Remove Security Shield Virus (Uninstall Guide)

Security Shield is a rogue security software which will display fake security alerts,reporting that malware has been detected on your computer.This alerts are professional looking pop-ups and when you click on them, you are advised to buy Security Shield in order to remove the detected threats.
In reality, none of the reported issues are real, and are only used to scare you into buying Security Shield and stealing your personal financial information.
In addition,this malicious program is also causing browser redirects,system slowdowns and has hijacked your PC functions to block certain programs from running (eg: Task Manager,Registry Editor,Run command etc.).

If your computer is infected with Security Shield,then you are seeing this images:

We strongly advise you to follow our Security Shield removal guide and ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Registration codes for Security Shield
As an optional step,you can use the following license key to register Security Shield and stop the fake alerts.
64C665BE-4DE7-423B-A6B6-BC0172B25DF2
Please keep in mind that entering the above registration code will NOT remove Security Shield from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.

How to remove Security Shield (Uninstall Guide)

STEP 1: Remove Security Shield malicious files with Malwarebytes Anti-Malware

Malwarebytes Chameleon technologies will allow us to install and run a Malwarebytes Anti-Malware scan without being blocked by Security Shield.

Download Malwarebytes Chameleon from the below link, and extract it to a folder in a convenient location.
MALWAREBYTES CHAMELEON DOWNLOAD LINK (This link will open a new web page from where you can download Malwarebytes Chameleon)
Make certain that your infected computer is connected to the internet and then open the Malwarebytes Chameleon folder, and double-click on the svchost.exe file.

IF Malwarebytes Anti-Malware will not start, double-click on the other renamed files until you find one will work, which will be indicated by a black DOS/command prompt window.
Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you.
Once it has done this, it will update Malwarebytes Anti-Malware, and you’ll need to click OK when it says that the database was updated successfully.
Malwarebytes Anti-Malware will now attempt to kill all the malicious process associated with Security Shield.Please keep in mind that this process can take up to 10 minutes, so please be patient.
Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan for Security Shield malicious files as shown below.
Upon completion of the scan, click on Show Result
You will now be presented with a screen showing you the malware infections that Malwarebytes Anti-Malware has detected.
Make sure that everything is Checked (ticked),then click on the Remove Selected button.
After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

STEP 2: Remove Security Shield rootkit with HitmanPro

In some cases,Security Shield will also install a rootkit on victims computer.To remove this rootkit we will use HitmanPro.

Download HitmanPro from the below link,then double-click on it to start this program.
HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro)
IF you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
HitmanPro will start scanning your computer for Security Shield malicious files as seen in the image below.
Once the scan is complete,you’ll see a screen which will display all the infected files that this utility has detected, and you’ll need to click on Next to remove this malicious files.
Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer.

STEP 3: Double check for any left over infections with Emsisoft Emergency Kit

You can download Emsisoft Emergency Kit from the below link,then extract it to a folder in a convenient location.
EMSISOFT EMERGENCY KIT DOWNLOAD LINK ((This link will open a new web page from where you can download Emsisoft Emergency Kit)
Open the Emsisoft Emergency Kit folder and double click EmergencyKitScanner.bat, then allow this program to update itself.
After the Emsisoft Emergency Kit has update has completed,click on the Menu tab,then select Scan PC.
Select Smart scan and click on the SCAN button to search for Security Shield malicious files.
When the scan will be completed,you will be presented with a screen reporting which malicious files has Emsisoft detected on your computer, and you’ll need to click on Quarantine selected objects to remove them.

If you are still experiencing problems while trying to remove Security Shield from your machine, please start a new thread in our Malware Removal Assistance forum.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

Use a good antivirus and keep it up-to-date.

It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.

Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.

Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."
Install an ad blocker.

Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.

A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.

Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.
Back up your data.

Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.

Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.

Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don't use pirated software.

Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

55 thoughts on “Remove Security Shield virus (Uninstall Guide)”

Hersel

May 20, 2014 at 16:58

The easiest way is to restart in safe mode and restore to a date prior to infection.
Stelian Pilici

October 6, 2013 at 13:47

Hello,
This should not take more than 5-10 minutes… Please close ALL your programs (browser, docs), and try again to lauch Malwarebytes Chameleon.

Stay safe!
yumi

October 6, 2013 at 13:44

I’m on the 5th step ” Killing known malicious processes …. ”
it’s been 2 hours and it’s not done yet :c Should i continue waiting?
nathan

October 6, 2013 at 07:24

its works thanks dude
Beth McKinley

December 6, 2012 at 19:27

I can’t thank you enough for this info!
Mick Dunn

November 14, 2012 at 22:26

Thank you. This was very easy to follow & helped save me a lot of money. The Geek Squad wanted $200.00 just to remove the virus. Many thanks again!
MJ

November 10, 2012 at 02:26

THANK YOU SO MUCH!!! YOU ARE THE MAN!!!!!! :))))
Julie

November 9, 2012 at 04:51

Just wanted to give proper thanks to you for providing this comprehensive guide. Kudos.
Mike

October 18, 2012 at 09:40

Hi Stelian,

I can trace my first encounter with Security Shield back to September 2008! Yes, I paid them £16.77 for a virus, what a mug. Thankfully I used Paypal and so far have not suffered any problems with that. Nor have I had the problem with the popups and programs being stopped etc. But the round green logo sits in my system tray and occasionally tells me to do a ‘scan’.

However, after the last ‘scan’, last week, which presumably updated the virus, it now takes an age to close my computer. When I went to look for a reason for this I was amazed by all the information about SS and its terrible effects. I had no idea even after four years.

I’ve followed your instructions but Malwarebytes didn’t find the virus which presumably is a new one. I’ve also used RogueKiller but again no sign.

By the way, many thanks for making the process so easy to follow.
Stelian Pilici

October 16, 2012 at 08:05
Hello Jonathan,
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
STEP 1 : Run a scan with Combofix
Download ComboFix from here: COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)

VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
3. When finished, it shall produce a log for you.
Notes:
STEP 2: Run a scan with ESET Online Scanner:
1. Download ESET Online Scanner utility.
  ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Check Scan archives
6. Push the Start button.
7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8. When the scan completes, push Finish
NEXT,please run a scan with HitmanPro and RogueKiller as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs.
Jonathan

October 15, 2012 at 15:59

Hey,

I followed all the directions correctly and for some odd reason, when I restarted my computer…it seemed to be working great (no more pop ups indicating there’s a virus). But Im still not able to run any programs and when I place the cursor over the start menu….the hourglass will appear and not disappear. Did I do something wrong?
Stelian Pilici

October 11, 2012 at 16:10

Hello Eric,
That’s nothing to worry about,it’s basically a Window features called User Account Control , and its meat to better protect you.
If you find it annoying,you can follow this guide: http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off , and disable it.
Stay safe!
Eric

October 11, 2012 at 16:05

Hi again!
The imgur link is:
You can see the icon in the lower right corner of the Add Hardware, Device Manager, ISCSI Initiator and Parental Controls icons. It also appears on every application down load that involves virus protection/scans (such as the ESET, Hitman and the Mini tool box applications) and it shows up next to the “Run as Administrator” command when I right click an application to run it from that command. I’m very glad to hear that the computer appears to be virus free, but there remains this level of uncertainty because of this “icon” showing up. Hopefully, it’s just generating an image and not really doing anything else – but it is sure disconcerting!

I’m repeating myself, but thanks again for the time and effort you are putting into this, as well as the effort in the blog. If only Microsoft could take a page or two from your book!

