Remove Security Shield virus (Uninstall Guide)

Security Shield is a rogue security software which will display fake security alerts,reporting that malware has been detected on your computer.This alerts are professional looking pop-ups and when you click on them, you are advised to buy Security Shield in order to remove the detected threats.
In reality, none of the reported issues are real, and are only used to scare you into buying Security Shield and stealing your personal financial information.
In addition,this malicious program is also causing browser redirects,system slowdowns and has hijacked your PC functions to block certain programs from running (eg: Task Manager,Registry Editor,Run command etc.).

If your computer is infected with Security Shield,then you are seeing this images:

[Image: Security Shield virus]

[Image: Security Shield Alert]

[Image: Security Shield warning]

We strongly advise you to follow our Security Shield removal guide and ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Registration codes for Security Shield
As an optional step,you can use the following license key to register Security Shield and stop the fake alerts.
64C665BE-4DE7-423B-A6B6-BC0172B25DF2
Please keep in mind that entering the above registration code will NOT remove Security Shield from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.

How to remove Security Shield (Uninstall Guide)

STEP 1: Remove Security Shield malicious files with Malwarebytes Anti-Malware

Malwarebytes Chameleon technologies will allow us to install and run a Malwarebytes Anti-Malware scan without being blocked by Security Shield.

  1. Download Malwarebytes Chameleon  from the below link, and extract it to a folder in a convenient location.
    MALWAREBYTES CHAMELEON DOWNLOAD LINK  (This link will open a new web page from where you can download Malwarebytes Chameleon)
    [Image: Extract Malwarebytes Chameleon utility]
  2. Make certain that your infected computer is connected to the internet and then open the Malwarebytes Chameleon folder, and double-click on the svchost.exe file.
    [Image: Double click  on svchost.exe]
    IF Malwarebytes Anti-Malware will not start, double-click on the other renamed files until you find one will work, which will be indicated by a black DOS/command prompt window.
  3. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you.
    Malwarebytes Chameleon press key
  4. Once it has done this, it will update Malwarebytes Anti-Malware, and you’ll need to click OK when it says that the database was updated successfully.
    Malwarebytes Chameleon updating its database
  5. Malwarebytes Anti-Malware will now attempt to kill all the malicious process associated with Security Shield.Please keep in mind that this process can take up to 10 minutes, so please be patient.
    Malwarebytes Chameleon killing malware
  6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan for Security Shield malicious files as shown below.
    [Image: Malwarebytes Anti-Malware scanning for Security Shield]
  7. Upon completion of the scan, click on Show Result
    [Image: Malwarebytes Anti-Malware scan results]
  8. You will now be presented with a screen showing you the malware infections that Malwarebytes Anti-Malware has detected.
    Make sure that everything is Checked (ticked),then click on the Remove Selected button.
    [Image:Malwarebytes removing virus]
  9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

STEP 2: Remove Security Shield rootkit with HitmanPro

In some cases,Security Shield will also install a rootkit on victims computer.To remove this rootkit we will use HitmanPro.

  1. Download HitmanPro from the below link,then double-click on it to start this program.
    HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro)
    IF you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
  2. HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
    HitmanPro scanner
    HitmanPro installation
  3. HitmanPro will start scanning your computer for Security Shield malicious files as seen in the image below.
    HitmanPro scan after
  4. Once the scan is complete,you’ll see a screen which will display all the infected files that this utility has detected, and you’ll need to click on Next to remove this malicious files.
    HitmanPro scan results
  5. Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer.
    HitmanPro 30 days activation button

STEP 3: Double check for any left over infections with Emsisoft Emergency Kit

  1. You can download Emsisoft Emergency Kit from the below link,then extract it to a folder in a convenient location.
    EMSISOFT EMERGENCY KIT DOWNLOAD LINK ((This link will open a new web page from where you can download Emsisoft Emergency Kit)
  2. Open the Emsisoft Emergency Kit folder and double click EmergencyKitScanner.bat, then allow this program to update itself.
    EmergencyKitScanner.bat file
  3. After the Emsisoft Emergency Kit has update has completed,click on the Menu tab,then select Scan PC.
    Emsisoft Emergency Kit scan tab
  4. Select Smart scan and click on the SCAN button to search for Security Shield malicious files.
    Emsisoft Emergency Kit smart scan
  5. When the scan will be completed,you will be presented with a screen reporting which malicious files has Emsisoft detected on your computer, and you’ll need to click on Quarantine selected objects to remove them.
    Emsisoft Emergency Kit removing malware

If you are still experiencing problems while trying to remove Security Shield from your machine, please start a new thread in our Malware Removal Assistance forum.

