Security Shield

Security Shield is a fake anti-virus software. Follow the removal guide on this page to get rid of the malware from an infected PC.

Activating Security Shield

Security Shield will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.

Activation Code: 64C665BE-4DE7-423B-A6B6-BC0172B25DF2

Once activated, downloading of necessary program to scan and remove Security Shield is now possible.

Automatic Removal Procedure

1. Download Malwarebytes Anti-Malware and save it on your Desktop or any location on your PC.
2. When finish downloading, double-click on the file to install the application.
3. Follow the prompts and install with default configuration.
4. Before the installation completes, check on the prompts about update and launch.
5. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.

Restart the Computer in Safe Mode

6. Next thing to do is to reboot the computer in Safe Mode with Networking to avoid Security Shield from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will now start in Safe Mode.

7. When on Safe Mode of Windows, open the removal tool. Select Perform full scan on main screen to check your computer thoroughly.
8. When scanning is finished click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to Security Shield.
10. Restart your computer.

Note: If Security Shield prevents downloading of recommended tool. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.

Removing Rootkit Trojan

On some instances, Rootkit Trojan is the one responsible for dropping Security Shield inside the computer. Rootkit Trojan is capable of concealing itself from anti-virus application and hides its presence. This is the reason why we need to neutralize the complicated malware using a special tool designed for this type of infection.

1. Download Norton Power Eraser here. Save it to your desktop.

2. Once download is complete, double click on NPE.Exe.

3. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.

4. On NPE main window, click on Scan.

5. On next window, select Include Rootkit Scan and click on Restart.

6. NPE will restart the computer and performs rootkit scanning. This may take a while.

7. When scan has completed, NPE will display a list of all detected threats.

Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.

 

8. Now, click on Fix to start removing any threats associated to Security Shield.

9. Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.

10. You may now close NPE. That completely removes Security Shield rootkit Trojan.

Alternative Removal Method for Security Shield

Option 1 : Use Windows System Restore to return Windows to previous state

If Security Shield enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Security Shield infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : Security Shield manual uninstall guide

IMPORTANT! Manual removal of Security Shield requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Security Shield.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Security Shield files (refer to Technical Reference) and click End Process.

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Security Shield.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:%AppData%\[random] %AppData%\[random]\[random].bat %AppData%\[random]\[random].cfg %AppData%\[random]\[random].exe %UserProfile%\Desktop\Security Shield.lnk %UserProfile%\Start Menu\Programs\Security Shield.lnk Added Registry Entries:HKEY_CURRENT_USER\Software\Security Shield HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"