How to delete Security Shield?
Solved
x-Morgane-x
Posted messages
17
Status
Member
-
g3n-h@ckm@n -
g3n-h@ckm@n -
Hello,
While browsing websites on the internet, a "virus" (Security Shield) installed itself on my computer.
I researched online, and according to what I've read, it's a software that pretends to be an antivirus and detects viruses that I don't have...
I've had it for a few days, and I can't get rid of it...
When it alerts me to fake viruses, I can't close the small window; I have to click "Yes, activate Security Shield," etc., to finally click "yes" when they ask if I'm sure I want to continue without my computer being protected... But the window automatically comes back, I can hardly do anything... It blocks the internet, access to my files, etc...
I know that in safe mode it doesn't appear anymore, but I want to remove it so I can switch back to normal mode... ^^
So if you have any RELIABLE and FREE software to suggest that can remove Security Shield, please let me know which ones :)
Otherwise, I've read that we could manually delete the components of Security Shield, but that it's quite dangerous because a wrong move could crash the computer...
If that's the only solution left, please explain in detail where to find these components and which ones to delete... Because I tried to look and I didn't find anything ._.
(Ps: I'm only 14, I'm not very skilled ^^ )
I look forward to your responses,
Thanks in advance.
Configuration: Windows 7 / Firefox 3.5.15
While browsing websites on the internet, a "virus" (Security Shield) installed itself on my computer.
I researched online, and according to what I've read, it's a software that pretends to be an antivirus and detects viruses that I don't have...
I've had it for a few days, and I can't get rid of it...
When it alerts me to fake viruses, I can't close the small window; I have to click "Yes, activate Security Shield," etc., to finally click "yes" when they ask if I'm sure I want to continue without my computer being protected... But the window automatically comes back, I can hardly do anything... It blocks the internet, access to my files, etc...
I know that in safe mode it doesn't appear anymore, but I want to remove it so I can switch back to normal mode... ^^
So if you have any RELIABLE and FREE software to suggest that can remove Security Shield, please let me know which ones :)
Otherwise, I've read that we could manually delete the components of Security Shield, but that it's quite dangerous because a wrong move could crash the computer...
If that's the only solution left, please explain in detail where to find these components and which ones to delete... Because I tried to look and I didn't find anything ._.
(Ps: I'm only 14, I'm not very skilled ^^ )
I look forward to your responses,
Thanks in advance.
Configuration: Windows 7 / Firefox 3.5.15
14 answers
Good evening,
You are infected by a rogue, definitely do not pay attention to its alert messages.
1. Restart in Safe Mode with Networking.
2. Download RogueKiller (by Tigzy) to your desktop
● Close all your running applications
● Launch RogueKiller.exe
If the infection blocks the program, you may need to restart it multiple times or rename it to winlogon.exe
● Let the prescan finish, click on Scan
● Click on Report to open it and then copy/paste it into your next message.
See you later
--
“Reason and logic can do nothing against stubbornness and foolishness.”
You are infected by a rogue, definitely do not pay attention to its alert messages.
1. Restart in Safe Mode with Networking.
2. Download RogueKiller (by Tigzy) to your desktop
● Close all your running applications
● Launch RogueKiller.exe
If the infection blocks the program, you may need to restart it multiple times or rename it to winlogon.exe
● Let the prescan finish, click on Scan
● Click on Report to open it and then copy/paste it into your next message.
See you later
--
“Reason and logic can do nothing against stubbornness and foolishness.”
Well, folks, I want to let you know that I found the solution! Even simpler than you think :O
Start your computer in safe mode with networking,
- Go to the Start Menu
- All Programs
- Accessories
- System Tools
- System Restore
Then restore to a date prior to when you encountered the "fake antivirus".
Then normally it should be all good!
Well, anyway, I'm no longer bothered by this Security Shield ^.^
Start your computer in safe mode with networking,
- Go to the Start Menu
- All Programs
- Accessories
- System Tools
- System Restore
Then restore to a date prior to when you encountered the "fake antivirus".
Then normally it should be all good!
Well, anyway, I'm no longer bothered by this Security Shield ^.^
Good evening,
Restoration only renders the infection inactive, so if everything is good except for that.
Especially since depending on the type of rogue, it's only the tip of the iceberg.
