My Security Shield Removal

My Security Shield is a rogue anti-malware that hails from the family of dangerous software that spawned such applications as Security Master AV, Virus Doctor and My Security Engine. Similarly to its relatives, it attempts to trick users into paying for a software license that is fake. My Security Shield gets installed on users systems thanks to Trojans that get downloaded from fake security websites which use security loopholes in the user’s system to break through. Once established on the user’s computer, My Security Shield proceeds to load at startup as a service and to perform an endless stream of fake security scans on the system. However, it must be noted that the reported ‘threats’ from these scans are completely non-existent. My Security Shield also displays fake security pop-ups from the Windows Taskbar, which causes a lot of nervousness in the hearts of users. The aim of all these warnings is to try and trick the user into paying for a software license under the claim that the currently installed ‘trial’ version of My Security Shield is incapable of properly scanning the system, and that the user should get the ‘full’ version to fix the problem. It should be kept in mind at all times that My Security Shield is a fake application and as such it cannot scan or clean your computer under any circumstances.

My Security Shield Removal

As soon as you find a copy of this malicious program on your system, you should take steps to immediately remove My Security Shield. For My Security Shield removal, it is necessary to stop processes, unregister DLLs, delete files and folders and remove registry entries.

File Removal Procedures

The first step you need to take in order to remove My Security Shield is to stop the following processes from execution:

  • MS345d_2129.exe
  • DBOLE.exe
  • kernel32.exe

Next, it is necessary to unregister the following DLL files to ensure My Security Shield removal:

  • mozcrt19.dll
  • sqlite3.dll
  • fan.dll
  • PE.dll
  • std.dll

The next step you need to take in order to delete My Security Shield is to delete the following files and folders:

Windows XP:

  • c:\Documents and Settings\All Users\Application Data\345d567\
  • c:\Documents and Settings\All Users\Application Data\345d567\4475.mof
  • c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\MS345d_2129.exe
  • c:\Documents and Settings\All Users\Application Data\345d567\MSS.ico
  • c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
  • c:\Documents and Settings\All Users\Application Data\345d567\BackUp\
  • c:\Documents and Settings\All Users\Application Data\345d567\MSSSys\
  • c:\Documents and Settings\All Users\Application Data\345d567\MSSSys\vd952342.bd
  • c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Item\
  • c:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\
  • c:\Documents and Settings\All Users\Application Data\MSHBXRCOBWS\MSJYQMS.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk
  • %UserProfile%\Application Data\My Security Shield\
  • %UserProfile%\Application Data\My Security Shield\cookies.sqlite
  • %UserProfile%\Application Data\My Security Shield\Instructions.ini
  • %UserProfile%\Desktop\My Security Shield.lnk
  • %UserProfile%\Recent\cid.drv
  • %UserProfile%\Recent\CLSV.tmp
  • %UserProfile%\Recent\DBOLE.exe
  • %UserProfile%\Recent\delfile.sys
  • %UserProfile%\Recent\fan.dll
  • %UserProfile%\Recent\grid.sys
  • %UserProfile%\Recent\kernel32.exe
  • %UserProfile%\Recent\kernel32.sys
  • %UserProfile%\Recent\PE.dll
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\runddlkey.drv
  • %UserProfile%\Recent\SICKBOY.drv
  • %UserProfile%\Recent\std.dll
  • %UserProfile%\Recent\tempdoc.tmp
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Start Menu\My Security Shield.lnk
  • %UserProfile%\Start Menu\Programs\My Security Shield.lnk

Windows Vista/Windows 7:

  • c:\Documents and Settings\All Users\AppData\345d567\
  • c:\Documents and Settings\All Users\AppData 345d567\4475.mof
  • c:\Documents and Settings\All Users\AppData\345d567\mozcrt19.dll
  • c:\Documents and Settings\All Users\AppData\345d567\MS345d_2129.exe
  • c:\Documents and Settings\All Users\AppData\345d567\MSS.ico
  • c:\Documents and Settings\All Users\AppData 345d567\sqlite3.dll
  • c:\Documents and Settings\All Users\AppData \345d567\BackUp\
  • c:\Documents and Settings\All Users\AppData\345d567\MSSSys\
  • c:\Documents and Settings\All Users\AppData\345d567\MSSSys\vd952342.bd
  • c:\Documents and Settings\All Users\AppData\345d567\Quarantine Item\
  • c:\Documents and Settings\All Users\AppData\MSHBXRCOBWS\
  • c:\Documents and Settings\All Users\AppData \MSHBXRCOBWS\MSJYQMS.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk
  • %UserProfile%\AppData\My Security Shield\
  • %UserProfile%\AppData\My Security Shield\cookies.sqlite
  • %UserProfile%\AppData\My Security Shield\Instructions.ini
  • %UserProfile%\Desktop\My Security Shield.lnk
  • %UserProfile%\Recent\cid.drv
  • %UserProfile%\Recent\CLSV.tmp
  • %UserProfile%\Recent\DBOLE.exe
  • %UserProfile%\Recent\delfile.sys
  • %UserProfile%\Recent\fan.dll
  • %UserProfile%\Recent\grid.sys
  • %UserProfile%\Recent\kernel32.exe
  • %UserProfile%\Recent\kernel32.sys
  • %UserProfile%\Recent\PE.dll
  • %UserProfile%\Recent\PE.tmp
  • %UserProfile%\Recent\runddlkey.drv
  • %UserProfile%\Recent\SICKBOY.drv
  • %UserProfile%\Recent\std.dll
  • %UserProfile%\Recent\tempdoc.tmp
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Start Menu\My Security Shield.lnk
  • %UserProfile%\Start Menu\Programs\My Security Shield.lnk

After the above steps have been completed, My Security Shield no longer resides on your hard disk. Even if in most cases manual removal is possible, it is however advisable to rely on professional, automated antivirus solutions that can properly detect threats such as My Security Shield. For this reason, a complete system scan using genuine antivirus software such as Spyware Doctor with Antivirus is highly recommended.

Registry Removal Procedures

Removing files and folders is not enough to ensure complete My Security Shield removal. To completely remove My Security Shield, you need to delete the following keys and settings from the Windows Registry:

  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\MS345d_2129.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “control/7.02129″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “My Security Shield”
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=2129&q={searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”

Once the above steps have been completed, your computer is safe from My Security Shield.

Conclusion

Manual My Security Shield removal is not recommended for inexperienced users as any mistake made during removal could cause problems for the operating system of the computer. Therefore inexperienced users are advised to use a web-based repair service such as www.onlinecomputerrepair.org or legitimate antivirus software such as Spyware Doctor with Antivirus for safe and efficient My Security Shield removal.