Security Shield is a fake anti-virus software. Follow the removal guide on this page to get rid of the malware from an infected PC.
Security Shield is a fake antivirus program that uses Trojans and fraud security web sites to promote itself. Security Shield or also known as the SecurityShield virus, can easily get inside the system via through Trojan infection. This harmful Trojan will exploit certain software weak spot found to gain secret access on the target PC. With the use of scam web sites, this malware will automatically scan victim’s PC and post an alert of possible infection. Then it will prompt to download and install Security Shield as the needed software to remove detected threats. No matter how one has obtained this fake AV, its effect once installed on the computer is very devastating. It will block your access to Internet and prevents running of any software.
To push user in obtaining the full version of this fake security tool, it will pop-up fake alerts from time-to-time. It may be hard to remove Security Shield once it set itself on the system. It is capable of configuring a self-start to run the software when Windows starts. Once loaded, it has the ability to kill any installed anti-virus program and block your entire security software.
With these damages made on to the system, there is a slight option that it can be removed with the normal software uninstall process. So far, the best way to remove Security Shield and other rogue product is by using a trusted anti-malware program as stated in the guide below. Valid antivirus program can also help in removing malicious files that are hidden on the system folder that are linked with Security Shield.
These images are the versions of Security Shield. Security Shield ‘Protect Your PC In New Level’ is the newest version.
Update: May 26, 2012
Security Shield now spreads a new version. It carries a different kind of interface. See image below. The malware is more harmful than ever because of a rootkit Trojan that comes with it.
Technical Details and Additional Information:
Security Shield is Also Detected As:
Trojan.Win32.Heur.Gen (ByteHero), Trojan-Dropper.Win32.Dapato.upm (Kaspersky), Trojan.FakeAV!rem (PCTools), Trojan.FakeAV (Symantec)
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Once Security Shield is running on the computer, it will never stop producing fake security alerts. These deceiving techniques attempts to persuade users to purchase the registered version of this malicious product. Some of the false information it will provide are the following:
Security Shield Firewall Alert
Security Shield has prevented a program from accessing the Internet.
“iexplore.exe” is infected with “Trojan-Spy.Win32.Agent”. This worm has tried to use “iexplore.exe” to connect to remote host and send your credit card information.
Harmful software detected
Security Shield has detected malicious software that may cause PC crash. Click Remove All button below to remove them now.
Warning message from your Internet browser. This page is under virus attack. This may crash your system.
New database updates are available
Automatic updating is required for real time system protection against new viruses, Trojans and worms.
Video Tutorial (Security Shield Removal)
How to Remove Security Shield
Activating Security Shield
Security Shield will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.
Activation Code: 64C665BE-4DE7-423B-A6B6-BC0172B25DF2
Once activated, downloading of necessary program to scan and remove Security Shield is now possible.
Automatic Removal Procedure
1. Download Malwarebytes Anti-Malware and save it on your Desktop or any location on your PC.
2. When finish downloading, double-click on the file to install the application.
3. Follow the prompts and install with default configuration.
4. Before the installation completes, check on the prompts about update and launch.
5. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
Restart the Computer in Safe Mode
6. Next thing to do is to reboot the computer in Safe Mode with Networking to avoid Security Shield from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will now start in Safe Mode.
8. When scanning is finished click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to Security Shield.
10. Restart your computer.
Note: If Security Shield prevents downloading of recommended tool. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.
Removing Rootkit Trojan
On some instances, Rootkit Trojan is the one responsible for dropping Security Shield inside the computer. Rootkit Trojan is capable of concealing itself from anti-virus application and hides its presence. This is the reason why we need to neutralize the complicated malware using a special tool designed for this type of infection.
1. Download Norton Power Eraser here. Save it to your desktop.
2. Once download is complete, double click on NPE.Exe.
3. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.
4. On NPE main window, click on Scan.
5. On next window, select Include Rootkit Scan and click on Restart.
6. NPE will restart the computer and performs rootkit scanning. This may take a while.
7. When scan has completed, NPE will display a list of all detected threats.
Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.
8. Now, click on Fix to start removing any threats associated to Security Shield.
9. Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
10. You may now close NPE. That completely removes Security Shield rootkit Trojan.
Alternative Removal Method for Security Shield
Option 1 : Use Windows System Restore to return Windows to previous state
If Security Shield enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Security Shield infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
Option 2 : Security Shield manual uninstall guide
IMPORTANT! Manual removal of Security Shield requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to Security Shield.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Security Shield files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by Security Shield.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.