Skip to content

Getting rid of Security Shield 2011

13/02/2012

I’ve just finished getting rid of an annoying virus called security shield from the home laptop.  It’s malware that basically spoofs that it’s a security tool that you’ve already installed on your computer and that it’s time to renew your protection and as misfortune would have it your computer is riddled with viruses.  It’s very believable it even pulls up a windows looking security page.

This is not the case, the only thing it’s riddled with is this malware.  Luckily this website http://www.2-viruses.com/remove-security-shield gives good instructions on how to get rid of it.

A quick overview of what I did on our Windows Vista laptop is below.

  1. Wait until it asks you to pay to update it.  At this point you’ll see a button that says something like, you already have a product key.  Click this button
  2. put in the following code 64C665BE-4DE7-423B-A6B6-BC0172B25DF2 and press enter.  You will regain control of your computer after this.
  3. If it asks you to reboot let it.  When it comes back up and you’ve logged back in go to the path c:\Users\<UsersName>\AppData\Local (e.g c:\Users\Joe\AppData\Local )via explorer (left click the start button on the bottom left and select explorer).  In views at the top select details and then click date modified.  Have a look for newest application file (if you look in the type column it’ll tell you what programs are applications) in that directory.  It’ll be a random bunch of characters.  Take note of the program name.
  4. Hit the ctrl-alt-delete buttons all at the same time.  In the menu that comes up select task manager.
  5. In Task manager select the process tab and look for the name you found in step 3 followed by .exe select it and hit the end process button in the bottom right.  The malware is now no longer running on your computer.  However when you stop and start your computer the next time it’ll start up afresh
  6. To clean it from your computer for good hit the start button in the bottom left corner.  Enter cmd in the search button at the bottom.  left click the cmd icon that appears and hit run as administrator.
  7. type the following command del c:\Users\<UsersName>\AppData\Local\<name of the virus noted in step 3>.exe the application is now deleted from your computer.  But to really finish it off you have to clear it from the registry.
  8. hit the start button in the bottom left corner.  Enter regedit and a program entitled Registry Editor should pop up.
  9. Select the Edit menu and then Find.  Enter the name you noted down in step 3 and hit enter.
  10. The entry with the step 3 name should pop up.  Click on it once with the left mouse button and select delete.  Your computer is now Clean!

References:

General overview and instructions how to remove Security Shield 2011

More up to date details on paths

How to use regedit

Advertisements

From → Uncategorized

3 Comments
  1. Ben Jones permalink

    Interesting to read your post about viruses masquerading as anti virus software. I find tge best solution for removing viruses is to create a resue CD from one of the anti virus companies ( Kaspersky do a good one), and boot from that. This will generally remove all viruses, including the really nasty “root kit” viruses which are impossible to remove any other way.

    • That’s one of those things that I really should do, but never get around to it. I take it’s not a backup and that any work you’ve done since isn’t lost? I’ll have to look up and see if there is a freeware version.

Trackbacks & Pingbacks

  1. Kapersky rescue disks – You need one of these « bonstechblog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: