I'm the latest victim of this thing. I found a lot of helpful advice here: http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield But after running a full scan with Malwarebytes' Anti-Malware, it came up with no results. I also followed a YouTube video where they directed you to the likely location of the Security Shield file and did not find it there (C: Users > User Name > AppData). Any ideas on what to try next? Thanks!
If Malwarebytes found nothing try Stinger from THIS page. If that doesn't help then follow the Hijackthis recommendations further down that page.
It is probably under hidden files.If you know the location,go back in to programs & features(hidden files) under View & check show hidden files.Did You also run Rkill first? If not here are the links for RKILL http://www.bleepingcomputer.com/download/anti-virus/rkill Run RKill first.Make sure to floow the Instructions carefully.This should work. Good Luck
Thank you Ex_Brit and newjack for the fast replies! I rebooted in Safe mode with Networking so that Security Shield wouldn't automatically start up. Then I looked again at the files in the AppData folder and there was one that looked suspicious that I hadn't noticed before. I double-clicked it and sure enough Security Shield started right up. The YouTube advice I found said it would appear as a file with a name consisting of 8-10 digits. The file I found was 10 random letters. It's icon was the Recycle Bin, it's file type was Application, and it was about 317k in size (details provided for potential future victims looking for advice). I guess the authors of this malware have mutated it's appearance since that YouTube video came out. Anyway, I then deleted it, rebooted and problem solved! I then ran a full McAfee virus scan, which didn't turn up anything. Thanks again for the advice - this was my first experience here and I was very happy to get two replies so quickly.
FYI - newjack: I did have the hidden files showing. And I decided to skip the Rkill step since that guide said that Rkill was only needed to end Security Shield's processes. I figured that booting in Safe mode would have the same effect.
I notice that BleepingComputer forums has two removal guides, this one appears slightly different: http://www.bleepingcomputer.com/virus-removal/remove-security-shield
try re-starting your computer and then starting it in Safe Mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.
Thanks for the valuable info...
Mine had a green shield logo with a tick in the middle, but as with yours had 9 random letters...
Thanks it has now been removed and computer is now sorted..