Friday 6 August 2010

My Security Shield removal instructions (Uninstall Guide)

My Security Shield is a piece of malware that pretends to be a legitimate anti-virus software. Actually, it's pretty generic looking rogue anti-virus program that may arrive on the compromised computer as a manually install or may be downloaded by other malware. Usually, My Security Shield is promoted through the use of fake online scanners and infected websites. It prevents other applications from being executed and displays fake security warnings. MySecurityShield reports false scan results and states that your computer is infected with various viruses, adware, spyware or other malware. As a typical rogue anti-virus program it will prompt you to pay for a full version of the program to remove the infections. It goes without saying that you should uninstall this virus from your computer instead of buying it. Unfortunately, it's rather difficult to remove this fake program from a computer, thankfully we've got My Security Shield removal instructions to help you. Please follow the removal instructions below.



While the rogue program is running, it will flag harmless files as malware infections. In fact, My Security Shield drops several files on the system and later detects those files Trojans, worms or other malicious software. This misleading application adds itself to the list of programs that start automatically when Windows OS starts. It will hijack Internet Explorer and other web browsers. It may display search results from findgala.com instead of Google. And of course, it may block safe security related websites and legitimate anti-virus and anti-spyware programs. Last, but not least, you wouldn't imagine a rogue program without fake security alerts and pop-ups from Windows taskbar. My Security Shield has it all. The fake program may display any of the following warning messages:
Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user's passwords.


The home page of My Security Shield is www5.my-security-shield.com. Please do not visit this site.


My Security Shield is from the same family as Security Master AV and My Security Engine scareware.

Also note that this rogue program may come bundled with other malware. Although, it can be removed manually, but we strongly recommend you to use an anti-virus or anti-spyware program in order to remove My Security Shield completely from your computer. Read full removal details below. If you have already bought the rogue program, please contact your credit card company and dispute the charges. If you have any questions or additional information about this malware please leave a comment. Good luck and be safe!


My Security Shield removal instructions:

1. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Open Internet Explorer and download STOPzilla. Once finished, go back into Normal Mode and run it. That's It!


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

My Security Shield associated files and registry values:

Files:
  • C:\Documents and Settings\All Users\Application Data\345d567\
  • C:\Documents and Settings\All Users\Application Data\345d567\4475.mof
  • C:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • C:\Documents and Settings\All Users\Application Data\345d567\MS345d_2129.exe
  • C:\Documents and Settings\All Users\Application Data\345d567\MSS.ico
  • C:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
  • C:\Documents and Settings\All Users\Application Data\345d567\MSSSys\vd952342.bd
  • C:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\
  • C:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\MSJYQMS.cfg
  • %UserProfile%\Application Data\My Security Shield\
  • %UserProfile%\Application Data\My Security Shield\cookies.sqlite
  • %UserProfile%\Application Data\My Security Shield\Instructions.ini
  • %UserProfile%\Recent\cid.drv
  • %UserProfile%\Recent\CLSV.tmp
  • %UserProfile%\Recent\DBOLE.exe
  • %UserProfile%\Recent\delfile.sys
  • %UserProfile%\Recent\fan.dll
  • %UserProfile%\Recent\grid.sys
  • %UserProfile%\Recent\kernel32.exe
  • %UserProfile%\Recent\kernel32.sys
  • %UserProfile%\Recent\PE.dll
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\runddlkey.drv
  • %UserProfile%\Recent\SICKBOY.drv
  • %UserProfile%\Recent\std.dll
  • %UserProfile%\Recent\tempdoc.tmp
  • %UserProfile%\Recent\tjd.sys
Registry values:
  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "control/7.02129"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Shield"
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
Share this information with other people:
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)