• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

How to remove Security Shield and SecurityShield

Myantispyware team December 12, 2010    

Security Shield is a new fake (rogue) security software from the same family of malware as System Tool, Security Tool, etc. The program pretends to be a legitimate antivirus tool but, in reality, it hijacks browsers, blocks legitimate Windows applications, displays various fake security alerts and detects numerous false infections. SecurityShield will state that all you have to do in order to cure your computer is purchase the full version of the software. Important to note, Security Shield is unable to detect and remove any infections, so do not pay for the bogus software, simply ignore all that it will display you.

SecurityShield is distributed mostly through the use of trojans, infected websites and other malicious software. Moreover, cyber criminals also use various other misleading methods to distribute their bogus software, e.g. Twitter, Facebook and spam emails. Do not fall victim to the fake security software because it is nothing more but a scam. Remember that the rogue is a highly dangerous application and you need remove Security Shield as soon as possible. Please follow the removal guide below to remove this malware from your computer for free using legitimate antimalware software.

Immediately after launch, Security Shield will configure itself to run automatically when your computer loads. Next, this malware will perform a scan and report a lot of various infections that will not be fixed unless you first purchase the software. Important to know, all of these infections are a fake and do not actually exist on your computer. Thus do not trust the scan results, you should ignore them!

While Security Shield is running, it will block most legitimate Windows applications, so that when you will try to run an application, your computer will display a fake security warning that states:

Security Shield
{program} is infected with “Worm.Win32.Autorun.bnb”. Do you want to register your copy and remove all threats now?

SecurityShield will also display various fake security messages and warnings that inform that your PC in danger. It is just an attempt to make you think your computer is infected with all sorts of malicious software. Some of the alerts are:

Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with Security Shield

Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss.

However, like false scan results above, all of these security messages are just a fake and has been displayed to trick you into purchasing so-called full version of Security Shield. You should ignore all of them!

As you can see, SecurityShield wants to scare you into thinking your computer is infected with a malware as a method to trick you into purchasing its full version. Do not be fooled into buying it! Instead of doing so, follow the removal guidelines below in order to remove Security Shield and any associated malware from your computer for free.

Symptoms in a HijackThis Log

O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe

Automatic removal instructions for Security Shield

Step 1. Reboot your computer in Safe mode with networking

Restart your computer.

After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.

Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.

safe-mode-how-to
Windows Advanced Options menu

When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.

Step 2. Remove SecurityShield and any associated malware

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes antimalware
Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Security Shield infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Security Shield remover
Malwarebytes Anti-malware, list of infected items

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Security Shield. MalwareBytes Anti-malware will now remove all of associated SecurityShield files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

Step 3. Reset HOSTS file

Security Shield will change the Windows system HOSTS file so you need reset this file with the default version for your operating system.

Please download OTM by OldTimer from here and save it to desktop. Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):

:Commands
[resethosts]

Click the red Moveit! button. Close OTM.

SecurityShield removal notes

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.

Security Shield creates the following files and folders

C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.

SecurityShield creates the following registry keys and values

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{RANDOM}

Malware removal Rogue Anti Spyware

 Previous Post

How to remove HDD Rescue (Uninstall instructions)

Next Post 

How to remove Smart HDD virus

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

16 Comments

  1. mehmet
    ― December 15, 2010 - 1:26 pm  Reply

    thank you so much!
    I would format my laptop if I didn’t read what you have written here.

  2. Random Dude
    ― December 22, 2010 - 7:55 pm  Reply

    Thanks for putting together this website with this easy and quick fix! My laptop picked up this nasty virus a couple days ago. This fix took care of the problem in about and hour and saved me from a HD format.

  3. MJ
    ― December 28, 2010 - 1:20 am  Reply

    Thanks so much for the above you are a life saver – I had no idea what to do until I read this. Cheers!

  4. dee dee
    ― December 30, 2010 - 9:05 pm  Reply

    Thank you sooooo much!!!.. I use my laptop for school and I was about to pay someone to fix my laptop. Your instructions saved me a lot of money. Thanks.

