also lists the folder paths for you.