View original (French)

How to delete Security Shield?

Solved
x-Morgane-x Posted messages 17 Status Member -  
 g3n-h@ckm@n -
Hello,

While browsing websites on the internet, a "virus" (Security Shield) installed itself on my computer.
I researched online, and according to what I've read, it's a software that pretends to be an antivirus and detects viruses that I don't have...
I've had it for a few days, and I can't get rid of it...
When it alerts me to fake viruses, I can't close the small window; I have to click "Yes, activate Security Shield," etc., to finally click "yes" when they ask if I'm sure I want to continue without my computer being protected... But the window automatically comes back, I can hardly do anything... It blocks the internet, access to my files, etc...
I know that in safe mode it doesn't appear anymore, but I want to remove it so I can switch back to normal mode... ^^
So if you have any RELIABLE and FREE software to suggest that can remove Security Shield, please let me know which ones :)
Otherwise, I've read that we could manually delete the components of Security Shield, but that it's quite dangerous because a wrong move could crash the computer...
If that's the only solution left, please explain in detail where to find these components and which ones to delete... Because I tried to look and I didn't find anything ._.
(Ps: I'm only 14, I'm not very skilled ^^ )

I look forward to your responses,
Thanks in advance.

Configuration: Windows 7 / Firefox 3.5.15

14 answers

  1.
    kalimusic Posted messages 14619 Status Security Contributor 3 027
     
    Good evening,

    You are infected by a rogue, definitely do not pay attention to its alert messages.

    1. Restart in Safe Mode with Networking.

    2. Download RogueKiller (by Tigzy) to your desktop
    Close all your running applications
    ● Launch RogueKiller.exe
    If the infection blocks the program, you may need to restart it multiple times or rename it to winlogon.exe
    ● Let the prescan finish, click on Scan
    ● Click on Report to open it and then copy/paste it into your next message.

    See you later
    --
    “Reason and logic can do nothing against stubbornness and foolishness.”
    11
    1. Lisele
       
      Good evening,
      I have the same issue, I have already posted twice... so sorry to pollute your conversation, could you see what’s going on with the RK report below?

      RogueKiller V7.3.1 [10/03/2012] by Tigzy
      email: tigzyRK<at>gmail<dot>com
      Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
      Blog: http://tigzyrk.blogspot.com

      Operating system: Windows 7 (6.1.7600) 32 bits version
      Booting: Normal mode
      User: Nicolas [Admin rights]
      Mode: Search -- Date: 19/03/2012 20:38:38

      ¤¤¤ Malicious processes: 0 ¤¤¤

      ¤¤¤ Registry entries: 4 ¤¤¤
      [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
      [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
      [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
      [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

      ¤¤¤ Specific files / folders: ¤¤¤

      ¤¤¤ Driver: [LOAD] ¤¤¤
      SSDT[84] : NtCreateSection @ 0x82E5833A -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0x99A27700)

      ¤¤¤ Infection: ¤¤¤

      ¤¤¤ HOSTS file: ¤¤¤
      127.0.0.1 www.007guard.com
      127.0.0.1 007guard.com
      127.0.0.1 008i.com
      127.0.0.1 www.008k.com
      127.0.0.1 008k.com
      127.0.0.1 www.00hq.com
      127.0.0.1 00hq.com
      127.0.0.1 010402.com
      127.0.0.1 www.032439.com
      127.0.0.1 032439.com
      127.0.0.1 www.0scan.com
      127.0.0.1 0scan.com
      127.0.0.1 1000gratisproben.com
      127.0.0.1 www.1000gratisproben.com
      127.0.0.1 1001namen.com
      127.0.0.1 www.1001namen.com
      127.0.0.1 100888290cs.com
      127.0.0.1 www.100888290cs.com
      127.0.0.1 www.100sexlinks.com
      127.0.0.1 100sexlinks.com
      [...]


      ¤¤¤ MBR Check: ¤¤¤

      +++++ PhysicalDrive0: Maxtor 6L300S0 ATA Device +++++
      --- User ---
      [MBR] c4aefade76efaca7fe3bce33f7380753
      [BSP] 7efc7a235fe51209ece1566cc6c3d582 : Windows 7 MBR Code
      Partition table:
      0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
      1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 41087 MB
      2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 84353024 | Size: 244999 MB
      User = LL1 ... OK!
      User = LL2 ... OK!