IT’S YOUR TURN TO HELP!

If we have managed to help you with your computer issues, then it's your duty to let other people know that this article will help them!
You can share this article on Facebook,Twitter or Google Plus by using the below buttons.

SUPPORT MALWARETIPS! (OPTIONAL)

All our malware removal guides and utilities are completely free!
We do not request any kind of payment for our services, however if you like to support us with our website costs, you can make a small donation. Any amount is appreciated, and will support our fight against malware.

ABOUT STELIAN PILICI

I am the creator and owner of MalwareTips.com.
My area of expertise includes malware removal and computer forensics. I'm active in the various online anti-malware communities where I do researches for new malware threats as they are released.
I live in Bucharest (Romania), where I run my own local computer repair shop.
I repair both hardware and other operating systems related issues, however most of my business is malware related problems.

You can follow me on Google+ and I will keep you up-to-date with the latest computer infections and malware threats.

  • Hersel

    The easiest way is to restart in safe mode and restore to a date prior to infection.

  • yumi

    I’m on the 5th step ” Killing known malicious processes …. ”
    it’s been 2 hours and it’s not done yet :c Should i continue waiting?

    • http://malwaretips.com/ Stelian Pilici

      Hello,
      This should not take more than 5-10 minutes… Please close ALL your programs (browser, docs), and try again to lauch Malwarebytes Chameleon.

      Stay safe!

  • nathan

    its works thanks dude

  • Beth McKinley

    I can’t thank you enough for this info!

  • Mick Dunn

    Thank you. This was very easy to follow & helped save me a lot of money. The Geek Squad wanted $200.00 just to remove the virus. Many thanks again!

  • MJ

    THANK YOU SO MUCH!!! YOU ARE THE MAN!!!!!! :))))

  • Julie

    Just wanted to give proper thanks to you for providing this comprehensive guide. Kudos.

  • Mike

    Hi Stelian,

    I can trace my first encounter with Security Shield back to September 2008! Yes, I paid them £16.77 for a virus, what a mug. Thankfully I used Paypal and so far have not suffered any problems with that. Nor have I had the problem with the popups and programs being stopped etc. But the round green logo sits in my system tray and occasionally tells me to do a ‘scan’.

    However, after the last ‘scan’, last week, which presumably updated the virus, it now takes an age to close my computer. When I went to look for a reason for this I was amazed by all the information about SS and its terrible effects. I had no idea even after four years.

    I’ve followed your instructions but Malwarebytes didn’t find the virus which presumably is a new one. I’ve also used RogueKiller but again no sign.

    By the way, many thanks for making the process so easy to follow.

  • Jonathan

    Hey,

    I followed all the directions correctly and for some odd reason, when I restarted my computer…it seemed to be working great (no more pop ups indicating there’s a virus). But Im still not able to run any programs and when I place the cursor over the start menu….the hourglass will appear and not disappear. Did I do something wrong?

    • Stelian Pilici

      Hello Jonathan,
      Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
      STEP 1 : Run a scan with Combofix
      Download ComboFix from here: COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)

      VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

      • Close any open browsers.
      • Very Important! Temporarily disable your anti-virusscript blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      1. Double click on ComboFix.exe & follow the prompts.
      2. Accept the disclaimer and allow to update if it asks
      3. When finished, it shall produce a log for you.

      Notes:

      1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
      2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
      3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

      STEP 2: Run a scan with ESET Online Scanner:

      1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
      3. Check Yes, I accept the Terms of Use
      4. Click the Start button.
      5. Check Scan archives
      6. Push the Start button.
      7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      8. When the scan completes, push Finish

      NEXT,please run a scan with HitmanPro and RogueKiller as seen on the guide.
      Waiting for your reply to tell me if your machine is ok and the logs.

  • Eric

    Hi! Tried all the sequences listed above, but still show the “security shield icon” (the rip off of the MS logo) in the lower right corner of all applications I download or have downloaded. It also shows on the device manager icon as well as a few others (parental controls, add hardware, security center). I take that to mean my comp is still infected, although it seems to be running fine (I can access the net without noticeable delay, no problem with any applications, etc).

