My Security Shield Removal Report

My Security Shield

11 Comments

By Domesticus in Rogue Anti-Spyware Program | 10,378 views

Rate it:

(13 votes, average: 4.46 out of 5)

Loading ...

Translate To:

Español |

Português

[+] Click Image to Enlarge

My Security Shield is a rogue security program that should not be trusted. My Security Shield can enter a system via malicious online scanners, malicious websites or sneaky Trojans. Once My Security Shield is inside a system, it will create fake malware files and run a bogus system scan which will detect those files as dangerous malware that can only be removed with the “full version” of My Security Shield. Users are advised to ignore all security notifications displayed by My Security Shield and have the rogueware removed from your system upon detection.

My Security Shield was discovered near the beginning of August of 2010. Since that time, the creators have created other malicious applications very similar to that of My Security Shield which use the same aggressive tactics that push computer users into purchasing a full edition of the bogus security application. My Security Shield is also known to display a specific type of alert message that not only warns of a detected threat but says the affected PC has a ‘memory access problem’. Not only is this message wrong, but it could be correct in the since that My Security Shield actually causes damages.

Type: Rogue AntiSpyware Programs

How Can You Detect My Security Shield?

Download SpyHunter’s Detection Scanner
to Detect My Security Shield.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

My Security Shield Technical Report

As new My Security Shield details are reported by our customers and findings from our Threat Research Center, we will update this section.

Author url of My Security Shield:

www5.my-security-shield.com

Fake message for My Security Shield:

The following fake error message(s) appears for My Security Shield:

Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user’s passwords.

Memory access problem
WindowsErrorForm has encountered a problem at address 0×1FC408.
We are sorry for the inconvenience.
If you see this error again, operational information can be irrevocably lost.

My Security Shield Removal Details

My Security Shield has typically the following processes in memory:

%UserProfile%\Recent\fan.dll
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\tjd.sys
C:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
%UserProfile%\Recent\grid.sys
%UserProfile%\Recent\std.dll
%UserProfile%\Recent\delfile.sys
C:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\kernel32.sys
C:\Documents and Settings\All Users\Application Data\345d567\MS345d_2129.exe

My Security Shield creates the following files in the system:

%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\SICKBOY.drv
%UserProfile%\Application Data\My Security Shield\Instructions.ini
C:\Documents and Settings\All Users\Application Data\345d567\
C:\Documents and Settings\All Users\Application Data\345d567\MSSSys\vd952342.bd
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Application Data\My Security Shield\cookies.sqlite
C:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\MSJYQMS.cfg
C:\Documents and Settings\All Users\Application Data\345d567\MSS.ico
%UserProfile%\Recent\cid.drv
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Application Data\My Security Shield\
C:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\
C:\Documents and Settings\All Users\Application Data\345d567\4475.mof

My Security Shield creates the following registry entries:

HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “control/7.02129″
HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “My Security Shield”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\3
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”

Important Article Disclaimer

This entry was last updated on 01/27/11 and posted on 08/5/10. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

11 Responses to “My Security Shield”

a m vena Says:
August 15th, 2010 at 9:19 am
please help me to get rid of my security shield they are harassing
my computer and trying to extortion me with their product for which
I have never requested, have tried all kinds of manoevre it always
comes back and takes control of my pc,I would be very grateful, tks

[Reply]
a m vena Reply:
August 15th, 2010 at 9:28 am
not sure if spy hunter was successful first time around never got response pop up so I could have error fixed I am running it over again please advise if I am duplicating and if errors were fixed
and was it succesful in destroying the brand my security shield tks

[Reply]
jason trepanier Reply:
September 9th, 2010 at 10:02 am
i am having the same problem no way to uninstall help me

