9 Replies Latest reply on Feb 23, 2012 11:31 AM by newjack

    Security Shield Virus

      Hey Everyone,

       

      Yesterday my computer became infeced with the Security Shield Virus. I had the 90 day trial of McAfee , i know that it wasnt sufficent protection but i was wondering if anyone had ways to remove it. I am not very advanced in using computers so if someone has a guide i would really appreicate it.

       

      Thanks,

       

      Kumar

        • 1. Re: Security Shield Virus
          Peter M

          Hi Kumar,

           

          There's a step-by-step guide HERE but scroll down that page and read it first before clicking anything.  The first few links you will see are all advertising that helps pay for their services.

           

          It eludes antivirus software because it masquerades as anti-malware so it not really a virus, trojan or worm.  Hence the need for specialist tools.

          • 2. Re: Security Shield Virus
            Peter M

            I should have added that there is a page with some recommended tools and hints HERE.

            • 3. Re: Security Shield Virus

              Thank you! Wil give it try either tonight or tomorrow and will keep you posted!

               

              Thanks

              • 4. Re: Security Shield Virus
                Peter M

                OK, good luck.

                • 5. Re: Security Shield Virus

                  @Ex_Brit:

                   

                  First, thank you very much for the links.  I too picked up Security Shield yesterday at a site masquerading as a javascript tutorial.  The instructions at bleepingcomputer.com (rKill and Malwarebytes etc.) seemed to do the trick.

                   

                  Second, I'm a little surprised that I had to go through this given that McAfee antivirus with real time protection was installed, updated with current definitions (the most recent update was earlier that same day), and operating properly.  What I'm taking issue with is your statement:

                   

                  --"It eludes antivirus software because it masquerades as anti-malware so it not really a virus, trojan or worm."--

                   

                  Given the wealth of material about Security Shield on the web, it's known malware that should be protected against by McAfee.  Do you disagree?  If I have to rely on shareware programs like Malwarebytes to perform these tasks, I have to wonder what I'm paying McAfee for...

                   

                  Rant aside, thank you for the links and the info (sincerely). 

                   

                  -Scott

                  • 6. Re: Security Shield Virus
                    Peter M

                    Antivirus software generally already catches millions of bad things and is updated to the tune of thousands daily but in order to trap this sort of thing its heuristic or unknown detection engine would have to be cranked so high that your machine would most likely be rendered useless in no time as it would identify almost everything as a potential threat.  That's why tools like Malwarebytes, RKill and others are out there.

                     

                    I'll quote a Malwarebytes developer, Bruce Harrison, which explains the difference:

                     

                    As far as why MBAM (Malwarebytes) is very good at dealing with this infection, that is simple. MBAM is designed to be very good at dealing with malware that the AVs seem to be having problems with. I do not spend my time making MBAM detect millions of infections that any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it.  A huge chunk of the research that goes into MBAM revolves around what we see making it into HJT threads as the vast majority of these threads involve antivirus software that was in some way bypassed.
                    ...
                    Let's settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future.  MBAM will NEVER add antivirus abilities to its core app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say :

                    "No, MBAM can't replace your existing antivirus software and is not designed to."

                     

                    So the same is true for antivirus software.

                     

                     

                     

                     

                     

                    .

                     

                     

                     

                    Message was edited by: Ex_Brit on 28/02/12 6:15:50 EST AM
                    • 7. Re: Security Shield Virus

                      Hey, so i just compeelted this steps. I think i was succesful in removing the secuirty sheild. I have the report from the mbam with this. I was wondering if anyone knows anyways to prevent this from happeing again? or any further steps i should take?

                       

                      Plus I would like to THANK everyone personally, especially Peter for heling me and really apreciate all the help.

                       

                       

                      Thanks,

                       

                      Kumar

                       

                      Malwarebytes Anti-Malware (Trial) 1.60.1.1000

                      www.malwarebytes.org

                       

                      Database version: v2012.02.23.02

                       

                      Windows 7 Service Pack 1 x86 NTFS

                      Internet Explorer 9.0.8112.16421

                      Netbook :: NETBOOK-PC [administrator]

                       

                      Protection: Enabled

                       

                      2/23/2012 11:45:25 AM

                      mbam-log-2012-02-23 (11-45-25).txt

                       

                      Scan type: Quick scan

                      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

                      Scan options disabled: P2P

                      Objects scanned: 181992

                      Time elapsed: 21 minute(s), 50 second(s)

                       

                      Memory Processes Detected: 0

                      (No malicious items detected)

                       

                      Memory Modules Detected: 0

                      (No malicious items detected)

                       

                      Registry Keys Detected: 0

                      (No malicious items detected)

                       

                      Registry Values Detected: 0

                      (No malicious items detected)

                       

                      Registry Data Items Detected: 0

                      (No malicious items detected)

                       

                      Folders Detected: 0

                      (No malicious items detected)

                       

                      Files Detected: 0

                      (No malicious items detected)

                       

                      (end)

                      • 8. Re: Security Shield Virus
                        Peter M

                        The only protection at the moment is safe surfng and being extra careful what you click on.

                         

                        I see that you have the trial version of Malwarebytes Pro, this can clash with your antivirus because it has active protection.   I suggest you uninstall it and use their free version only. 

                         

                        See the link at the bottom my signature below.

                        • 9. Re: Security Shield Virus

                          Other then What Peter said. It is always a Good Idea to keep 1 or 2 Antispyware type on demand scanners Like Malwarebytes free &  Or superantispyware availiable.

                          You Should also run a Scan With 1 of these programs At least once a Month or every other week.