Security Shield Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 

Security Shield is a rogue security application with several clones (for example, Security Tool). Computers infected with the fake anti-virus program Security Shield become riddled with a host of problems that can turn them practically impossible to use. Security Shield is often associated with other malware infections, and the presence of Security Shield on a computer is, practically, a guarantee that the computer is infected with one of a variety of Trojans. This is due to the fact that rogue security programs like Security Shield are often installed by Trojans or are simply Trojans themselves. ESG malware analysts recommend removing a Security Shield infection from your computer system as soon as possible. Despite its claims and likeness to real security programs, Security Shield is nothing but a scam designed to steal your money.

Security Shield: One More Version of the Rogue Security Program Scam

Security Shield is one of many variants of rogue security programs, a con that has become especially prevalent since the middle of the 2000s decade. Most variants of this common scam work in the same way and Security Shield is one classic example of how a typical rogue anti-spyware program works. Usually, the rogue security program scam has the same steps:

1. A Trojan will infect a computer system through any number of deceptive methods. Common methods that Trojans use to infect computer systems include pretending to be video codecs, being bundled along with popular downloads or being downloaded onto a computer system through the use of JavaScript and Flash exploits in corrupted advertisements and pop-up Windows. Whatever way the Trojan uses to infect a computer system, it will often run in the background without the user’s knowledge. Common Trojans associated with roguewares like Security Shield include Vundo, Zlob, and the Fake Microsoft Security Essentials Alert Trojan.
2. The Trojan will display a message claiming that the computer system is infected with a variety of worms, viruses or other malware problems. Then, it will offer the computer user the option to download a free anti-virus program to remove these problems. Some Trojans, like the Fake Microsoft Security Essentials Alert Trojan, actually mimic legitimate security alerts or error messages that a computer system would normally display. If the victim accepts, the rogue anti-virus program (Security Shield in this case) will be downloaded and installed. As part of its installation process, Security Shield makes harmful changes to the computer’s settings and alters the Windows Registry to ensure that Security Shield can run in the background and launch automatically when Windows is started up.
3. Security Shield, or the particular rogue anti-spyware program, will continue to claim that the computer is infected, but will demand that the user pay for a “full version”, in order to fix these non-existent problems.

Type: Rogue AntiSpyware Programs

How Can You Detect Security Shield?

Security Shield Technical Report

As new Security Shield details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Security Shield:

The following fake error message(s) appears for Security Shield:

Security Shield
Security Shield Firewall Alert
Security Shield has prevented a program from accessing the internet.
“iexplore.exe” is infected “Trojan-Dropper.Win32.Agent”. This worm has to tried to use “iexplore.exe” to connect to remove host and send your credit card information

Security Shield Warning
Intercepting malicious software that may violate your privacy and harm your computer has been detected. Click here to remove now with Security Shield.

Security Shield Warning
Spyware.IEMonster activity detected. This form of spyware attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other commonly used programs. Click here to immediately remove it with Security Shield.

Security Shield
“cmd.exe” is infected with “Worm.Win32.Autorun.bnb”. Do you want to register your copy and remove all threats now?

Security Shield Warning
Some of the important system files on your PC were modified by malicious software. It may cause system crashes and data losses.
Click here to prevent non-authorized changes and remove threats (Recommended)

‘How Security Shield Infects Your Computer’ Video

Security Shield Removal Details

Security Shield has typically the following processes in memory:

• %LOCALAPPDATA%\ 246950008.exe
• %UserProfile%\AppData\Local\[RANDOM CHARACTERS].exe
• %LOCALAPPDATA%\ 6323257655.exe
• %LOCALAPPDATA%\ 595230097.exe
• c:\Documents and Settings\[USERNAME]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
• %LOCALAPPDATA%\ 663846548.exe
• %UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe

Security Shield creates the following files in the system:

• %UserProfile%\Start Menu\Programs\Security Shield.lnk
• %AppData%\Microsoft\Windows\Start Menu\Programs\Security Shield.lnk

Security Shield creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “[RANDOM CHARACTERS]“

Important Article Disclaimer