What this infection does:

Security Shield is a rogue spyware infection that is a variant of Security Tool. This rogue is installed through; other malware, fake online programs claiming that they are anti-malware scanners or prompt that your system is infected. Once installed, on your system Security Shield will be configured to start automatically when Windows starts. Once started, it will perform a scan of your computer and state that there are numerous infections present on your computer. If you attempt, though, to remove any of these so-called infections the program will state that you first need to purchase it. In reality, all of the files it states are infections are legitimate Windows files. Therefore, do not manually delete any of the files it states are infections as you may cause Windows to not operate correctly. The following images will have indicators pointing out how far the creators of this virus went to make it seem real.

 In order to protect itself, Security Shield will terminate almost all processes that you start. It does this so that you cannot launch any security programs that may have the ability to remove the infection. The message that you will see when you attempt run a program is similar to the one below:

Security Shield "cmd.exe" is infected with "Worm.Win32.Autorun.bnb". Do you want to register your copy and remove all threats now?

Just like the scan results, this infection warning is fake and should be ignored.

While running, Security Shield will also display numerous security alerts that are an attempt to make you think that your computer has a serious computer problem. Some of the texts that you may see are:

Security Shield Warning

Spyware.IEMonster activity detected. This form of spyware attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other commonly used programs. Click here to immediately remove it with Security Shield.

Security Shield Warning

Intercepting malicious software that may violate your privacy and harm your computer has been detected. Click here to remove now with Security Shield.

Security Shield Warning

Some of the important system files on your PC were modified by malicious software. It may cause system crashes and data losses.

Click here to prevent non-authorized changes and remove threats (Recommended)

Security Shield

Security Shield Firewall Alert

Security Shield has prevented a program from accessing the internet.

"iexplore.exe" is infected "Trojan-Dropper.Win32.Agent". This worm has to tried to use "iexplore.exe" to connect to remove host and send your credit card information

All of these alerts are fake and should be ignored. They are just another tactic that is being used to make you think that your computer is infected.

Without a doubt, Security Shield was created to trick you into registering the program. Therefore, do not purchase Security Shield for any reason, and if you already have, please contact your credit card company and state that the program is a computer infection and a scam and that you would like to dispute the charge. To remove this infection a standard Virus Removal should be sufficient.

 Threat Classification:

Rogue Programs & Scareware

Associated Security Shield Files:

c:\Documents and Settings\Bleeping\Local Settings\Application Data\<random numbers>.exe

Associated Security Shield Windows Registry Information:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "<random numbers>

HKCU\..\RunOnce: [<random numbers>] %AppData%\<random numbers>.exe

Sure this an old infection but it is one of the first that was created so extensively. Many individuals believed this was a legitimate program considering it looked so real. If you are infected with this please contact a Daedalus Tek to assist you.