  5. KATRINA
    ― January 26, 2011 - 9:59 pm  Reply

    I keep trying to getthe security shield off and have repeat the process many times and it still showing up what should I do?

  6. Patrik (Myantispyware admin)
    ― January 28, 2011 - 10:25 am  Reply

    KATRINA, begin a new topic in our Spyware removal forum. I will help you to remove this malware.

  7. Mimi
    ― February 2, 2011 - 6:56 am  Reply

    Thank you soooo much for this instructions!! I wasn’t sure if I could do it, but I made it!!

  8. Megan
    ― February 20, 2011 - 1:26 pm  Reply

    I followed your instructions but I still get the pop-ups from Security Shield. I ran everything twice and it says it removed it and there are no more threats but it still pops up! Help!

  9. Patrik (Myantispyware admin)
    ― February 27, 2011 - 8:59 am  Reply

    Megan, ask for help in our Spyware removal forum.

  10. jesse
    ― February 5, 2012 - 4:42 pm  Reply

    THANK YOU!!! by far the simplest solution to this damn spyware!!

  11. Julie
    ― April 11, 2012 - 4:25 am  Reply

    Thank you so much!
    I was about to either cry or tear my hair out. I had already tried a couple of other websites but this is the only one that worked quickly, easily and free.
    You saved me, you really did. Thanks again!

  12. Remez
    ― May 17, 2012 - 7:21 am  Reply

    Hi,

    Got this malware about 1h ago and ran your solution(s). Works fine ! Great thanks to you.

    Remez

  13. Debbie
    ― May 21, 2012 - 4:55 pm  Reply

    Hi! I’ve done the first two steps and everything’ sok. BUT at step 3 I have a problem. I copy and paste the text :Commands
    [resethosts] exactly llike that, I click MOVEIT but at the Results it sais that: File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. What am I supposed to do now? What do I have to do to coplete sussessfully the whole process? Please, it’s emergency! Thank you!

  14. Mimma
    ― June 6, 2012 - 8:28 am  Reply

    I tried to resert hosts with OTM with these commands:
    :Commands
    [resethosts]
    but it doesn’t work. The I tried with:
    :Commands
    [ReseHosts]
    and it worked…..

  15. Danny
    ― August 20, 2012 - 10:36 pm  Reply

    Thank you so much for providing such a great solution. I am getting almost desperate on what to do next. It is really a terminator to this problem. Thank you again!

  16. michael zaret
    ― August 22, 2012 - 10:45 pm  Reply

    I got rid of it myself. I ran Startup Mechanic and saw that it was calling itself )699 instead of Security Shield. I started in safe mode, ran
    egedit in the command prompt and when I got to local machine I opened it and used the ind and ind next functions. It found 51699 and Security Shield in one of my folders in Documents and Settings. I gave myself full permission and deleted the entries one at a time. It’s gone now and good riddance.

Leave a Reply Cancel reply

New Guides

scam alert
Safe Sync GPS Tracker Reviews, Scam or Legit, Uncovering the Truth!
scam alert
TEKORON.com Scam Alert: Fake Bitcoin Promo Codes
scam alert
Avoid Sanobit.com Scam: The Truth About Bitcoin Promo Codes
Rexocoin.com BTCUS Promo Code Scam: What You Should Know
Plobsi.com Promo Code Fraud: A Bitcoin Scam to Watch Out For

Follow Us

Search

Useful Guides

DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
Malwarebytes won’t install, run or update – How to fix it
Best free malware removal tools
Best Free Malware Removal Tools 2025

Recent Guides

How to remove HDD Rescue (Uninstall instructions)
How to remove HDD Repair and HDDRepair
How to remove Internet Antivirus 2011 (Uninstall instructions)
How to remove HDD Plus and HDDPlus
How to remove Hard Drive Diagnostic and HardDrive Diagnostic

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.