      Finished: << RKreport[1].txt >>
      RKreport[1].txt
      0
    2. x-Morgane-x Posted messages 17 Status Member 2
       
      Heeeu yeah I didn't understand anything of what you put ^^'
      0
    3. Lisele
       
      It's the report you get at the end when you've downloaded roguekiller; that's what kalimusic asks you to post in your response.
      0
    4. x-Morgane-x Posted messages 17 Status Member 2
       
      But I don't know, I didn't download it.
      0
    5. kalimusic Posted messages 14619 Status Security Contributor 3 027
       
      @ Lisele :

      Thank you for creating your own topic if you would like to get help.
      0
  2. x-Morgane-x Posted messages 17 Status Member 2
     
    Well, folks, I want to let you know that I found the solution! Even simpler than you think :O
    Start your computer in safe mode with networking,
    - Go to the Start Menu
    - All Programs
    - Accessories
    - System Tools
    - System Restore

    Then restore to a date prior to when you encountered the "fake antivirus".
    Then normally it should be all good!
    Well, anyway, I'm no longer bothered by this Security Shield ^.^
    1
    1. Ana kook
       
      Thank you for the advice. It works! I still did a scan afterwards because some say that the restoration just puts the virus aside but doesn't destroy it!
      0
    2. lulu
       
      thank you thank you it works
      0
  3. kalimusic Posted messages 14619 Status Security Contributor 3 027
     
    Good evening,

    Restoration only renders the infection inactive, so if everything is good except for that.
    Especially since depending on the type of rogue, it's only the tip of the iceberg.

    I advise you to at least run a scan with Malwarebytes
    And above all, to update the system and sensitive software because the vulnerabilities that allowed the infection to occur are still present.

    Have a good evening
    --
    “Reason and logic can do nothing against stubbornness and folly.”
    1
  4. kalimusic Posted messages 14619 Status Security Contributor 3 027
     
    x-Morgane-x,

    Having trouble starting in safe mode or downloading RogueKiller?

    See you later
    --
    "Reason and logic can do nothing against stubbornness and foolishness."
    0
  6. x-Morgane-x Posted messages 17 Status Member 2
     
    Okay, I'll do that tomorrow in the evening; I have to go to sleep now, I have class tomorrow lol.
    0
  7. kalimusic Posted messages 14619 Status Security Contributor 3 027
     
    No worries, have a good evening
    --
    "Reason and logic can do nothing against stubbornness and folly."
    0
  8. x-Morgane-x Posted messages 17 Status Member 2
     
    But what's the point of doing a scan?
    And how can we completely remove it?
    0
  9. Ana kook
     
    I was also infected by Security Shield! This virus prevented me from doing anything. I couldn't connect to the internet and even couldn't access the start menu! I restarted my PC in safe mode with network support, and I performed the following steps: start, accessories, system tools, system restore. Unfortunately, my restore mode was disabled. So I had to go back to normal mode, do the same steps, and enable the restore. I then tried to restore in normal mode, but that damn virus prevented me from opening the page to create a previous restore point. I finally restored my PC in safe mode; this time it worked since I had enabled the restore in normal mode!!! I advise you once the virus is gone to do a complete scan with Malwarebytes (download it from télécharger.net). You can keep it afterwards. If you use RogueKiller be careful not to keep it! Have a good evening.
    0
    1. 2003288
       
      Thank you, it worked but it wasn't easy. I had disabled it but it was still manually controlling my computer. I got it, thanks.
      0
  10. x-Morgane-x Posted messages 17 Status Member 2
     
    So I downloaded Malwarebytes, ran a scan, it detected 2 viruses, I deleted them. Is everything good now?
    0
  11. Pakito
     
    Thank you LIK74, perfect explanations, it was resolved in 5 minutes!
    0
  12. GGambas
     
    Thank you to LIK74, it works very well for me :)

    For those who, like me, can't restart in Safe Mode:

    Click on the "Start" button > type msconfig in the search bar and hit enter > Go to the "Boot" tab > Check "Safe boot", then "Minimal" > restart, you are in Safe Mode.

    To return to normal mode, do the same steps but this time, uncheck the boxes ;)
    0
  13. g3n-h@ckm@n
     
    and if the infection blocks safe mode your PC restarts in a loop and you're screwed!!

    avoid giving useless instructions, thank you, it will prevent PCs from crashing!!
    --
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    do not keep disinfection tools on the PC, they are updated every day
    0
  14. SHad3x
     
    stop emergency (faster)
    safe mode (f8 at startup, before the "starting windows" page)
    internet, search for roguekiller
    download roguekiller, run it
    scan and delete

    if the file returns, safe mode, scan and delete
    0
  15. g3n-h@ckm@n
     
    yuck, what you shouldn't read!!!
    --
    ¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
    0