Windows Shield Tool

February 27th, 2012
Home » Rogue Antispyware » Windows Shield Tool
Repair and protect your computer easily. Download Windows Shield Tool removal tool  

Windows Shield Tool description

Windows Shield Tool is a rogue anti-spyware application which spreads via trojan horse. The trojan based software starts its activities as soon as it is installed on your computer. It downloads itself automatically without user’s knowledge and consent.

Once installed it starts to scan your PC and displays numerous fake warning messages that state about computer infections. For example:

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Error
Attempt to run a potentially dangerous script detected.
Full system is highly recommended.

Warning! Virus Detected
Threat detected: FTP Server

Infected file: C:\Windows\System32\dllcache\wmploc.dll

Do not fall for this scam because Windows Shield Tool tries to trick you into thinking your system is severely compromised and needs being healed with it “full” version. This is a fraud. Do not fall for this scam because purchasing it means you’ll get more viruses onto your PC.Choose decent anti-spyware application and get rid of Windows Shield Tool immediately.

Manual Windows Shield Tool Removal


Windows Shield Tool processes:

Protector-.exe
Help: A Guideline of Killing Malicious Processes


Windows Shield Tool registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = twflowpdap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-24_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe
Help: How to edit windows registry entries


Other malicious Windows Shield Tool files:

%StartMenu%\Programs\Windows Shield Tool.lnk
%AppData%\Protector-.exe
%AppData%\result.db
%Desktop%\Windows Shield Tool.lnk

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete Windows Shield Tool, if you are not familiar with deleting malware manually.

Tags:

Leave a Reply