My Security Shield

August 4th, 2010
Home » Rogue Antispyware » My Security Shield
Repair and protect your computer easily. Download My Security Shield removal tool  

My Security Shield description

My Security Shield is a rogue anti-spyware application which is also a clone of Virus Doctor scam. The trojan based software starts its activities as soon as it is installed to your computer. Trojan comes to the system through its vulnerabilities and makes a perfect background for malwares to sneak. My Security Shield downloads itself automatically without user’s knowledge and consent.

Once active the parasite starts to scan your computer and shows numerous pop-ups stating about your machine infections. My Security Shield will flood your desktop with various security threats and fake warning messages. Few of displayed security alerts:

Warning! Access conflict detected!
An unidentified program is trying to access system process address space.
Process Name: AllowedForm
Location: C:\Windows\…\notepad.exe

Warning! Identity theft attempt detected

Memory access problem
WindowsErrorForm has encountered a problem at address 0×1FC408.
We are sorry for the inconvenience.
If you see this error again, operational information can be irrevocably lost.

Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user’s passwords.

Malware gains to trick user into believing their computer is severely compromised and has to be healed from viruses. For that it will offer to purchase its supposedly legal version of the program. This is a scam and all information it shows should be ignored. My Security Shield is able to redirect your browser to counterfeit websites that sell the application. The information malware displays is unreliable therefore it can’t be trusted. Use a decent anti-spyware program and terminate My Security Shield upon detection.

Manual My Security Shield Removal


My Security Shield processes:

kernel32.exe
DBOLE.exe
MS345d_2129.exe
Help: A Guideline of Killing Malicious Processes


My Security Shield registry values:

HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "control/7.02129"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Shield"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
Help: How to edit windows registry entries


My Security Shield DLLs:

std.dll
PE.dll
fan.dll
sqlite3.dll
mozcrt19.dll


Other malicious My Security Shield files:

c:\Documents and Settings\All Users\Application Data\345d567\
c:\Documents and Settings\All Users\Application Data\345d567\4475.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\MS345d_2129.exe
c:\Documents and Settings\All Users\Application Data\345d567\MSS.ico
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
c:\Documents and Settings\All Users\Application Data\345d567\MSSSys\
c:\Documents and Settings\All Users\Application Data\345d567\MSSSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Item\
c:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\
c:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\MSJYQMS.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk
%UserProfile%\Application Data\My Security Shield\
%UserProfile%\Application Data\My Security Shield\cookies.sqlite
%UserProfile%\Application Data\My Security Shield\Instructions.ini
%UserProfile%\Desktop\My Security Shield.lnk
%UserProfile%\Recent\cid.drv
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\delfile.sys
%UserProfile%\Recent\fan.dll
%UserProfile%\Recent\grid.sys
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.drv
%UserProfile%\Recent\std.dll
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\My Security Shield.lnk
%UserProfile%\Start Menu\Programs\My Security Shield.lnk

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete My Security Shield, if you are not familiar with deleting malware manually.

Tags:

5 comments

Add your comment
  1. Mystical Wellendorff says:
    February 8, 2011 at 4:20 pm

    I want to get ride of the trojan and i don’t know how… i never meant to put it on here and i want to get rid of it… please help

    [Reply]

    gina Reply:
    February 8th, 2011 at 11:58 pm

    Run antispyware program or use manual removal guide of My Security Shield. Follow instructions step-by-step

    [Reply]

    Reply

Trackbacks /
Pingbacks

  1. Remove Secure1.protection-av.com / Secure1.protection-av.net, Secure1.protection-av.com / Secure1.protection-av.net removal guide
  2. Remove Security Hijack, Security Hijack removal tool
  3. Remove Personal Internet Security 2011, Personal Internet Security 2011 removal guide

Leave a Reply