Remove Security Shield Virus (Uninstall Guide)

Security Shield is a rogue security software which will display fake security alerts,reporting that malware has been detected on your computer.This alerts are professional looking pop-ups and when you click on them, you are advised to buy Security Shield in order to remove the detected threats.
In reality, none of the reported issues are real, and are only used to scare you into buying Security Shield and stealing your personal financial information.
In addition,this malicious program is also causing browser redirects,system slowdowns and has hijacked your PC functions to block certain programs from running (eg: Task Manager,Registry Editor,Run command etc.).

If your computer is infected with Security Shield,then you are seeing this images:

We strongly advise you to follow our Security Shield removal guide and ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Registration codes for Security Shield
As an optional step,you can use the following license key to register Security Shield and stop the fake alerts.
64C665BE-4DE7-423B-A6B6-BC0172B25DF2
Please keep in mind that entering the above registration code will NOT remove Security Shield from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.

How to remove Security Shield (Uninstall Guide)

STEP 1: Remove Security Shield malicious files with Malwarebytes Anti-Malware

Malwarebytes Chameleon technologies will allow us to install and run a Malwarebytes Anti-Malware scan without being blocked by Security Shield.

Download Malwarebytes Chameleon from the below link, and extract it to a folder in a convenient location.
MALWAREBYTES CHAMELEON DOWNLOAD LINK (This link will open a new web page from where you can download Malwarebytes Chameleon)
Make certain that your infected computer is connected to the internet and then open the Malwarebytes Chameleon folder, and double-click on the svchost.exe file.

IF Malwarebytes Anti-Malware will not start, double-click on the other renamed files until you find one will work, which will be indicated by a black DOS/command prompt window.
Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you.
Once it has done this, it will update Malwarebytes Anti-Malware, and you’ll need to click OK when it says that the database was updated successfully.
Malwarebytes Anti-Malware will now attempt to kill all the malicious process associated with Security Shield.Please keep in mind that this process can take up to 10 minutes, so please be patient.
Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan for Security Shield malicious files as shown below.
Upon completion of the scan, click on Show Result
You will now be presented with a screen showing you the malware infections that Malwarebytes Anti-Malware has detected.
Make sure that everything is Checked (ticked),then click on the Remove Selected button.
After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

STEP 2: Remove Security Shield rootkit with HitmanPro

In some cases,Security Shield will also install a rootkit on victims computer.To remove this rootkit we will use HitmanPro.

Download HitmanPro from the below link,then double-click on it to start this program.
HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro)
IF you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
HitmanPro will start scanning your computer for Security Shield malicious files as seen in the image below.
Once the scan is complete,you’ll see a screen which will display all the infected files that this utility has detected, and you’ll need to click on Next to remove this malicious files.
Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer.

STEP 3: Double check for any left over infections with Emsisoft Emergency Kit

You can download Emsisoft Emergency Kit from the below link,then extract it to a folder in a convenient location.
EMSISOFT EMERGENCY KIT DOWNLOAD LINK ((This link will open a new web page from where you can download Emsisoft Emergency Kit)
Open the Emsisoft Emergency Kit folder and double click EmergencyKitScanner.bat, then allow this program to update itself.
After the Emsisoft Emergency Kit has update has completed,click on the Menu tab,then select Scan PC.
Select Smart scan and click on the SCAN button to search for Security Shield malicious files.
When the scan will be completed,you will be presented with a screen reporting which malicious files has Emsisoft detected on your computer, and you’ll need to click on Quarantine selected objects to remove them.

If you are still experiencing problems while trying to remove Security Shield from your machine, please start a new thread in our Malware Removal Assistance forum.

10 Rules to Avoid Online Scams

Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.

Stop and verify before you click, log in, download, or pay.

Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).

If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.

Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.

If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.

Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.

If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.

Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.

If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.

Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.

If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.

Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.

If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.

Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.

If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).

Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.

If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.

Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.

If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.

Move quickly. Speed matters for disputes, account recovery, and limiting damage.
- Stop payments and contact: do not send more money or respond to the scammer.
- Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
- Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
- Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
- Scan your device: remove suspicious apps or extensions, then run a full malware scan.
- Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
- Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.

These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.

55 thoughts on “Remove Security Shield virus (Uninstall Guide)”

Hersel

May 20, 2014 at 16:58

The easiest way is to restart in safe mode and restore to a date prior to infection.
yumi

October 6, 2013 at 13:44

I’m on the 5th step ” Killing known malicious processes …. ”
it’s been 2 hours and it’s not done yet :c Should i continue waiting?
- Stelian Pilici
  
  October 6, 2013 at 13:47
  
  Hello,
  This should not take more than 5-10 minutes… Please close ALL your programs (browser, docs), and try again to lauch Malwarebytes Chameleon.
  