Here’s the Emisoft log:

Emsisoft Emergency Kit – Version 2.0
Last update: 10/10/2012 10:34:33 PM

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\
Scan archives: Off
ADS Scan: On

Scan start: 10/10/2012 10:34:57 PM

Value: hkey_classes_root\arlnk –> url protocol detected: Trace.Registry.ares galaxy p2p plus!E1
Value: hkey_local_machine\software\classes\arlnk –> url protocol detected: Trace.Registry.ares galaxy p2p plus!E1

Scanned 619056
Found 2

Scan end: 10/10/2012 11:12:06 PM
Scan time: 0:37:09

Value: hkey_classes_root\arlnk –> url protocol Quarantined Trace.Registry.ares galaxy p2p plus!E1
Value: hkey_local_machine\software\classes\arlnk –> url protocol Quarantined Trace.Registry.ares galaxy p2p plus!E1

Quarantined 2

Just finished the ESET scan and there were no viruses found. Confirms your findings, but still leaves the question about that shield icon.

Thanks again, Stelian for all the help. If you have an idea on the icon, I’m all ears!
Stelian Pilici

October 11, 2012 at 04:10

Hello Eric,
Yes,you can copy/paste the logs here…And I’ll take a look.
As far as the image goes,you can use imgur.com to upload your image and then post the link here!
Eric

October 11, 2012 at 03:31

Hi Stelian –

While I’m waiting for the Emsisoft download to complete and run, I’ve deleted the file and taken a screen shot of the icons that are appearing. Can you tell me how do I attach a screen shot jpg so you can see it? Thanks!

When I’ve finished running the two programs, do you want a copy of the logs?

Thanks again for your help!
Stelian Pilici

October 10, 2012 at 04:34
Hello Eric,
Please go ahead and delete this folder: c:\programdata\pijhmfmfpdfocgy
Your computer,seems to be malware free….can you please take a screenshot of the icon that you are seeing in the system tray…?
Next,for your peace of mind, please run this two scans:
STEP 1: Run a scan with Emsisoft Emergency Kit.
1. Please download the latest official version of Emsisoft Emergency Kit.
  EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip and then double click on EmergencyKitScanner.bat
3. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC“.
4. Select “Smart scan” and click-on the below “SCAN” button.When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects‘ button.
STEP 2: Run a scan with Eset Online Scanner.
1. Download ESET Online Scanner utility.
  ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Check Scan archives
6. Push the Start button.
7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8. When the scan completes, push Finish
Eric

October 9, 2012 at 03:20

Hi Stelian,

Thank you very much for this blog and you’re reply. As mentioned previously, it is the most complete blog regarding this issue that I have come across.
Stelian Pilici

October 8, 2012 at 04:38

Hello Eric,
If you have run Combofix recently,can you please post the log so that I can take a look at what’s going on.The Combofix log should be located in C:\Combofix.txt
Eric

October 7, 2012 at 13:47

Hi! Tried all the sequences listed above, but still show the “security shield icon” (the rip off of the MS logo) in the lower right corner of all applications I download or have downloaded. It also shows on the device manager icon as well as a few others (parental controls, add hardware, security center). I take that to mean my comp is still infected, although it seems to be running fine (I can access the net without noticeable delay, no problem with any applications, etc).

Is this common or have you seen it before? I’ve got the Kaslog.txt, the RKreport and the log.txt from combofix it those would help.
Andrew

September 16, 2012 at 01:12

actually i got it all sorted out. I made a process viewer figured out the process and where it was coming from then i deleted the file and my computer passed all checks. Thanks.
Angela

September 15, 2012 at 13:35

Stelian, you totally rock!! I can’t thank you enough!
Stelian Pilici

September 15, 2012 at 03:27
Hello Andrew,
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:

STEP 1 : Run a scan with Combofix

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)

VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
3. When finished, it shall produce a log for you.
Notes:
1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.
STEP 2: Run a scan with ESET Online Scanner:
1. Download ESET Online Scanner utility.
  ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Check Scan archives
6. Push the Start button.
7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8. When the scan completes, push Finish
NEXT,please run a scan with HitmanPro and MBAM as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs.
Andrew

September 15, 2012 at 00:05

I’ve tried all of the steps with no luck :( Malwarebytes doesn’t recognize any virus on the computer and neither does Hitman.
Law

September 11, 2012 at 11:43

thank you for the guide. I successfully got rid of that malware shitty program. My mother downloaded something from some website and I just had to clean up the mess. Thank you again for your awesome job, Stelian.
sam

September 8, 2012 at 18:33

thank you so much for this site. bravo!!!
Stelian Pilici

August 28, 2012 at 20:15

Hello,
McAfee is not ‘our choice’ , mainly because it fails to prevent zero day malware……
Below you can find some quick suggestions on what products you can use:
Free – Avast Antivirus 7 Free version or COMODO Internet Security
Paid : Norton Internet Security 2012,Avast Internet Security 7,G-DATA Internet Security 2012 or ESET Smart Security 5.
Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layered security config: http://malwaretips.com/Forum-Security-Configuration-Wizard

Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions:)
richard

August 28, 2012 at 17:14

I run McAff anti-virus. Is there any one type of security software that would have caught the Security Shield malware. McAfee let it through and it infected my wife’s laptop. She does visit a lot of websites and plays a lot of games. Thanks for your support. Richard
Stelian Pilici

August 20, 2012 at 03:18
Hello Amanda,
We need to fix this issue….Can you please run a scan with Combofix,RogueKiller and ESET online scanner and post the logs here :

STEP 1 : Run a scan with Combofix

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)

VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  ———————————————————–
  - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
  - Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
    ———————————————————–
  - Close any open browsers.
  - WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  - If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  ———————————————————–
1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
3. When finished, it shall produce a log for you.
Notes:
1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.
STEP 2: Run a scan with RogueKiller
1. Please download the latest official version of RogueKiller.
  RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
3. After the scan has completed, press the Delete button to remove any malicious registry keys.
4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
STEP 3: Run a scan with ESET Online Scanner:
1. Download ESET Online Scanner utility.
  ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Check Scan archives
6. Push the Start button.
7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8. When the scan completes, push Finish
Next,please run HitmanPro and Malwarebytes as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Amanda

August 19, 2012 at 21:21

Hi,
I’ve done all the steps in normal mode several times to ensure that everything has been removed, and all the scans come up clear except HitmanPro always comes up with a “Boot Configuration Data (BCD) allows loading of non-signed drivers” where the only option is to repair it but when I click “Next”, it always says “Repair failed” so I can’t get rid of it. Is it something I should be concerned about or can I just ignore it?
Thanks for all you help!
Stelian Pilici

August 18, 2012 at 03:55
Hello Barry,
Lets work in Normal Mode.Please follow this steps:
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
7. Upon completion of the scan, if anything has been detected, click on Show Result
8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats
STEP 2: Run a scan with RogueKiller
1. Please download the latest official version of RogueKiller.
  RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
3. After the scan has completed, press the Delete button to remove any malicious registry keys.
4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.

STEP 4: Run a scan with ESET Online Scanner:
1. Download ESET Online Scanner utility.
  ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Check Scan archives
6. Push the Start button.
7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8. When the scan completes, push Finish
Waiting for your reply to tell me how everything is running!
Good luck…
Barry

August 18, 2012 at 03:04

Hi, I have the Security Shield virus and am trying to follow your steps. However at Step 3 when I select Safe Mode with networking in runs a few scripts and comes back to the same position ie the computer will not start up in safe mode. It does start if I select Start window normally. Thanks
Manish Kumar

August 17, 2012 at 17:16

Stelian,

Thank you so much for writing this forum. These were the easiest instructions to follow even thought it took concentration and patience. As siad above that this is great it works very well I just wanted to say thank you for helping I was scared that my PC was done. I will tell everyone about this website. My ratings for you guys are 5stars.
Thanks a lot again.
Stelian Pilici

August 17, 2012 at 04:54

You can delete those files…. They were there before however,they were hidden… running the removal tools has unhide them…. :)
Manish Kumar

August 17, 2012 at 02:20

Removed the Combo-Fix successfully.

