Windows Shield Protector is a fake anti-virus program that sneaks into computers using fake Microsoft Security Essentials alert. This is a misleading alert that mimics the look of the real MSE and aims to deceive victims. As a matter of fact, this malware is part of a much larger online fraud activities that will swindle money from innocent victims.
Windows Shield Protector will exhibit a bunch of fake virus detection on the computer. It may appear as pop-up from system tray that bothers PC’s operation. Also, false detection may come as a result of its own scanning performed on the compromised computer. It will appear on the system as:
“Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more.”
This malware will offer a system scan and prompt to install Windows Shield Protector to be able to detect and remove viruses. Once a copy of Windows Shield Protector is installed, the same process will take place, but this time since Windows Shield Protector is already on the computer, it will advise to pay for the registration key in order to make Windows Shield Protector fully functional. Actually, none of the recommended solution will work to get rid of viruses. The real and only solution is to remove Windows Shield Protector itself by running a full scan of anti-malware application. As provided on this page, anti-malware can remove Windows Shield Protector virus automatically together with embedded malicious files and registry entries.
What are the Symptoms of Windows Shield Protector Infection?
Once the malware is present, you will see the fake computer security scanner similar to the image below.
It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = ‘%UserProfile%\Application Data\.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
The threat will drop the following malicious files:
%UserProfile%\Application Data\[random].exe
How to Remove Windows Shield Protector Manually
1. Restart your computer in SafeMode
– Press F8 on keyboard as soon as you turn on the computer
– Select SafeMode to start the computer loading only minimal resources
2. Delete Windows registry entries the malware created. It is important to BACKUP YOUR REGISTRY FIRST.
– On Windows Start Menu, Click Start > Run
– Type in the field, regedit
– Find registry entries mentioned above and delete if necessary
3. Files related to Windows Shield Protector must be deleted:
– Browse and delete malicious files detected above.
– Some files cannot be deleted instantly. Press Ctrl+Alt+Del to open Windows Task Manager, look for any virus-related files mentioned on this page and highlight it, click End Process. Try to delete the file once more.
4. Run Antivirus Program
– You must be connected to Internet to be able to update your anti-virus program. This is needed to have the latest database available and detect newer threats.
– Thoroughly scan the computer and clean or delete all detected threats.
How to Easily Remove Windows Shield Protector
1. Print this procedure as we need to close all running programs later.
2. Download AntiMalware Application here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exe to start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
– Update the program
– Launch the program
7. The tool will run and update itself after installation. Close it after the update.
8. Restart your computer in SafeMode
– After Power-On the computer, just before Windows start, press F8
– From the selections, Select SafeMode
9. Click on the icon and start to Perform Full Scan to begin scanning your computer for Windows Shield Protector related files.
10. After scanning, a message will appear stating that the scan is completed successfully. Click OK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit AntiMalware Apps and restart your computer.
14. Windows Shield Protector and all its files are now removed from your computer. To guard your computer from this threat and avoid future infections, you may want real-time protection from a full version of anti-malware program..
