Shield Soldier

7 October 2010 Rogue 1 Comment

Shield Soldier with an alias ShieldSoldier is another malevolent computer program tagged by security expert as rogue. Shield Soldier can be installed on the computer by malicious script hosted on fake virus scanner web sites. Simply visiting a site will automatically run a script to download and execute this unwanted program. Once it gain presence on the machine, it will prevent users to execute any programs including antivirus applications. This will make it undetectable as unnecessary program. Alterations will be accomplished on the registry that will make itself run when Windows is started.

Getting rid of this program manually made complicated when Shield Soldier virus disables some Windows functions including registry editor, task manager and folder options. Although, automatic removal can be carried out by simply having an effective anti-malware program that can remove Shield Soldier completely by doing a thorough scan of the compromised computer.

Shield Soldier Screen Shot

Image of Shield Soldier

Critical Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Shield Soldier Removal Procedures

Manual Removal:
1. Stop Shield Soldier process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
(random characters).exe
F0E84.exe

2. Update your installed anti-virus program.
3. Run a full system scan and clean/delete all detected infected file(s). A manual removal of virus-related files should also be performed.
4. Edit Windows registry and delete Shield Soldier entries. [how to edit registry]
5. Exit registry editor.
6. Remove Shield Soldier start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Startup item(s):
(random characters).exe
F0E84.exe

7. Click Apply and restart Windows.

Shield Soldier Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.

Technical Details and Additional Information:

Malicious Files Added by Shield Soldier:
%Program Files%\FDFCA\
%Program Files%\FDFCA\F0E84.exe
%Program Files%\FDFCA\Uninstall.exe
%Program Files%\RegistryClever Software\
%Program Files%\RegistryClever Software\RegistryClever\
%Program Files%\RegistryClever Software\RegistryClever\license.txt
%Program Files%\RegistryClever Software\RegistryClever\RegistryClever.exe
%Program Files%\RegistryClever Software\RegistryClever\RegistryCleverTray.exe
%Program Files%\RegistryClever Software\RegistryClever\uninstall.exe
%Program Files%\RegistryClever Software\RegistryClever\Styles\
%Program Files%\RegistryClever Software\RegistryClever\Styles\Vista.cjstyles
%Documents and Settings%\All Users\Desktop\RegistryClever.lnk
%Documents and Settings%\All Users\Start Menu\Programs\ShieldSoldier.lnk
%Documents and Settings%\All Users\Start Menu\Programs\RegistryClever\
%Documents and Settings%\All Users\Start Menu\Programs\RegistryClever\Homepage.lnk
%Documents and Settings%\All Users\Start Menu\Programs\RegistryClever\RegistryClever.lnk
%Documents and Settings%\All Users\Start Menu\Programs\RegistryClever\Uninstall.lnk
%WINDOWS%\.dll
%WINDOWS%\.bin
%WINDOWS%\.cpl
%WINDOWS%\system32\.cpl
%WINDOWS%\system32\.exe
%WINDOWS%\system32\.bin
%UserProfile%\Desktop\ShieldSoldier.lnk
%UserProfile%\Local Settings\Temp\.exe

Shield Soldier Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “TrayScan”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “F0E84.exe”
HKEY_CURRENT_USER\Software\RegistryClever
HKEY_CURRENT_USER\Software\ShieldSoldier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryClever
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShieldSoldier
HKEY_LOCAL_MACHINE\SOFTWARE\RegistryClever
HKEY_LOCAL_MACHINE\SOFTWARE\ShieldSoldier

What to do next...

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Shield Soldier payment refund or lost serial key, kindly check the FAQ for rogue program first.

One Comment

Remove-ShieldSoldier
Oct 15, 2010 @ 11:34:16
thank you for your great information, after followed all instruction, now I am free from ShieldSoldier..