    Is this common or have you seen it before? I’ve got the Kaslog.txt, the RKreport and the log.txt from combofix it those would help.

    • Stelian Pilici

      Hello Eric,
      If you have run Combofix recently,can you please post the log so that I can take a look at what’s going on.The Combofix log should be located in C:\Combofix.txt

      • Eric

        Hi Stelian,

        Thank you very much for this blog and you’re reply. As mentioned previously, it is the most complete blog regarding this issue that I have come across.

        • Stelian Pilici

          Hello Eric,
          Please go ahead and delete this folder: c:\programdata\pijhmfmfpdfocgy
          Your computer,seems to be malware free….can you please take a screenshot of the icon that you are seeing in the system tray…?
          Next,for your peace of mind, please run this two scans:
          STEP 1: Run a scan with Emsisoft Emergency Kit.

          1. Please download the latest official version of Emsisoft Emergency Kit.
            EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
          2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip and then double click on EmergencyKitScanner.bat
          3. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC“.
          4. Select “Smart scan” and click-on the below “SCAN” button.When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects‘ button.

          STEP 2: Run a scan with Eset Online Scanner.

          1. Download ESET Online Scanner utility.
            ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
          2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
          3. Check Yes, I accept the Terms of Use
          4. Click the Start button.
          5. Check Scan archives
          6. Push the Start button.
          7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
          8. When the scan completes, push Finish
          • Eric

            Hi Stelian -

            While I’m waiting for the Emsisoft download to complete and run, I’ve deleted the file and taken a screen shot of the icons that are appearing. Can you tell me how do I attach a screen shot jpg so you can see it? Thanks!

            When I’ve finished running the two programs, do you want a copy of the logs?

            Thanks again for your help!

            • Stelian Pilici

              Hello Eric,
              Yes,you can copy/paste the logs here…And I’ll take a look.
              As far as the image goes,you can use imgur.com to upload your image and then post the link here!

              • Eric

                Hi again!
                The imgur link is:
                You can see the icon in the lower right corner of the Add Hardware, Device Manager, ISCSI Initiator and Parental Controls icons. It also appears on every application down load that involves virus protection/scans (such as the ESET, Hitman and the Mini tool box applications) and it shows up next to the “Run as Administrator” command when I right click an application to run it from that command. I’m very glad to hear that the computer appears to be virus free, but there remains this level of uncertainty because of this “icon” showing up. Hopefully, it’s just generating an image and not really doing anything else – but it is sure disconcerting!

                I’m repeating myself, but thanks again for the time and effort you are putting into this, as well as the effort in the blog. If only Microsoft could take a page or two from your book!

                Here’s the Emisoft log:

                Emsisoft Emergency Kit – Version 2.0
                Last update: 10/10/2012 10:34:33 PM

                Scan settings:

                Scan type: Smart Scan
                Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\
                Scan archives: Off
                ADS Scan: On

                Scan start: 10/10/2012 10:34:57 PM

                Value: hkey_classes_root\arlnk –> url protocol detected: Trace.Registry.ares galaxy p2p plus!E1
                Value: hkey_local_machine\software\classes\arlnk –> url protocol detected: Trace.Registry.ares galaxy p2p plus!E1

                Scanned 619056
                Found 2

                Scan end: 10/10/2012 11:12:06 PM
                Scan time: 0:37:09

                Value: hkey_classes_root\arlnk –> url protocol Quarantined Trace.Registry.ares galaxy p2p plus!E1
                Value: hkey_local_machine\software\classes\arlnk –> url protocol Quarantined Trace.Registry.ares galaxy p2p plus!E1

                Quarantined 2

                Just finished the ESET scan and there were no viruses found. Confirms your findings, but still leaves the question about that shield icon.

                Thanks again, Stelian for all the help. If you have an idea on the icon, I’m all ears!

  • Angela

    Stelian, you totally rock!! I can’t thank you enough!

  • Andrew

    I’ve tried all of the steps with no luck :( Malwarebytes doesn’t recognize any virus on the computer and neither does Hitman.

    • Stelian Pilici

      Hello Andrew,
      Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:

      STEP 1 : Run a scan with Combofix

      Download ComboFix from one of the following locations:

      COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
      COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

      VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

      • Close any open browsers.
      • Very Important! Temporarily disable your anti-virusscript blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      1. Double click on ComboFix.exe & follow the prompts.
      2. Accept the disclaimer and allow to update if it asks
      3. When finished, it shall produce a log for you.

      Notes:

      1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
      2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
      3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

      STEP 2: Run a scan with ESET Online Scanner:

      1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
      3. Check Yes, I accept the Terms of Use
      4. Click the Start button.
      5. Check Scan archives
      6. Push the Start button.
      7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      8. When the scan completes, push Finish

      NEXT,please run a scan with HitmanPro and MBAM as seen on the guide.
      Waiting for your reply to tell me if your machine is ok and the logs.

      • Andrew

        actually i got it all sorted out. I made a process viewer figured out the process and where it was coming from then i deleted the file and my computer passed all checks. Thanks.

  • Law

    thank you for the guide. I successfully got rid of that malware shitty program. My mother downloaded something from some website and I just had to clean up the mess. Thank you again for your awesome job, Stelian.

  • sam

    thank you so much for this site. bravo!!!

  • richard

    I run McAff anti-virus. Is there any one type of security software that would have caught the Security Shield malware. McAfee let it through and it infected my wife’s laptop. She does visit a lot of websites and plays a lot of games. Thanks for your support. Richard

    • Stelian Pilici

      Hello,
      McAfee is not ‘our choice’ , mainly because it fails to prevent zero day malware……
      Below you can find some quick suggestions on what products you can use:
      Free – Avast Antivirus 7 Free version or COMODO Internet Security
      Paid : Norton Internet Security 2012,Avast Internet Security 7,G-DATA Internet Security 2012 or ESET Smart Security 5.
      Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layered security config: http://malwaretips.com/Forum-Security-Configuration-Wizard

      Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions:)

  • Amanda

    Hi,
    I’ve done all the steps in normal mode several times to ensure that everything has been removed, and all the scans come up clear except HitmanPro always comes up with a “Boot Configuration Data (BCD) allows loading of non-signed drivers” where the only option is to repair it but when I click “Next”, it always says “Repair failed” so I can’t get rid of it. Is it something I should be concerned about or can I just ignore it?
    Thanks for all you help!

    • Stelian Pilici

      Hello Amanda,
      We need to fix this issue….Can you please run a scan with Combofix,RogueKiller and ESET online scanner and post the logs here :

      STEP 1 : Run a scan with Combofix

      Download ComboFix from one of the following locations:

      COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
      COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

      VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

      • Close any open browsers.
      • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
        ———————————————————–

        • Very Important! Temporarily disable your anti-virusscript blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
        • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
          ———————————————————–
        • Close any open browsers.
        • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
        • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
        • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

        ———————————————————–

       

      1. Double click on ComboFix.exe & follow the prompts.
      2. Accept the disclaimer and allow to update if it asks
      3. When finished, it shall produce a log for you.

      Notes:

      1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
      2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
      3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

      STEP 2: Run a scan with RogueKiller

      1. Please download the latest official version of RogueKiller.
        RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
      2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
      3. After the scan has completed, press the Delete button to remove any malicious registry keys.
      4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

      STEP 3: Run a scan with ESET Online Scanner:

      1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
      3. Check Yes, I accept the Terms of Use
      4. Click the Start button.
      5. Check Scan archives
      6. Push the Start button.
      7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      8. When the scan completes, push Finish

      Next,please run HitmanPro and Malwarebytes as seen on the guide.
      Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

  • Barry

    Hi, I have the Security Shield virus and am trying to follow your steps. However at Step 3 when I select Safe Mode with networking in runs a few scripts and comes back to the same position ie the computer will not start up in safe mode. It does start if I select Start window normally. Thanks

    • Stelian Pilici

      Hello Barry,
      Lets work in Normal Mode.Please follow this steps:
      STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

      1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
      2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
      3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
      4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
      5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
      6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
      7. Upon completion of the scan, if anything has been detected, click on Show Result
      8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
      9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

      STEP 2: Run a scan with RogueKiller

      1. Please download the latest official version of RogueKiller.
        RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
      2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
      3. After the scan has completed, press the Delete button to remove any malicious registry keys.
      4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

      STEP 3 Please perform a scan with HitmanPro as seen on the guide.
      If you are having problems starting this program please use the ForceBreach mode as described in the guide.


