Fake Scanner Sites
Google Search Redirects
Alias: Security Shield, Security Tool, System Tool, Security Shield Fake Antivirus, Security Shield Trojan
Description: Security Shield is a new variant of Security Tool and System Tool fake antivirus products. Security Shield is a rogue anti-virus application which may be secretly installed by a trojan or manually downloaded from one of many fraudulent Fake Scanner Sites. Security Shield can block you from running removal programs and tools (see Symptoms section below). If the infection is blocking your removal attempts, we have easy to follow special workaround instructions below that will allow you to remove Security Shield.
Security Shield Special Removal Instructions
Step 1: Download Vkill. If you cannot download directly to the infected computer, you can download it onto a clean computer and transfer it to the infected computer (by using a network or a flash drive). Note that you can download Vkill even if your browser is being blocked by the infection, simply type the address www.spynomore.com/downloads/vkill.exe into your browser's address bar and hit enter. If you are using a 64-bit version of Windows, download this version of Vkill instead: www.spynomore.com/downloads/vkill64.exe. See picture below:
Step 2: Double-click Vkill several quick times in a row to disable Security Shield. Make sure to save any unsaved work before you do that. You will know that Vkill was successfull in disabling Security Shield once you are able to see a text file open up. The text file will show the names of the processes killed.
Step 3: Once Security Shield has been disabled, you can download and run SpyNoMore. SpyNoMore will download updates then scan your computer and if Security Shield is present, SNM will detect it and you will be able to see either Security Shield or Fake Alert in the scan results. These are the same product. Please note that the free version of SpyNoMore will only show you the detections. In order to remove the infection you need to purchase a 1-year license which costs $29 (or $39 for 3 computers). In all cases, you will be able to see the infection in the free version scan results.
Step 4: Purchase the activation key from a clean computer by clicking on our Purchase link on spynomore.com. Write down the activation key and use it to activate SNM on the infected computer. This will remove Security Shield and restore your internet connection. You will again be able to run your programs and applications without trouble.
Once installed, Security Shield performs a fake system scan then displays exaggerated fake results as shown below:
Security Shield displays several fake warning messages such as these:
Security Shield periodically displays fake balloon messages titled "Security Shield Warning". It can also restart your computer from time to time. Upon restart, you may see a fake "nonpaged area" blue screen of death message such as this one:
Hijacker - A Hijacker is a software application that takes control of your browser's settings. Usually it changes your home page and redirects it to some unknown site or modifies your search settings. It prevents you from changing back your browser's settings. An infected browser usually operates much slower.
Ransomware - Ransomware is a software application that infects a computer and asks for money to have the infection removed.
Trojan - A Trojans or Trojan Horse is any programs that installs itself secretly normally via malware programs, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete control of the infected PC. Trojans are usually designed to steal sensitive information and/or destroy the system. Trojans can be distributed as unsolicited email attachments, or bundled with freeware and shareware programs.
Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer and / or to protect your privacy.
SpyNoMore removes Security Shield: Yes
Threat risk: Very High Risk
Extremely dangerous malware. Uses stealth installation, randomly named entries and has the capability to self update or resurrect after incomplete removal. Almost impossible to remove manually. Category mostly consists of trojans and spyware.
Running Process Signatures:
Registered Dll (Dynamic Link Library) Signatures:
SpyNoMore Collected Residual File Signatures: