How to remove Security Shield and SecurityShield

Security Shield is a new fake (rogue) security software from the same family of malware as System Tool, Security Tool, etc. The program pretends to be a legitimate antivirus tool but, in reality, it hijacks browsers, blocks legitimate Windows applications, displays various fake security alerts and detects numerous false infections. SecurityShield will state that all you have to do in order to cure your computer is purchase the full version of the software. Important to note, Security Shield is unable to detect and remove any infections, so do not pay for the bogus software, simply ignore all that it will display you.

SecurityShield is distributed mostly through the use of trojans, infected websites and other malicious software. Moreover, cyber criminals also use various other misleading methods to distribute their bogus software, e.g. Twitter, Facebook and spam emails. Do not fall victim to the fake security software because it is nothing more but a scam. Remember that the rogue is a highly dangerous application and you need remove Security Shield as soon as possible. Please follow the removal guide below to remove this malware from your computer for free using legitimate antimalware software.

Immediately after launch, Security Shield will configure itself to run automatically when your computer loads. Next, this malware will perform a scan and report a lot of various infections that will not be fixed unless you first purchase the software. Important to know, all of these infections are a fake and do not actually exist on your computer. Thus do not trust the scan results, you should ignore them!

While Security Shield is running, it will block most legitimate Windows applications, so that when you will try to run an application, your computer will display a fake security warning that states:

Security Shield
{program} is infected with “Worm.Win32.Autorun.bnb”. Do you want to register your copy and remove all threats now?

SecurityShield will also display various fake security messages and warnings that inform that your PC in danger. It is just an attempt to make you think your computer is infected with all sorts of malicious software. Some of the alerts are:

Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with Security Shield

Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss.

However, like false scan results above, all of these security messages are just a fake and has been displayed to trick you into purchasing so-called full version of Security Shield. You should ignore all of them!

As you can see, SecurityShield wants to scare you into thinking your computer is infected with a malware as a method to trick you into purchasing its full version. Do not be fooled into buying it! Instead of doing so, follow the removal guidelines below in order to remove Security Shield and any associated malware from your computer for free.

Symptoms in a HijackThis Log

O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe

Automatic removal instructions for Security Shield

Step 1. Reboot your computer in Safe mode with networking

Restart your computer.

After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.

Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.

Windows Advanced Options menu

When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.

Step 2. Remove SecurityShield and any associated malware

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Security Shield infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Security Shield. MalwareBytes Anti-malware will now remove all of associated SecurityShield files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

Step 3. Reset HOSTS file

Security Shield will change the Windows system HOSTS file so you need reset this file with the default version for your operating system.

Please download OTM by OldTimer from here and save it to desktop. Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):

:Commands
[resethosts]

Click the red Moveit! button. Close OTM.

SecurityShield removal notes

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.

Security Shield creates the following files and folders

C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.

SecurityShield creates the following registry keys and values

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{RANDOM}