Please let me know about the following folders:
– D & E Drives are having “$RECYCLE.BIN” (Empty) folder.
– D drive is having a empty folder “Recovery”

Please let me why I am seeing these folders whereas these were not there before the virus.

Please suggest. Waiting for your reply.

Anyways, This is great it works very well I just wanted to say thank you for helping I was scared that my PC was done. I will tell everyone about this website. My ratings for you guys are 5stars.
Thanks a lot again.
Azngamer

August 16, 2012 at 11:12

Thanks man it actually worked! Overall took several hours to successfully remove Security Shield, but well worth it! Great tutorial!
E

August 16, 2012 at 10:48

Thanks so much for the help. Only took me about 3 hours yesterday to find your site and fix part of the problem. I’m doing the last couple steps this morning, but I was so thankful when I could actually use my computer last night. Every time I run maleware bytes it finds a infected file, so I downloaded hitman and running it now. Hoping between the two it will knock out all the infected files and my wonderful computer will be back to wonderful. Thanks again for taking the time to show people how to do this.
Stelian Pilici

August 16, 2012 at 09:08
Logs look good.. If you don’t have any other problems then we can uninstall Combofix:
Ok,now lets uninstall Combofix:
1. Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
2. In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK
3. Follow the prompts on the screen
4. A message should appear confirming that ComboFix was uninstall
You should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard
Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow this tips,then we’ll never meet again in this conditions.
Stay safe!
Manish Kumar

August 16, 2012 at 04:59

Hello,

I ran the programs as suggested and now all seems to be good. D & E Drives are having “$RECYCLE.BIN” folder. Can you please confirm if there is nothing to worry about this.

You can see logs at below shared location:

Many thanks for your help in this.
Stelian Pilici

August 14, 2012 at 14:54
Hello Manish,
You can delete those shorcuts…..
Next,please run a scan with Combofix and ESET online scanner and post the logs here :

STEP 1 : Run a scan with Combofix

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)

VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  ———————————————————–
  - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
  - Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
    ———————————————————–
  - Close any open browsers.
  - WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  - If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  ———————————————————–
1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
3. When finished, it shall produce a log for you.
Notes:
1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.
STEP 2: Run a scan with ESET Online Scanner:
1. Download ESET Online Scanner utility.
  ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Check Scan archives
6. Push the Start button.
7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8. When the scan completes, push Finish
Next,please run HitmanPro and Malwarebytes as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Manish Kumar

August 14, 2012 at 14:42

Hi,

When I was running step 3 for RKill then in withing a minute I have received a message stating that “Your Computer encountered a serious problem and need to be restarted, please save your work. It will restart in 1 minute” and there was no cancel button, so I could not stop it. But few seconds before restart I noticed that RKILL process was finished by giving a log text file on console. Then after auto reboot I checked the log file and found following :
**************************Rkill.txt Starts ******************************
Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/

Please let me know if everything is fine on my computer and no need to worry.

I can still see 3 unknown shortcuts on my desktop:
1. Security Shield –> C:\Users\manish\AppData\Local\ybaomptquw.exe (file not exist)
2. Uninstall Security Shield –> C:\Users\manish\AppData\Local\ybaomptquw.exe -delete (file does not exists)
3. Security Shield Support –> http://onlinecscenter.com (I did not open this link).

Please let me know what needs to do with these shortcuts?

