Security Shield is a false security client. This malicious software will prevent legit programs like the Task Manager and other real security software from running. Security Tool is a clone of Security Tool, Smart Security, System Tool and Total Security 2009.
On June 9th 2011 a newer version called Security Shield 2011 came out. This threat is similar to the one shown in this guide. Basically it's a clone so either guide should still work for you.
If Security Shield becomes as prevalent as Security Tool than this virus will infect tens of millions of people if not hundreds of millions of people. In 2010 Security Tool was the most common rogue security client to hit the market. It looks like this clone may just be the replacement of that fake security client.
Some of the FAKE warning messages you may see:
Intercepting malicious software that may violate your privacy and harm your computer has been detected. Click here to remove now with Security Shield.
Spyware.IEMonster activity detected. This form of spyware attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other commonly used programs. Click here to immediately remove it with Security Shield.
Some of the important system files on your PC were modified by malicious software. It may cause system crashes and data losses.
Click here to prevent non-authorized changes and remove threats (Recommended)Security Shield Firewall Alert
Security Shield has prevented a program from accessing the internet.
“iexplore.exe” is infected “Trojan-Dropper.Win32.Agent”. This worm has to tried to use “iexplore.exe” to connect to remove host and send your credit card information
Security Shield
» Download Security Shield Removal Software
As soon as you find a copy of Security Shield on your computer, you should take steps to remove Security Shield. Security Shield removal is a process which involves stopping the main executable and after that you delete it as well as other traces in the registry and in temp file locations
Remove Proxy Setting so You Can Connect to the Internet Again. ( MAY NOT BE NEEDED )
The above video is for Internet Explorer. Chrome users should follow the video as well because Chrome uses the same settings. For Firefox users please read the manual guide under the How to Guides section. There is a manual guide for IE there as well.
Security Shield Removal Video
» Download Security Shield Removal Software
Security Shield Manual Removal Procedures
1.The first step you must take in order to remove Security Shield is to stop the following processes. Your traces will NOT be the same as bellow. They will be unique to your computer.
-
random-6 to 10 digit number.exe
-
HINT: The random folder may look similar to 54066343254.exe or six to ten charecters in lenth
To stop the above processes we recommend you do one of the following
1A. Open up the Task Manager and terminate the above executable.
1B. Right click on the Security Shield icon on the desktop and select properties. Now copy the file path on your computer and than re-name the executable and re-boot your computer. After you re-boot you should be able to delete the file.
1C. Browse to
XP
-
C:\Documents and Settings\YOUR USER NAME\Local Settings\Application Data\random-6 to 10 digit number.exe
Vista / Windows 7
- C:\Users\Jacob\AppData\Local\random-6 to 10 digit number.exe
The next step in Security Shield removal is to delete the following file:
- random-6 to 10 digit number.exe
- c:\programdata\microsoft\Windows\start menu\Programs\security shield.lnk
Once the above steps have been completed, Security Shield should no longer be running. At this time you need to run a FULL VIRUS SCAN. Don't skip this step.
Security Shield Registry Removal Proedures
Removing files and folders alone is not sufficient to completely remove Security Shield. The following keys and settings should also be removed from the Windows registry to complete Security Shield removal:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Security Shield
Security Shield Directories:
Windows XP
- None at this time however it may change to the below directory
- %Documents and Settings%\All Users\Application Data\local\[random]\
Windows Vista/7:
- None at this time however it may change to the below directory
- C:\Users\USER NAME\AppData\local\RANDOM\
Outside Resources:
Thanks for the update. It’s sure to help others
Help? Think I have successfully removed this pest – all subsequent scans – Anti Virus, Windows Defender are clean and computer operating normally. However when I attempt to open Internet Explorer, I get the message ‘unable to connect’. My PC has a wireless link to my router.
Any suggestions would be gratefully received. Someone has suggested, setting up a new user profile – otherwise am I facing a rebuild?
What have you already done? Did you re-set the proxy settings as shown in the guide. If not that would be my first suggestion. Let us know if you did that yet.
I’m trying to removed this from my PC and I can’t, Mother !@##$$%
this wont wprk im on my other computer and it doesnt let me do shit!
What is it in the guide that you are not able to do? Be Specific with what you are trying to do exactly and what you have done already. Just cussing will get you no were.
Ok so i have Security Shield on my other PC and it will not let me remove it, whenever i go to a useful website it will interupt me with a virus scan thing saying the other website is infected. I can only open a very few useless programs. How do i get Security Shield off of my computer? Will i have to reformat the entire thing?
FOLLOW THE GUIDE!!!!!!!!!!!!!!! That is how you remove it. That simple. If you have a specific question in the guide you can ask it.
the first comment was made 4 months ago and you just responded to it yesterday??? i cant wait that long! this is a terrible way to help people with their problems!
