My Security Shield

From Wiki-Security, the free encyclopedia of computer security

My Security Shield Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<
Notice:






SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:


If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

My Security Shield is rogue antivirus software, and it and all of its iterations and family members are part of a scam. My Security Shield aims to take over your computer, scare you into believing that it has found your computer to be full of viruses, and convince you to pay for its useless, bogus software. It tries to make itself look like real antivirus software or a windows component, with a realistic-looking interface that may even use Windows graphics and fonts, but this is all meant to trick you. Under no circumstances should you pay for or intentionally download My Security Shield.

Different Name, Same Malware

My Security Shield is just one iteration of a long line of malware programs that are basically identical. It was especially prominent in early August 2010, and seems to be showing a resurgence in January 2011. Earlier versions of this same malware were Security Master AV, My Security Engine, Security Guard, CleanUp Antivirus, Virus Doctor, and Smart Security. Other currently circulating versions of the same malware (members of the same malware family) are Windows Defence and Internet Antivirus 2011. The family of rogue anti-virus programs to which My Security Shield belongs to has been around for a while. My Security Shield has been traced to an origin in Russia, and so it follows that these other versions of the same malware are also almost certainly from Russia.

As is typical for rogue antivi-rus malware, My Security Shield usually infects a system by way of a Trojan, although worms and other viruses have been reported. The Trojan that delivers My Security Shield is always hidden in a download or a file that seems harmless. Once it has been unpacked by the Trojan, it sets itself up to run whenever Windows starts, and to redirect you to its own malicious website when you try to access any of the major Internet search providers. When Windows starts, My Security Shield will run a bogus system "scan" and turn up a whole list of scary-sounding infections and problems. The ironic thing is that most, if not all, of these threats that it reports are garbage files that it created so that it could detect them as "malware." It may also list perfectly ordinary programs or Windows components as threats.

Aside from the fake system "scans," My Security Shield will constantly bombard you with error messages, which claim all kinds of horrible things are happening with your computer. If you try to kill My Security Shield using Task Manager, it will shut down Task Manager. Similarly, if you try to open any actual anti-virus or anti-spyware software, My Security Shield will prevent that from opening, too. My Security Shield will tell you over and over that something is wrong with your computer and that it can fix it, if you buy the full version or the product key. My Security Shield is not real antivirus software, and you should not pay for it, no matter how hard it works to try to scare you. The site you are redirected to after agreeing to buy the software or the product key certainly will take your credit card number and charge you for the "full" version of the program, but it will do no more than that. Product keys are never received, and My Security Shield is incapable of performing any antivirus or security functions.

To check your computer for My Security Shield, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting My Security Shield and other threats. If you detect the presence of My Security Shield on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of My Security Shield.

Contents

Detection of My Security Shield (Recommended)

My Security Shield is difficult to detect and remove. My Security Shield is not likely to be removed through a convenient "uninstall" feature. My Security Shield, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove My Security Shield and other spyware, adware, trojans and viruses on your computer.

Run a My Security Shield scan/check to successfully detect all My Security Shield files with the SpyHunter Spyware Detection Tool. If you wish to remove My Security Shield, you can either purchase the SpyHunter spyware removal tool to remove My Security Shield or follow the My Security Shield manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with My Security Shield. My Security Shield can come bundled with shareware or other downloadable software.

Another method of distributing My Security Shield involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing My Security Shield on your system. My Security Shield installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with My Security Shield, use this SpyHunter Spyware dectection tool to detect My Security Shield and other common Spyware infections. After detection of My Security Shield, the next advised step is to remove My Security Shield with the purchase of the SpyHunter Spyware removal tool.

Symptoms

My Security Shield may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of My Security Shield from your computer.

Remedies and Prevention

My Security Shield, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. My Security Shield along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example My Security Shield, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect My Security Shield and other types of spyware.

Remove My Security Shield manually

Another method to remove My Security Shield is to manually delete My Security Shield files in your system. Detect and remove the following My Security Shield files:

Processes

  • %UserProfile%\Recent\DBOLE.exe
  • %UserProfile%\Recent\kernel32.exe
  • C:\Documents and Settings\All Users\Application Data\345d567\MS345d_2129.exe

DLLs

  • %UserProfile%\Recent\fan.dll
  • %UserProfile%\Recent\PE.dll
  • %UserProfile%\Recent\std.dll
  • C:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • C:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll

Other Files

  • %UserProfile%\Recent\cid.drv
  • %UserProfile%\Recent\CLSV.tmp
  • %UserProfile%\Recent\grid.sys
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\tempdoc.tmp
  • %UserProfile%\Recent\kernel32.sys
  • %UserProfile%\Recent\delfile.sys
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Recent\runddlkey.drv
  • %UserProfile%\Recent\SICKBOY.drv
  • %UserProfile%\Application Data\My Security Shield\
  • %UserProfile%\Application Data\My Security Shield\cookies.sqlite
  • %UserProfile%\Application Data\My Security Shield\Instructions.ini
  • C:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\
  • C:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\MSJYQMS.cfg
  • C:\Documents and Settings\All Users\Application Data\345d567\
  • C:\Documents and Settings\All Users\Application Data\345d567\4475.mof
  • C:\Documents and Settings\All Users\Application Data\345d567\MSS.ico
  • C:\Documents and Settings\All Users\Application Data\345d567\MSSSys\vd952342.bd

Registry Keys

  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Shield"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "control/7.02129"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"

External links

If you believe your computer is infected with spyware,
Wiki-Security strongly recommends to download SpyHunter's spyware detection tool to check for spyware on your PC.



Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by My Security Shield or its creators in any way. This website does not advocate the actions or behavior of My Security Shield and its creators. Our objective is to provide Internet users with the know-how to detect and remove My Security Shield and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of My Security Shield in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.
Views
Navigation