Windows Shield Tool

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 9
First Seen: February 24, 2012
Last Seen: January 8, 2020
OS(es) Affected: Windows

Windows Shield Tool Image

ESG security researchers have received many reports of infections involving fake security programs belonging to the FakePAV family of malware. Windows Shield Tool is one of the many fake anti-spyware programs in the infamous FakeVimes family of malware, which also includes bogus security programs with names like Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

These are all versions of the same malware application, a fake security program with no true anti-malware capabilities. Windows Shield Tool is composed of a graphic user interface designed to mimic Microsoft Security Essentials. As part of its installation process, Windows Shield Tool makes changes to the Windows Registry which then allows Windows Shield Tool to display constant error messages and notifications from the Taskbar that seem to come from the victim's computer itself. By using these, Windows Shield Tool preys on inexperienced computer users, convincing them to purchase a useless anti-malware program.

Dealing with a Windows Shield Tool Infection

Windows Shield Tool should be removed from the infected computer immediately. However, this fake security program has the capacity to mess with the infected computer's system restore features, disable legitimate security applications, and, in some cases, even load when the victim starts up in Safe Mode. Because of this, what is recommended by ESG security researchers is the utilization of a reliable anti-malware application that preferably has anti-rootkit capabilities. Windows Shield Tool will usually spread through corrupted advertisements that take advantage of vulnerabilities in Flash and JavaScript as well as being contained in fake video codecs that are often part of poorly-regulated pornographic video galleries.

How the Windows Shield Tool Scam Works

Fake security applications like Windows Shield Tool are known as rogue anti-malware programs. Basically, criminals use these in order to convince their victims that the infected computer system is in fact in severe trouble due to an outrageous malware infestation. Windows Shield Tool is presented as an effective solution to these nonexistent threats, but only if the victim pays for a useless 'full license' of Windows Shield Tool. Since Windows Shield Tool has no way to detect, remove, or protect from malware, ESG security researchers strongly advise against purchasing Windows Shield Tool or letting Windows Shield Tool remain on your computer system. Usually, the presence of Windows Shield Tool will indicate that other malware is also installed on the victim's computer and, if not removed immediately, will often result in the infected computer system becoming nearly useless.

SpyHunter Detects & Remove Windows Shield Tool

Windows Shield Tool Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Shield Tool may create the following file(s):
# File Name MD5 Detections
1. Protector-ntu.exe 3e1177906fb1222590f01678f5352c40 1
2. Protector-yco.exe 9ca4f33ba3b524015f00b0b39c99b571 1
3. Protector-qsy.exe 179982a6ce74b96c1efe6286a84ae9f6 1
4. Protector-ngo.exe 0e565afa6f7233aa78cd7e848785b935 1
5. %AppData%\Protector-oak.exe
6. %AppData%\NPSWF32.dll
7. %CommonPrograms\%Windows Shield Tool.lnk
8. %Desktopdir%\Windows Shield Tool.lnk

Related Posts

Trending

Most Viewed

Loading...