Not true. However now I will not respond and spend my free time helping you out. Time for reply 2 minutes
Ok so i just removed the security shield program through task manager (thank you so much!!!!!!!!) but when i tried following up by removing all traces from the folders, i could not seem to find security shield anywhere under the c: folder. Im really nervous that there may still be traces of it on my computer. Is there any way to find the file, or another way to ensure that it is gone for good? (my trial or spyware doctor must have ran out a long time ago, and i’m not sure my malwarebytes is picking up on anything)
Thank you very much.
By terminating the threat in the TaskManager you did not delete it. You basically just told it to stop running. When you re-boot it will start again. With that said the next time you boot up you should be able to right click on the file in the Task Manager and then select “open containing folder” or something like that. Then you can find the .exe file and delete it.
You should also be able to locate the file by browsing to the folder location shown in the guide and removing it that way. Malwarebytes should be able to pick this threat up as well. The Trial of SDA if old as you say it is, you should be able to remove it and then download the 2012 version of the software and run a scan to locate any other threats. Keep in mind that the free trial does not remove virus threats. However it will tell you what if anything is left over and the EXACT location on your computer were the file is at so you can manually delete Security Shield.
It sounds like you are not using any active Antivirus software. I strongly urge you to purchase an AV program to protect your computer in the future. If your still having troubles hit me back or send me an e-mail through the contact us form with your contact info and I’ll see what I can do to help you out.
Just to let you know, my exe hadn’t a numeric name, but was just a random assortment of letters. Thanks for the help
Thanks for the heads up. Been hearing that a lot lately so I’m guessing it mutated. This threat is about a year old so it’s to be expected.
Bah! What a headache! Finally got the task manager to come up. My exes were also alphabetical…there were two, created at the same time. I deleted them and cleared out all traces i could find. It doesnt come up when I reboot anymore, but my computer is super slow and my game (WOW) wont come up at all. I never did find “Security Shield” when I did a search under the start menu, but my virus scan isnt picking up anything either. Heeeeeelp, please!!
thank you so much….it was driving me nuts….the instructions worked like a charm….how do i make sure its ccompletely gone?
I cannot open task manager, and I cannot find the .exe in the local folder or the roaming folder. Is there anywhere else it might be located?
Windows 7, by the way. I’m not sure what the current protection is because it’s not my computer.
I cannot open my task manager help please
You don’t need to. Read the guide and then if you need help let me know exactly what step it is you are stuck on and what you are trying to do. Your operating system is also needed for me to ensure you are looking in the right place
Feedback: Window 7
1) Had to boot in safe mode otherwise registry editor just closed itself immediately
2) Deleted C:UsersJohnAppDataLocalsjbogol.exe
3) Deleted HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOncesjobgol.exe registry key
4) Microsoft security essentials did not find these!
Thanks for sharing. Looks like the threat is still hiding in the Local folder.
Hi, I just went through this process and I’m pretty sure it worked 😀 I just need to run a full scan, but before that, I should tell you that when I found the process in task manager, it had a strange icon, a little bit like a blob, and it was called ‘ogauej’.
now at first I didn’t realise this was the sneaky little security shield and nearly completely missed it – I just though it’d be best to tell 🙂
where do I find the task manager in the safe mode or for that matter any mode
ctrl+shift+esc. Answers like this are super easy to find online. Just do a search for what it is you are trying to do. For this instance you just would of had to do a search for “open Task Manager”
thanks dude..
My wife picked up Security Shield at Orbitz (yay orbitz); got really nasty version- wouldn’t let me do anything- no applications, files all hidden, launching browsers was impossible. Launched in safemode with networking to download Malwarebytes; used that to clean off machine, quick scan and then full scan. Then swapped out new HOSTS file as well. Restarted; desktop still messed up, no programs in Start menu, but could search for programs and at least launch browsers; virus seemed to be gone, but wasn’t sure. Resorted to using Restore command from F8 safe boot, so lost a few days but seemed to work. Last step at the end was to reset all the folders to Folders-> View all. She has Windows 7, not used to it, so it took me a while to find that. After final restart (we are at 4 hours+ total time) our machine seems better. We were a little freaked when we couldn’t see all our pictures (most were backed up, but still….) but could see that the disk drive was pretty full, so it was just a question of restoring visibility. This seems to have worked for us, YMMV.
Unfortunately I don’t think the process is appearing at all in Task Manager — there is no 6- to 10-digit number showing up there. And Task Manager is showing not much memory being used, whereas my PC is telling me that my system is low on virtual memory. Is it possible that Security Shield has managed to hide the process from Task Manager? And in that case, how can I find and remove it? Running XP SP3. Thanks!
The process may not be a numeric number anymore. Look in the file location shown for XP systems and sort the files by date. There should only be one or two files that match the date of the infection. From there re-name the random file name to anything you like and re-boot the system. Then delete the file.