Many thanks in advance.
Carol

August 14, 2012 at 12:48

I am a computer idiot, for me it’s like splitting an atom – thanks for the help. I had trouble after Step 3, my computer kept rebooting automatically but I was able to keep moving to the next step. I think it’s gone!
BK

August 14, 2012 at 02:38

Words can not express my full appreciation to you for this detailed removal guide for the Security Shield virus…I must admit that I tried another information source first and had to give up because theirs wasn’t working as stated…while the removal process takes some serious time, your guide is very detailed and accurate…the removal proceeded as you described and I have subsequently retested my system to make certain that nothing was overlooked by me as I followed all of your steps. Thank you, BK
Anonymous

August 13, 2012 at 03:51

Thank you so much for this in-depth guide. I cannot express to you how much of a relief it was to be able to fix this on my own. Everything here is very well organized and the steps occurred exactly as you described. Thanks again!
Kim

August 12, 2012 at 23:21

Awesome step-by-step instructions, very clear and complete. Thanks!!
Stelian Pilici

August 12, 2012 at 07:30
Hello Tom,
You most likely have a very new version of this virus,please perform the following steps:
Step 1: Run a scan with RogueKiller
1. Please download the latest official version of RogueKiller.
  [b]RogueKiller Download Link[/b] (This link will automatically download RogueKiller on your computer)
2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
3. After the scan has completed, press the Delete button to remove any malicious registry keys.
4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
The report has been created on the desktop.In your next reply please post:

[b]All RKreport.txt [/b] text files located on your desktop.

2.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
1. Save it to your desktop.
2. Double click the setup file to run it.
3. Follow the onscreen prompts until it is installed
4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
  - System Memory
  - Hidden startup objects
  - Disk boot sectors
  - Local Disk (C:)
  - Also any other drives (Removable that you may have)
5. Then click on Actions on the left hand side
6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
7. Click on Automatic Scan
8. Now click the Start Scanning button, to run the scan
9. After the scan is complete, click the reports button (‘Paper icon’, next to the ‘cog’ icon) on the right hand side
10. Click Detected threats on the left
11. Now click the Save button, and save it as kaslog.txt to your Desktop
12. Please copy and paste the contents of kaslog.txt in your next reply.
3.Run a scan with Eset Online Scanner.
1. Download ESET Online Scanner utility.
  ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Check Scan archives
6. Push the Start button.
7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8. When the scan completes, push Finish
Next,please run a scan with HitmanPro and report back here to tell me how everything is working.
Tom

August 11, 2012 at 20:31

I ran Malwarebytes but it didnt find any Malware, not sure what this means yet for my Secutity Shield issues.
justin

August 11, 2012 at 14:19

This seems to have worked great. Took a little while to go through but otherwise fixed a nasty problem! Thanks for the great step-by-step
Foyez Uddin

August 8, 2012 at 02:07

Very helpful guide.
Mike

July 24, 2012 at 04:18

Great help. Am advising all to download Rkill & Malwarebytes to keep handy. Unhide.exe is also a good file restorer for Houdini effects.
Dominic Naylor

July 24, 2012 at 01:41

Does any one know or have an idea who made this piece of nasty software?

I want track them down!

Trying to get rid of this, has taken up a load of my time, and I’m going to have to wipe the drive and reinstall, is going to take up even more of my time.

I would like to sue them, or if they live in some monkey state, just have them sorted out in some way.

This Trojan is right out of order. Its completely messed up my machine. My system keeps automatically shutting down and restarting after being logged in for a min and a half.
ishtiyaq

July 23, 2012 at 05:02

Thanks
Ram

July 20, 2012 at 20:52

Excellent step-by-step guide.
I was a bit skeptical about downloading and installing software. However, I did whatever was recommended and it worked.
Thanks a ton, Stelian.
Stelian Pilici

June 28, 2012 at 02:54

Download this utility : http://www.tweaking.com/content/page/repair_hosts_file.html : and run it instead those 2 files in step 6. :)
John

June 27, 2012 at 20:39

when i tried downloading microsoft fix it, a sign popped up saying “the system adminstrator has set policies to prevent this installation”. What do I do?
Southernp

June 25, 2012 at 05:43

thanks!