Thursday, August 12, 2010

My Security Shield Removal GuideMy Security Shield Removal Guide

My Security Shield Removal Guide
My Security Shield is a fake antivirus program which intend to urge the user whose computer is infected by My Security Shield to purchase the full version of My Security Shield. My Security Shield produces fake alert in order to cheat the user. My Security Shield installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. My Security Shield will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of My Security Shield to remove all the malwares.

My Security Shield ask the user to activate My Security Shield to get ultimate protection against Identify Theft, Malware and other threats! My Security Shield create a fake Windows Advanced Security Center and warn the user that the system is not cleaned yet! It show the users that the Firewall, Automatics Updates and Antivirus Protection are in the "OFF" state.

My Security Shield should be removed immediately!

My Security Shield Removal Guide
Kill Process
(How to kill a process effectively?)
MS345d_2129.exe
DBOLE.exe
kernel32.exe

Unregister DLL files
mozcrt19.dll
sqlite3.dll

Delete Registry
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "control/7.02129"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Shield"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"

Remove Folders and Files
%AllUserProfile%\Application Data\345d567
%AllUserProfile%\Application Data\MSHBXRCOBWS
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk
%UserProfile%\Application Data\My Security Shield
%UserProfile%\Desktop\My Security Shield.lnk
%UserProfile%\Recent\cid.drv
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\delfile.sys
%UserProfile%\Recent\fan.dll
%UserProfile%\Recent\grid.sys
%UserProfile%\Recent\kernel32.exe
%UserProfile%\Recent\kernel32.sys
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\SICKBOY.drv
%UserProfile%\Recent\std.dll
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\My Security Shield.lnk
%UserProfile%\Start Menu\Programs\My Security Shield.lnk

No comments:

Post a Comment