Windows Private Shield Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

The main reason to avoid Windows Private Shield is because, despite its appearance, this is not a real
security program. ESG malware analysts have detected that Windows Private Shield is one of the many known clones of the FakeVimes family of malware. This is quite a large family of fake security programs that have been extensive since 2009. Malware infections like Windows Private Shield are usually referred to as rogue anti-spyware programs or rogue security software. These fake anti-spyware applications are part of a popular online scam that seeks to steal your money.

Windows Private Shield and the Many Fake Anti-Malware Applications in the FakeVimes Family

Due to the fact that the FakeVimes family of malware has existed so long, most legitimate security programs can deal easily with Windows Private Shield and its clones. However, malware in the FakeVimes family may contain a dangerous rootkit component. This rootkit component, detected as a variant of the Sirefef or ZeroAccess rootkit, can make it difficult for most security programs to find and remove the Windows Private Shield infection. This has given malware in the FakeVimes family a new opportunity to attack computer systems and bypass already established security protocols in order to deal with these fake security programs. There are many clones of Windows Private Shield that include this rootkit component, including such fake security programs as Windows Trojans Inspector, Windows Safeguard Upgrade and Windows Pro Safety Release.

The main purpose of the Windows Private Shield scam is preying on inexperienced computer users, convincing them that their computer is severely infected so that they will install a “full version” of Windows Private Shield. Of course, this supposed full version is not free. There are many ways in which Windows Private Shield tries to convince its victims that their computer system is infected. Some of these include making the victim’s computer unstable, causing browser redirects and displaying a constant stream of alarming security notifications. Since Windows Private Shield has no real anti-malware capabilities, ESG security analysts strongly advise against purchasing this fake security program. Instead, Windows Private Shield should be eliminated with a reliable anti-malware application capable of dealing with Windows Private Shield’s associated rootkit component.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Private Shield?

Windows Private Shield Technical Report

As new Windows Private Shield details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Windows Private Shield:

The following fake error message(s) appears for Windows Private Shield:

Torrent Alert
Recomended: Please use secure encrypted protocol for torrent links.
Torrent link detected!
Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prosecuted and you may be sued for cybercrime and breach of law under the SOPA legislation.
Please register your copy of the AV to activate anonymous data transfer protocol through the torrent link.

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Error
Attempt to modify Registry key entries detected.
Registry entry analysis recommended.

Warning
Firewall has blocked a program from accessing the Internet
C:program filesinternet exploreriexplore.exe
is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

‘How Windows Private Shield Infects Your Computer’ Video

Windows Private Shield Removal Details

Windows Private Shield has typically the following processes in memory:

• Protector-[RANDOM NUMBERS].exe

Windows Private Shield creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “rudbxijemb”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-2-17_2″
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe

Important Article Disclaimer