      STEP 4: Run a scan with ESET Online Scanner:

      1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
      3. Check Yes, I accept the Terms of Use
      4. Click the Start button.
      5. Check Scan archives
      6. Push the Start button.
      7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      8. When the scan completes, push Finish

      Waiting for your reply to tell me how everything is running!
      Good luck…

  • Azngamer

    Thanks man it actually worked! Overall took several hours to successfully remove Security Shield, but well worth it! Great tutorial!

  • E

    Thanks so much for the help. Only took me about 3 hours yesterday to find your site and fix part of the problem. I’m doing the last couple steps this morning, but I was so thankful when I could actually use my computer last night. Every time I run maleware bytes it finds a infected file, so I downloaded hitman and running it now. Hoping between the two it will knock out all the infected files and my wonderful computer will be back to wonderful. Thanks again for taking the time to show people how to do this.

  • Manish Kumar

    Hi,

    When I was running step 3 for RKill then in withing a minute I have received a message stating that “Your Computer encountered a serious problem and need to be restarted, please save your work. It will restart in 1 minute” and there was no cancel button, so I could not stop it. But few seconds before restart I noticed that RKILL process was finished by giving a log text file on console. Then after auto reboot I checked the log file and found following :
    **************************Rkill.txt Starts ******************************
    Rkill 2.0.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/

    Please let me know if everything is fine on my computer and no need to worry.

    I can still see 3 unknown shortcuts on my desktop:
    1. Security Shield –> C:\Users\manish\AppData\Local\ybaomptquw.exe (file not exist)
    2. Uninstall Security Shield –> C:\Users\manish\AppData\Local\ybaomptquw.exe -delete (file does not exists)
    3. Security Shield Support –> http://onlinecscenter.com (I did not open this link).

    Please let me know what needs to do with these shortcuts?

    Many thanks in advance.

    • Stelian Pilici

      Hello Manish,
      You can delete those shorcuts…..
      Next,please run a scan with Combofix and ESET online scanner and post the logs here :

      STEP 1 : Run a scan with Combofix

      Download ComboFix from one of the following locations:

      COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
      COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

      VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

      • Close any open browsers.
      • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
        ———————————————————–

        • Very Important! Temporarily disable your anti-virusscript blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
        • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
          ———————————————————–
        • Close any open browsers.
        • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
        • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
        • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

        ———————————————————–

       

      1. Double click on ComboFix.exe & follow the prompts.
      2. Accept the disclaimer and allow to update if it asks
      3. When finished, it shall produce a log for you.

      Notes:

      1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
      2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
      3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

      STEP 2: Run a scan with ESET Online Scanner:

      1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
      3. Check Yes, I accept the Terms of Use
      4. Click the Start button.
      5. Check Scan archives
      6. Push the Start button.
      7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      8. When the scan completes, push Finish

      Next,please run HitmanPro and Malwarebytes as seen on the guide.
      Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

      • Manish Kumar

        Hello,

        I ran the programs as suggested and now all seems to be good. D & E Drives are having “$RECYCLE.BIN” folder. Can you please confirm if there is nothing to worry about this.

        You can see logs at below shared location:

        Many thanks for your help in this.

        • Stelian Pilici

          Logs look good.. If you don’t have any other problems then we can uninstall Combofix:
          Ok,now lets uninstall Combofix:

          1. Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
          2. In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK
          3. Follow the prompts on the screen
          4. A message should appear confirming that ComboFix was uninstall
          5. Delete the following folders: (If they exist)
            C:\ComboFix
            C:\Qoobox

          You should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard
          Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow this tips,then we’ll never meet again in this conditions.
          Stay safe!

          • Manish Kumar

            Removed the Combo-Fix successfully.

            Please let me know about the following folders:
            - D & E Drives are having “$RECYCLE.BIN” (Empty) folder.
            - D drive is having a empty folder “Recovery”

            Please let me why I am seeing these folders whereas these were not there before the virus.

            Please suggest. Waiting for your reply.

            Anyways, This is great it works very well I just wanted to say thank you for helping I was scared that my PC was done. I will tell everyone about this website. My ratings for you guys are 5stars.
            Thanks a lot again.