I advise you to at least run a scan with Malwarebytes
And above all, to update the system and sensitive software because the vulnerabilities that allowed the infection to occur are still present.
Have a good evening
--
“Reason and logic can do nothing against stubbornness and folly.”
Restoration only renders the infection inactive, so if everything is good except for that.
Especially since depending on the type of rogue, it's only the tip of the iceberg.
I advise you to at least run a scan with Malwarebytes
And above all, to update the system and sensitive software because the vulnerabilities that allowed the infection to occur are still present.
Have a good evening
--
“Reason and logic can do nothing against stubbornness and folly.”
x-Morgane-x,
Having trouble starting in safe mode or downloading RogueKiller?
See you later
--
"Reason and logic can do nothing against stubbornness and foolishness."
Having trouble starting in safe mode or downloading RogueKiller?
See you later
--
"Reason and logic can do nothing against stubbornness and foolishness."
No worries, have a good evening
--
"Reason and logic can do nothing against stubbornness and folly."
--
"Reason and logic can do nothing against stubbornness and folly."
I was also infected by Security Shield! This virus prevented me from doing anything. I couldn't connect to the internet and even couldn't access the start menu! I restarted my PC in safe mode with network support, and I performed the following steps: start, accessories, system tools, system restore. Unfortunately, my restore mode was disabled. So I had to go back to normal mode, do the same steps, and enable the restore. I then tried to restore in normal mode, but that damn virus prevented me from opening the page to create a previous restore point. I finally restored my PC in safe mode; this time it worked since I had enabled the restore in normal mode!!! I advise you once the virus is gone to do a complete scan with Malwarebytes (download it from télécharger.net). You can keep it afterwards. If you use RogueKiller be careful not to keep it! Have a good evening.
So I downloaded Malwarebytes, ran a scan, it detected 2 viruses, I deleted them. Is everything good now?
Thank you to LIK74, it works very well for me :)
For those who, like me, can't restart in Safe Mode:
Click on the "Start" button > type msconfig in the search bar and hit enter > Go to the "Boot" tab > Check "Safe boot", then "Minimal" > restart, you are in Safe Mode.
To return to normal mode, do the same steps but this time, uncheck the boxes ;)
For those who, like me, can't restart in Safe Mode:
Click on the "Start" button > type msconfig in the search bar and hit enter > Go to the "Boot" tab > Check "Safe boot", then "Minimal" > restart, you are in Safe Mode.
To return to normal mode, do the same steps but this time, uncheck the boxes ;)
and if the infection blocks safe mode your PC restarts in a loop and you're screwed!!
avoid giving useless instructions, thank you, it will prevent PCs from crashing!!
--
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
do not keep disinfection tools on the PC, they are updated every day
avoid giving useless instructions, thank you, it will prevent PCs from crashing!!
--
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
do not keep disinfection tools on the PC, they are updated every day
stop emergency (faster)
safe mode (f8 at startup, before the "starting windows" page)
internet, search for roguekiller
download roguekiller, run it
scan and delete
if the file returns, safe mode, scan and delete
safe mode (f8 at startup, before the "starting windows" page)
internet, search for roguekiller
download roguekiller, run it
scan and delete
if the file returns, safe mode, scan and delete
I have the same issue, I have already posted twice... so sorry to pollute your conversation, could you see what’s going on with the RK report below?
RogueKiller V7.3.1 [10/03/2012] by Tigzy
email: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com
Operating system: Windows 7 (6.1.7600) 32 bits version
Booting: Normal mode
User: Nicolas [Admin rights]
Mode: Search -- Date: 19/03/2012 20:38:38
¤¤¤ Malicious processes: 0 ¤¤¤
¤¤¤ Registry entries: 4 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Specific files / folders: ¤¤¤
¤¤¤ Driver: [LOAD] ¤¤¤
SSDT[84] : NtCreateSection @ 0x82E5833A -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0x99A27700)
¤¤¤ Infection: ¤¤¤
¤¤¤ HOSTS file: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6L300S0 ATA Device +++++
--- User ---
[MBR] c4aefade76efaca7fe3bce33f7380753
[BSP] 7efc7a235fe51209ece1566cc6c3d582 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 41087 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 84353024 | Size: 244999 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished: << RKreport[1].txt >>
RKreport[1].txt
Thank you for creating your own topic if you would like to get help.