Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Friday, August 6, 2010

My Security Shield removal instructions (Uninstall Guide)

Tell your friends:
My Security Shield is a piece of malware that pretends to be a legitimate anti-virus software. Actually, it's pretty generic looking rogue anti-virus program that may arrive on the compromised computer as a manually install or may be downloaded by other malware. Usually, My Security Shield is promoted through the use of fake online scanners and infected websites. It prevents other applications from being executed and displays fake security warnings. MySecurityShield reports false scan results and states that your computer is infected with various viruses, adware, spyware or other malware. As a typical rogue anti-virus program it will prompt you to pay for a full version of the program to remove the infections. It goes without saying that you should uninstall this virus from your computer instead of buying it. Unfortunately, it's rather difficult to remove this fake program from a computer, thankfully we've got My Security Shield removal instructions to help you. Please follow the removal instructions below.



While the rogue program is running, it will flag harmless files as malware infections. In fact, My Security Shield drops several files on the system and later detects those files Trojans, worms or other malicious software. This misleading application adds itself to the list of programs that start automatically when Windows OS starts. It will hijack Internet Explorer and other web browsers. It may display search results from findgala.com instead of Google. And of course, it may block safe security related websites and legitimate anti-virus and anti-spyware programs. Last, but not least, you wouldn't imagine a rogue program without fake security alerts and pop-ups from Windows taskbar. My Security Shield has it all. The fake program may display any of the following warning messages:
Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user's passwords.


The home page of My Security Shield is www5.my-security-shield.com. Please do not visit this site.


My Security Shield is from the same family as Security Master AV and My Security Engine scareware.

Also note that this rogue program may come bundled with other malware. Although, it can be removed manually, but we strongly recommend you to use an anti-virus or anti-spyware program in order to remove My Security Shield completely from your computer. Read full removal details below. If you have already bought the rogue program, please contact your credit card company and dispute the charges. If you have any questions or additional information about this malware please leave a comment. Good luck and be safe!



My Security Shield removal instructions:

1. Download recommended anti-malware software and run a full system scan to remove this virus from your computer.

If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Open Internet Explorer and download antimalware. Once finished, go back into Normal Mode and run it. That's It!


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.


My Security Shield associated files and registry values:

Files:
  • C:\Documents and Settings\All Users\Application Data\345d567\
  • C:\Documents and Settings\All Users\Application Data\345d567\4475.mof
  • C:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • C:\Documents and Settings\All Users\Application Data\345d567\MS345d_2129.exe
  • C:\Documents and Settings\All Users\Application Data\345d567\MSS.ico
  • C:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
  • C:\Documents and Settings\All Users\Application Data\345d567\MSSSys\vd952342.bd
  • C:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\
  • C:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\MSJYQMS.cfg
  • %UserProfile%\Application Data\My Security Shield\
  • %UserProfile%\Application Data\My Security Shield\cookies.sqlite
  • %UserProfile%\Application Data\My Security Shield\Instructions.ini
  • %UserProfile%\Recent\cid.drv
  • %UserProfile%\Recent\CLSV.tmp
  • %UserProfile%\Recent\DBOLE.exe
  • %UserProfile%\Recent\delfile.sys
  • %UserProfile%\Recent\fan.dll
  • %UserProfile%\Recent\grid.sys
  • %UserProfile%\Recent\kernel32.exe
  • %UserProfile%\Recent\kernel32.sys
  • %UserProfile%\Recent\PE.dll
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\runddlkey.drv
  • %UserProfile%\Recent\SICKBOY.drv
  • %UserProfile%\Recent\std.dll
  • %UserProfile%\Recent\tempdoc.tmp
  • %UserProfile%\Recent\tjd.sys
Registry values:
  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "control/7.02129"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Shield"
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
Share this information with other people:

12 comments:

Anonymous said...

FlyFFSky:This helps but i dont know which is easyer? ill try the safe mode but im not sure if it helps.

Anonymous said...

I tried downloading this but I couldn't get it to start up as hard as I tried.

Anonymous said...

Ran Malwarebytes twice (afer updating it), but Security Shield is still on my computer.

Jonathan said...

Security shield messes up all of your computer processes as I was to discover. Don't bother trying to download any removal tools. They probably won't run. Simply restart your computer and keep tapping F8 until the black screen appears. Select safe mode with networking and then press enter.
When windows starts, click start, select programs, accessories, system tools, and then system restore. This should only take a few minutes. It completely removed Security shield from my computer. I hope it works for you. Good luck...

Anonymous said...

What Jonathan said worked for me too

Abhijit said...

@jonathan
thanks dude it works (running the system restore)
after it use ctrl+alt+del and end the process named similar to losoo or losoo32 then find the file losoo.exe in your oc and delet it,it really works.

tania_kiba said...

its true doing the restore worked for me too thanks so much

Anonymous said...

Thanks Jonathan, your method worked for us too! :)

Anonymous said...

I appears that Jonathan's method worked for me as well. Even better since I could even get my internet to come up to TRY to download a remover. Thank you, Jonathan!

Anonymous said...

Jonathan

Thank you very much. You are are very clever

Gerard said...

Some of these fake anti-virus programs also remove system restore from safe mode. At work what we do to overcome this problem is to use a CD called ERD commander, it is a boot cd that is able to run a system restore from the CD. This is the quickest way of fixing the problem. It is also wise once the virus has been removed to disable system restore and enable it again. This is a measure to make sure that it can't escape the system restore files and reinfect your computer.

Cheers

Gerard
Network Engineer.

Anonymous said...

System Restore in the Safe Mode Works. I tried other programs that did not work but this did and it worked quickly!