            • Stelian Pilici

              You can delete those files…. They were there before however,they were hidden… running the removal tools has unhide them…. :)

              • Manish Kumar

                Stelian,

                Thank you so much for writing this forum. These were the easiest instructions to follow even thought it took concentration and patience. As siad above that this is great it works very well I just wanted to say thank you for helping I was scared that my PC was done. I will tell everyone about this website. My ratings for you guys are 5stars.
                Thanks a lot again.

  • Carol

    I am a computer idiot, for me it’s like splitting an atom – thanks for the help. I had trouble after Step 3, my computer kept rebooting automatically but I was able to keep moving to the next step. I think it’s gone!

  • BK

    Words can not express my full appreciation to you for this detailed removal guide for the Security Shield virus…I must admit that I tried another information source first and had to give up because theirs wasn’t working as stated…while the removal process takes some serious time, your guide is very detailed and accurate…the removal proceeded as you described and I have subsequently retested my system to make certain that nothing was overlooked by me as I followed all of your steps. Thank you, BK

  • Anonymous

    Thank you so much for this in-depth guide. I cannot express to you how much of a relief it was to be able to fix this on my own. Everything here is very well organized and the steps occurred exactly as you described. Thanks again!

  • Kim

    Awesome step-by-step instructions, very clear and complete. Thanks!!

  • Tom

    I ran Malwarebytes but it didnt find any Malware, not sure what this means yet for my Secutity Shield issues.

    • Stelian Pilici

      Hello Tom,
      You most likely have a very new version of this virus,please perform the following steps:
      Step 1: Run a scan with RogueKiller

      1. Please download the latest official version of RogueKiller.
        [b]RogueKiller Download Link[/b] (This link will automatically download RogueKiller on your computer)
      2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
        [Image: roguekiller-1.png]
      3. After the scan has completed, press the Delete button to remove any malicious registry keys.
        [Image: roguekiller-2.png]
      4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
        [Image: roguekiller-1.png]

      The report has been created on the desktop.In your next reply please post:

      [b]All RKreport.txt [/b] text files located on your desktop.


      2.Run a scan with Kaspersky Virus Removal Tool
      Click here to download the Kaspersky Virus Removal Tool.

      1. Save it to your desktop.
      2. Double click the setup file to run it.
      3. Follow the onscreen prompts until it is installed
      4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
        • System Memory
        • Hidden startup objects
        • Disk boot sectors
        • Local Disk (C:)
        • Also any other drives (Removable that you may have)
      5. Then click on Actions on the left hand side
      6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
      7. Click on Automatic Scan
      8. Now click the Start Scanning button, to run the scan
      9. After the scan is complete, click the reports button (‘Paper icon’, next to the ‘cog’ icon) on the right hand side
      10. Click Detected threats on the left
      11. Now click the Save button, and save it as kaslog.txt to your Desktop
      12. Please copy and paste the contents of kaslog.txt in your next reply.

      3.Run a scan with Eset Online Scanner.

      1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
      2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
      3. Check Yes, I accept the Terms of Use
      4. Click the Start button.
      5. Check Scan archives
      6. Push the Start button.
      7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      8. When the scan completes, push Finish

      Next,please run a scan with HitmanPro and report back here to tell me how everything is working.

  • justin

    This seems to have worked great. Took a little while to go through but otherwise fixed a nasty problem! Thanks for the great step-by-step

  • Foyez Uddin

    Very helpful guide.

  • Mike

    Great help. Am advising all to download Rkill & Malwarebytes to keep handy. Unhide.exe is also a good file restorer for Houdini effects.

  • Dominic Naylor

    Does any one know or have an idea who made this piece of nasty software?

    I want track them down!

    Trying to get rid of this, has taken up a load of my time, and I’m going to have to wipe the drive and reinstall, is going to take up even more of my time.

    I would like to sue them, or if they live in some monkey state, just have them sorted out in some way.

    This Trojan is right out of order. Its completely messed up my machine. My system keeps automatically shutting down and restarting after being logged in for a min and a half.

  • Ram

    Excellent step-by-step guide.
    I was a bit skeptical about downloading and installing software. However, I did whatever was recommended and it worked.
    Thanks a ton, Stelian.

  • John

    when i tried downloading microsoft fix it, a sign popped up saying “the system adminstrator has set policies to prevent this installation”. What do I do?

  • Southernp

    thanks!

    • ishtiyaq

      Thanks