  Stay safe!
nathan

October 6, 2013 at 07:24

its works thanks dude
Beth McKinley

December 6, 2012 at 19:27

I can’t thank you enough for this info!
Mick Dunn

November 14, 2012 at 22:26

Thank you. This was very easy to follow & helped save me a lot of money. The Geek Squad wanted $200.00 just to remove the virus. Many thanks again!
MJ

November 10, 2012 at 02:26

THANK YOU SO MUCH!!! YOU ARE THE MAN!!!!!! :))))
Julie

November 9, 2012 at 04:51

Just wanted to give proper thanks to you for providing this comprehensive guide. Kudos.
Mike

October 18, 2012 at 09:40

Hi Stelian,

I can trace my first encounter with Security Shield back to September 2008! Yes, I paid them £16.77 for a virus, what a mug. Thankfully I used Paypal and so far have not suffered any problems with that. Nor have I had the problem with the popups and programs being stopped etc. But the round green logo sits in my system tray and occasionally tells me to do a ‘scan’.

However, after the last ‘scan’, last week, which presumably updated the virus, it now takes an age to close my computer. When I went to look for a reason for this I was amazed by all the information about SS and its terrible effects. I had no idea even after four years.

I’ve followed your instructions but Malwarebytes didn’t find the virus which presumably is a new one. I’ve also used RogueKiller but again no sign.

By the way, many thanks for making the process so easy to follow.
Jonathan

October 15, 2012 at 15:59

Hey,

I followed all the directions correctly and for some odd reason, when I restarted my computer…it seemed to be working great (no more pop ups indicating there’s a virus). But Im still not able to run any programs and when I place the cursor over the start menu….the hourglass will appear and not disappear. Did I do something wrong?
- Stelian Pilici
  
  October 16, 2012 at 08:05
  Hello Jonathan,
  Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
  STEP 1 : Run a scan with Combofix
  Download ComboFix from here: COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
  
  VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
  - Close any open browsers.
  - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
  - WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  - If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  1. Double click on ComboFix.exe & follow the prompts.
  2. Accept the disclaimer and allow to update if it asks
  3. When finished, it shall produce a log for you.
  Notes:
  STEP 2: Run a scan with ESET Online Scanner:
  1. Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
  2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
  3. Check Yes, I accept the Terms of Use
  4. Click the Start button.
  5. Check Scan archives
  6. Push the Start button.
  7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  8. When the scan completes, push Finish
  NEXT,please run a scan with HitmanPro and RogueKiller as seen on the guide.
  Waiting for your reply to tell me if your machine is ok and the logs.
Eric

October 7, 2012 at 13:47

Hi! Tried all the sequences listed above, but still show the “security shield icon” (the rip off of the MS logo) in the lower right corner of all applications I download or have downloaded. It also shows on the device manager icon as well as a few others (parental controls, add hardware, security center). I take that to mean my comp is still infected, although it seems to be running fine (I can access the net without noticeable delay, no problem with any applications, etc).

Is this common or have you seen it before? I’ve got the Kaslog.txt, the RKreport and the log.txt from combofix it those would help.
- Stelian Pilici
  
  October 8, 2012 at 04:38
  
  Hello Eric,
  If you have run Combofix recently,can you please post the log so that I can take a look at what’s going on.The Combofix log should be located in C:\Combofix.txt
  - Eric
    
    October 9, 2012 at 03:20
    
    Hi Stelian,
    
    Thank you very much for this blog and you’re reply. As mentioned previously, it is the most complete blog regarding this issue that I have come across.
  - Stelian Pilici
    
    October 10, 2012 at 04:34
    Hello Eric,
    Please go ahead and delete this folder: c:\programdata\pijhmfmfpdfocgy
    Your computer,seems to be malware free….can you please take a screenshot of the icon that you are seeing in the system tray…?
    Next,for your peace of mind, please run this two scans:
    STEP 1: Run a scan with Emsisoft Emergency Kit.
    
    Please download the latest official version of Emsisoft Emergency Kit.
    EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
    
    After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip and then double click on EmergencyKitScanner.bat
    
    A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC“.
    
    Select “Smart scan” and click-on the below “SCAN” button.When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects‘ button.
    
    STEP 2: Run a scan with Eset Online Scanner.
    
    Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    
    Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    
    Check Yes, I accept the Terms of Use
    
    Click the Start button.
    
    Check Scan archives
    
    Push the Start button.
    
    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    
    When the scan completes, push Finish
  - Eric
    
    October 11, 2012 at 03:31
    
    Hi Stelian –
    
    While I’m waiting for the Emsisoft download to complete and run, I’ve deleted the file and taken a screen shot of the icons that are appearing. Can you tell me how do I attach a screen shot jpg so you can see it? Thanks!
    
    When I’ve finished running the two programs, do you want a copy of the logs?
    
    Thanks again for your help!
  - Stelian Pilici
    
    October 11, 2012 at 04:10
    
    Hello Eric,
    Yes,you can copy/paste the logs here…And I’ll take a look.
    As far as the image goes,you can use imgur.com to upload your image and then post the link here!
  - Eric
    
    October 11, 2012 at 16:05
    
    Hi again!
    The imgur link is:
    You can see the icon in the lower right corner of the Add Hardware, Device Manager, ISCSI Initiator and Parental Controls icons. It also appears on every application down load that involves virus protection/scans (such as the ESET, Hitman and the Mini tool box applications) and it shows up next to the “Run as Administrator” command when I right click an application to run it from that command. I’m very glad to hear that the computer appears to be virus free, but there remains this level of uncertainty because of this “icon” showing up. Hopefully, it’s just generating an image and not really doing anything else – but it is sure disconcerting!
    
    I’m repeating myself, but thanks again for the time and effort you are putting into this, as well as the effort in the blog. If only Microsoft could take a page or two from your book!
    
    Here’s the Emisoft log:
    
    Emsisoft Emergency Kit – Version 2.0
    Last update: 10/10/2012 10:34:33 PM
    
    Scan settings:
    
    Scan type: Smart Scan
    Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\
    Scan archives: Off
    ADS Scan: On
    
    Scan start: 10/10/2012 10:34:57 PM
    
    Value: hkey_classes_root\arlnk –> url protocol detected: Trace.Registry.ares galaxy p2p plus!E1
    Value: hkey_local_machine\software\classes\arlnk –> url protocol detected: Trace.Registry.ares galaxy p2p plus!E1
    
    Scanned 619056
    Found 2
    
    Scan end: 10/10/2012 11:12:06 PM
    Scan time: 0:37:09
    
    Value: hkey_classes_root\arlnk –> url protocol Quarantined Trace.Registry.ares galaxy p2p plus!E1
    Value: hkey_local_machine\software\classes\arlnk –> url protocol Quarantined Trace.Registry.ares galaxy p2p plus!E1
    
    Quarantined 2
    
    Just finished the ESET scan and there were no viruses found. Confirms your findings, but still leaves the question about that shield icon.
    
    Thanks again, Stelian for all the help. If you have an idea on the icon, I’m all ears!
  - Stelian Pilici
    
    October 11, 2012 at 16:10
    
    Hello Eric,
    That’s nothing to worry about,it’s basically a Window features called User Account Control , and its meat to better protect you.
    If you find it annoying,you can follow this guide: http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off , and disable it.
    Stay safe!
Angela

September 15, 2012 at 13:35

Stelian, you totally rock!! I can’t thank you enough!
Andrew

September 15, 2012 at 00:05

I’ve tried all of the steps with no luck :( Malwarebytes doesn’t recognize any virus on the computer and neither does Hitman.
- Stelian Pilici
  
  September 15, 2012 at 03:27
  Hello Andrew,
  Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
  
  STEP 1 : Run a scan with Combofix
  
  Download ComboFix from one of the following locations:
  
  COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
  COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
  
  VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
  - Close any open browsers.
  - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
  - WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  - If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  1. Double click on ComboFix.exe & follow the prompts.
  2. Accept the disclaimer and allow to update if it asks
  3. When finished, it shall produce a log for you.
  Notes:
  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.
  STEP 2: Run a scan with ESET Online Scanner:
  1. Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
  2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
  3. Check Yes, I accept the Terms of Use
  4. Click the Start button.
  5. Check Scan archives
  6. Push the Start button.
  7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  8. When the scan completes, push Finish
  NEXT,please run a scan with HitmanPro and MBAM as seen on the guide.
  Waiting for your reply to tell me if your machine is ok and the logs.
  - Andrew
    
    September 16, 2012 at 01:12
    
    actually i got it all sorted out. I made a process viewer figured out the process and where it was coming from then i deleted the file and my computer passed all checks. Thanks.