[Reply]
hacker Says:
August 24th, 2010 at 10:32 am
Tengo el antidoto para este molestoso troyano,spyware, entonces vamos a INICIO , si tienes windows XP clic en EJECUTAR , y aki escribes REGEDIT., Para los tienen WINDOWS 7(clic en INICIO luego,existe una barra donde dice Buscar Programas y Archivos-esta mini barra no es mas que nuestro EJECUTAR…JEJEJ..)
(abre REGEDIT)
una vez dentro abrir la llave N.- 2 de nuestro REGEDIT :
HKEY_CURRENT_USER (luego clic en la flecha que esta lado izquierdo de la carpeta SOFTWARE,se habre una lista de carpetas,(Ubica la carpeta MICROSOFT), aki nuevamente clic en la flecha lado izquierdo de la carpeta MICROSOFT,se habrira una nueva lista de carpetas,(Ubica la carpeta WINDOWS),aki nuevamente clic en la flecha lado izquierdo de la carpeta WINDOWS,se habrira una nueva lista de carpetas,(ubica la carpeta CURRENTVERSION),aki nuevamente clic en la flecha lado izquierdo de la carpeta CURRENTVERSION, aparecera una lista un poco larga seguidamente ubicar la carpeta RUN y dar clic sobre esta carpeta ….
aparecera del lado derecho una lista de programas que inicia en nuestro sistema operativo ..AKI veras a nuestro incomodo molestoso,falso clean software,MY SEGURITY SHIELD .,llevas el puntero de tu mause(RATON) y das clic derecho sobre MY SEGURITY SHIELD, luego clic en ELIMINAR , para terminar cierras REGEDIT, Y REINICIAS TU PC . …. ya no mas aparecera este MALWARE.

[Reply]
Amy Colvard Says:
September 9th, 2010 at 6:44 pm
Cant get my security shield off my computer! popping up in my face every other time I try to access anything! HELP

[Reply]
Meg Kat Says:
September 11th, 2010 at 1:15 am
I am having same problem, sept i cannot pull up task manager. I get annoying pop-ups and such, and cannot run spy-ware doctor… or spyhunters direction scan. Even though they are installed.

[Reply]
Dan from Illinois Says:
September 18th, 2010 at 4:04 pm
My security shield infected my wifes computer. I tried Norton, Mcafee, Spybot, and even the MS scanner software and none could remove the malware until I tried this software. It worked great. I highly recommend it……..

[Reply]
jeremy Says:
September 23rd, 2010 at 9:02 pm
I came home one day and found this my security sheld there was no way to get rid of it i could already tell it was a virus ugh i need help to get rid of it.

[Reply]
guadalupe alfaro Says:
September 25th, 2010 at 6:35 pm
please help me to get rid of my security shield they are harassing
my computer and trying to extortion me with their product for which
I have never requested, have tried all kinds of manoevre it always
comes back and takes control of my pc,I would be very grateful, tks

[Reply]
Dusty Rham Says:
September 30th, 2010 at 8:14 am
This is the worst software in the world. You use it once and remove and out of nowhere in installs a new version and locks up the machine. They must this this is funny, but the whole thing sucks and so does their software. Getting rid of it is a pain in the a**, just like the software itself.

[Reply]
Simon Dekker Says:
December 29th, 2010 at 2:16 pm
I ran into Spy Shield and it took control of my computer with continuous fake pop-up security message. The computer was rendered unusable. To get rid of the malicious spyware, I booted the machine in the safe mode with network capability. When booting press the F-8 key several times until a text prompt comes up. Use the arrow keys to select the safe mode with network. Hit the return key and the system boots. Note the word “safe” in the upper portion of the screen.

Use another browser like Safari, Chrom or Firefox to search for Spyhunter. Once you are on SpyHunters website, from Enigma, type in “Spy Shield” and down load the Spyhunter software. Run the scan and a malicious “run once” will be found. Make sure this routine is disabled in SpyHunter. The Spy Shield problem goes away. SpyHunter worked for me. I have used the product for several months now and the support is excellent.

[Reply]

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.