While the rogue program is running, it will flag harmless files as malware infections. In fact, My Security Shield drops several files on the system and later detects those files Trojans, worms or other malicious software. This misleading application adds itself to the list of programs that start automatically when Windows OS starts. It will hijack Internet Explorer and other web browsers. It may display search results from findgala.com instead of Google. And of course, it may block safe security related websites and legitimate anti-virus and anti-spyware programs. Last, but not least, you wouldn't imagine a rogue program without fake security alerts and pop-ups from Windows taskbar. My Security Shield has it all. The fake program may display any of the following warning messages:
Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user's passwords.
The home page of My Security Shield is www5.my-security-shield.com. Please do not visit this site.
My Security Shield is from the same family as Security Master AV and My Security Engine scareware.
Also note that this rogue program may come bundled with other malware. Although, it can be removed manually, but we strongly recommend you to use an anti-virus or anti-spyware program in order to remove My Security Shield completely from your computer. Read full removal details below. If you have already bought the rogue program, please contact your credit card company and dispute the charges. If you have any questions or additional information about this malware please leave a comment. Good luck and be safe!
My Security Shield removal instructions:
1. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.
If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Open Internet Explorer and download STOPzilla. Once finished, go back into Normal Mode and run it. That's It!
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
My Security Shield associated files and registry values:
Files:
- C:\Documents and Settings\All Users\Application Data\345d567\
- C:\Documents and Settings\All Users\Application Data\345d567\4475.mof
- C:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
- C:\Documents and Settings\All Users\Application Data\345d567\MS345d_2129.exe
- C:\Documents and Settings\All Users\Application Data\345d567\MSS.ico
- C:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
- C:\Documents and Settings\All Users\Application Data\345d567\MSSSys\vd952342.bd
- C:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\
- C:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\MSJYQMS.cfg
- %UserProfile%\Application Data\My Security Shield\
- %UserProfile%\Application Data\My Security Shield\cookies.sqlite
- %UserProfile%\Application Data\My Security Shield\Instructions.ini
- %UserProfile%\Recent\cid.drv
- %UserProfile%\Recent\CLSV.tmp
- %UserProfile%\Recent\DBOLE.exe
- %UserProfile%\Recent\delfile.sys
- %UserProfile%\Recent\fan.dll
- %UserProfile%\Recent\grid.sys
- %UserProfile%\Recent\kernel32.exe
- %UserProfile%\Recent\kernel32.sys
- %UserProfile%\Recent\PE.dll
- %UserProfile%\Recent\PE.tmp
- %UserProfile%\Recent\runddlkey.drv
- %UserProfile%\Recent\SICKBOY.drv
- %UserProfile%\Recent\std.dll
- %UserProfile%\Recent\tempdoc.tmp
- %UserProfile%\Recent\tjd.sys
- HKEY_CURRENT_USER\Software\3
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "control/7.02129"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Shield"
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
No comments:
Post a Comment