Security Shield is a new fake (rogue) security software from the same family of malware as System Tool, Security Tool, etc. The program pretends to be a legitimate antivirus tool but, in reality, it hijacks browsers, blocks legitimate Windows applications, displays various fake security alerts and detects numerous false infections. SecurityShield will state that all you have to do in order to cure your computer is purchase the full version of the software. Important to note, Security Shield is unable to detect and remove any infections, so do not pay for the bogus software, simply ignore all that it will display you.
SecurityShield is distributed mostly through the use of trojans, infected websites and other malicious software. Moreover, cyber criminals also use various other misleading methods to distribute their bogus software, e.g. Twitter, Facebook and spam emails. Do not fall victim to the fake security software because it is nothing more but a scam. Remember that the rogue is a highly dangerous application and you need remove Security Shield as soon as possible. Please follow the removal guide below to remove this malware from your computer for free using legitimate antimalware software.
Immediately after launch, Security Shield will configure itself to run automatically when your computer loads. Next, this malware will perform a scan and report a lot of various infections that will not be fixed unless you first purchase the software. Important to know, all of these infections are a fake and do not actually exist on your computer. Thus do not trust the scan results, you should ignore them!
While Security Shield is running, it will block most legitimate Windows applications, so that when you will try to run an application, your computer will display a fake security warning that states:
Security Shield
{program} is infected with “Worm.Win32.Autorun.bnb”. Do you want to register your copy and remove all threats now?
SecurityShield will also display various fake security messages and warnings that inform that your PC in danger. It is just an attempt to make you think your computer is infected with all sorts of malicious software. Some of the alerts are:
Intercepting program that may compromise your privacy and
harm your system have been detected on your PC.
Click here to remove them immediately with Security Shield
Some critical system files of your computer were modified by
malicious program. It may cause system instability and data
loss.
However, like false scan results above, all of these security messages are just a fake and has been displayed to trick you into purchasing so-called full version of Security Shield. You should ignore all of them!
As you can see, SecurityShield wants to scare you into thinking your computer is infected with a malware as a method to trick you into purchasing its full version. Do not be fooled into buying it! Instead of doing so, follow the removal guidelines below in order to remove Security Shield and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe
Automatic removal instructions for Security Shield
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Remove SecurityShield and any associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Security Shield infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Security Shield. MalwareBytes Anti-malware will now remove all of associated SecurityShield files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Step 3. Reset HOSTS file
Security Shield will change the Windows system HOSTS file so you need reset this file with the default version for your operating system.
Please download OTM by OldTimer from here and save it to desktop. Run OTM, copy, then paste the following text in “Paste Instructions for Items to be Moved” textarea (under the yellow bar):
:Commands
[resethosts]
Click the red Moveit! button. Close OTM.
SecurityShield removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Security Shield creates the following files and folders
C:\Documents and Settings\All Users\Application Data\{RANDOM}
C:\Documents and Settings\All Users\Application Data\{RANDOM}\{RANDOM}.exe.
SecurityShield creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{RANDOM}
thank you so much!
I would format my laptop if I didn’t read what you have written here.
Thanks for putting together this website with this easy and quick fix! My laptop picked up this nasty virus a couple days ago. This fix took care of the problem in about and hour and saved me from a HD format.
Thanks so much for the above you are a life saver – I had no idea what to do until I read this. Cheers!
Thank you sooooo much!!!.. I use my laptop for school and I was about to pay someone to fix my laptop. Your instructions saved me a lot of money. Thanks.
I keep trying to getthe security shield off and have repeat the process many times and it still showing up what should I do?
KATRINA, begin a new topic in our Spyware removal forum. I will help you to remove this malware.
Thank you soooo much for this instructions!! I wasn’t sure if I could do it, but I made it!!
I followed your instructions but I still get the pop-ups from Security Shield. I ran everything twice and it says it removed it and there are no more threats but it still pops up! Help!
Megan, ask for help in our Spyware removal forum.
THANK YOU!!! by far the simplest solution to this damn spyware!!
Thank you so much!
I was about to either cry or tear my hair out. I had already tried a couple of other websites but this is the only one that worked quickly, easily and free.
You saved me, you really did. Thanks again!
Hi,
Got this malware about 1h ago and ran your solution(s). Works fine ! Great thanks to you.
Remez
Hi! I’ve done the first two steps and everything’ sok. BUT at step 3 I have a problem. I copy and paste the text :Commands
[resethosts] exactly llike that, I click MOVEIT but at the Results it sais that: File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. What am I supposed to do now? What do I have to do to coplete sussessfully the whole process? Please, it’s emergency! Thank you!
I tried to resert hosts with OTM with these commands:
:Commands
[resethosts]
but it doesn’t work. The I tried with:
:Commands
[ReseHosts]
and it worked…..
Thank you so much for providing such a great solution. I am getting almost desperate on what to do next. It is really a terminator to this problem. Thank you again!
I got rid of it myself. I ran Startup Mechanic and saw that it was calling itself )699 instead of Security Shield. I started in safe mode, ran
egedit in the command prompt and when I got to local machine I opened it and used the ind and ind next functions. It found 51699 and Security Shield in one of my folders in Documents and Settings. I gave myself full permission and deleted the entries one at a time. It’s gone now and good riddance.