Pin Me

Removing the Fake "Security Shield" Malware

written by: •edited by: Aaron R.•updated: 8/15/2011

While you might think that security software is there to help you, it doesn't always turn out that way. A case in point is the "Security Shield" malware which plants a difficult-to-remove Trojan on your PC.

  • slide 1 of 6

    Among the many threats to computers and their users that can be found online is the particularly disgraceful phenomenon of fake security software. These are typically applications that claim to be available for free and that are supposedly designed to protect your computer from online threats, such as viruses and other malicious software.

    Of course, once you download and install these supposed “security applications" the trouble really begins. A typical example is the Security Shield program, software that claims to protect your computer (even invoking the image of a policeman in its title) but which is in reality a Trojan horse. Typically a Trojan provides a backdoor into your PC that allows a remote user to access your files, but it can also deploy a keylogger so that your passwords can be uncovered, as well as other threats such as viruses and worms to further infect your system.

    If you suspect that you have the Security Shield Trojan Horse, removal of this software (or more accurately, malware) is vital for the continued safe use of your PC.

  • slide 2 of 6

    Spotting the Trojan

    Realizing you have a Trojan on your system can be difficult, especially if it isn’t showing any signs of slowing your PC down. Although currently using the Security Shield title, there is every chance that this software will appear at a later date under different titles – a common modus operandi for these fake security applications. (It’s a useful way to get around any web searches a clued-up potential user might conduct for reviews of the software before downloading it.)

    Most Trojans will eventually make their presence felt, however, by applying reduced performance to your Windows computer in the shape of malware that eats up your system resources and possibly preventing access to the Internet. Bearing this in mind, you might wish to print out this page for reference later on.

    Preventing access to the web is a clever trick used by the developers of malware to prevent you from finding help online. This is done via the HOSTS file, typically found in C:\Windows\System32\drivers\etc. With that folder open, right-click HOSTS and select Open, selecting Notepad as the program you want to use to open the file. If your system is infected, then the HOSTS file will be full of entries that will divert your browser to incorrect IP addresses - sometimes looping back to your PC - but usually sending you to another website that could potentially cause further frustration.

    In the absence of effective security software on your PC (assuming you put all faith in Security Shield) you should be able to detect the presence of this Trojan by right-clicking the Windows taskbar and selecting Start Task Manager or simply tapping CTRL+SHIFT+ESC. Here you need to be looking for any apparently random strings of characters – this identifies the Security Shield process. Before proceeding, make a note of the random characters; if automatic removal fails you will require these to conduct a manual removal.

  • slide 3 of 6

    Scan Your PC with Malwarebytes Anti-Malware

    Scan Your PC with Malwarebytes Anti-Malware There are various reputable malware removal solutions available online, but one of the most popular is Malwarebytes Anti-Malware, which has a free version that you can download from majorgeeks.com/download.

    Once downloaded and installed, you can use Malwarebytes Anti-Malware to detect and remove the Security Shield Trojan software. This is easily done via the Scanner tab, where you should select the Full system scan option. You will then be given the option of adding or removing any disk devices or partitions from the scan – for the best results, include all locations.

    The scan will take a while to complete, but once done select Show results. You will then see a window displaying the various threats that the scan has uncovered. Simply make sure all threats are checked for removal and then click the Remove Selected button to prompt Malwarebytes Anti-Malware to begin cleaning up the system – taking the Security Shield Trojan with it.

    After this is done, click OK and restart your PC.

  • slide 4 of 6

    Online Scanning with ESET

    If your PC has been compromised in such a way that you cannot install Malwarebytes Anti-Malware, your best option is to run a scan tool that doesn’t require installing. One of the best solutions for this is the ESET Online Scanner, available from www.eset.com/us/online-scanner.

    You will see the link on the page to Download the scanner, and this takes you to a second screen where you need to click Run ESET Online Scanner. This tool scans your PC from within your browser, but for the best results you should use Internet Explorer (a plugin is available for other browsers).

    This tool requires 30 MB of disk space with which to scan your PC, as well as permission for an ActiveX control to be run. Once you’re ready, check Remove found threats and Scan unwanted applications and then click Scan. After completion, any threats that were detected will have been removed; this may have included malware preventing you from installing software, so you should try running Malwarebytes Anti-Malware again.

  • slide 5 of 6

    Fixing the HOSTS

    After you're done with Malwarebytes Anti-Malware or ESET, you might have one last thing to check - the HOSTS file. Once again visit C:\Windows\System32\drivers\etc and check the contents of the file. If it is still full of rubbish that originated with the malware, close the file. You will need to reboot into Safe Mode once again to delete it.

    Once you have done this, create a new file called HOSTS with no file extension, and open it. Next, visit support.microsoft.com/kb/972034 and select the appropriate HOSTS file details for your version of Windows, and save the file before closing. This will restore Internet access to your PC.

  • slide 6 of 6

    Stick with the Professionals!

    As with any malware removal guide, we need to end with a few words of wisdom – mainly that you need to make yourself aware of all possible threats and the best solutions for them. You don’t have to spend top dollar for a good quality anti-virus or anti-malware solution to protect your PC, so rather than banking on fakeware “solutions" such as Security Shield, put some time aside to find a competent and reputable security suite.

    Our own article, What is the Best Free Internet Security Suite? provides plenty of suggestions that you can consider.

References

  • Author's own experience.
  • Screenshots provided by author.