Monday, April 9, 2012

How to remove SecurityShield 2012 virus (Manual uninstall directions)

SecurityShield 2012 (aka Security Shield 2012) pretends “ protect your PC in new level”. The quotation is a caption to its name in the malware’s GUI.
In spite of being a counterfeit, the rogue provides user’s interface in several languages.
Scan window, a fake one, of course, is generated by the application. The windows consists of Type, File Name, Name, Details columns; the hackers fill the columns with random names of infections and file names and types, as well as fabricated descriptions. However, among the random file names occur actual residents of your PC, which are not only harmless; they may be of critical importance. Remove Security Shield 2012 counterfeit and please do not delete any filenames mentioned in its misleading scan window.
Free scanner available here is a safe and efficient Security Shield 2012 removal.

 Signs of SecurityShield 2012 infection \ related rootkit infection:
  • Critical RAM usage. Unknown system processes with random names;
  • Users can't open or install legitimate antivirus \ antispyware software;
  • Browser redirections and search engine redirections (Rootkit activity);
  • Fake Security alerts and PC slowdowns.

How to Remove SecurityShield 2012 Virus for free?

SecurityShield 2012 does its best to interfere with other programs, especially if suspects these programs are its remover. However, a good solution is the one that does not allow any viruses to block it, at least after some steps aimed at applying security restrictions to illegal applications.
The below guide explains automated and manual removal of the rogue, including the situations when the cleaning solution is banned by malware on the stage of downloading, installing and functioning.

-  Automatic Removal

This is the best way to get rid of SecurityShield 2012. True system security will free-scan your PC using advanced and common identification routines. That is a guarantee of every virus and counterfeit identification followed by extermination.
The sequence of actions below gradually shows how to properly remove SecurityShield 2012:

1. Launch PC reboot; prior to the beginning of system loading keep pressing continuously or tapping F8 until entering boot options list.

2. Once in the Boot Menu, please use arrow keys to choose Safe Mode with Networking, strike Enter to load Windows in the selected configuration.
Windows 7 Security 2012 is normally unable to start and perform any actions in the suggested mode. In case it nevertheless is running, please click here: Process Explorer. Save the downloaded program to your PC under the following filename: "explorer.exe".
Launch explorer.exe (Process Explorer) to terminate running processes of the malware in question. That is the way to ensure SecurityShield 2012 is idle, thus helpless, so that its deletion is no longer a challenge.

3. Once SecurityShield 2012 is idle, i.e. not a single process of the rogue is being executed, follow the link below:

The solution has in its disposal extended descriptive database of infections, as well as applies behavioral, heuristic and uncommon routines to leave no chance for a single rogue survival.
Download of Spyware Doctor is to be followed by its installation. Once the installation is complete, it is strongly recommended to regularily update your antivirus to enable its using latest descriptions and methods.
Start and run Spyware Doctor choosing Full Scan in its menu. This will detect every infection on your PC. Keep using the tool to dispose of all the detected pests. This will certainly cover SecurityShield 2012 so that its removal problem will be solved!

Manual Removal

To be honest, manual removal is not an easy job, though the complexity varies from case to case. Furthermore, any mistake due to mistyping or choosing wrong folder might cause great damage. To remove SecurityShield 2012 using no automated tool as assistance it is necessary to manually exterminate files constituting the rogue. This poses a real challenge to users of average skills, needless to say of the IT dummies.
The procedures below describe the actions to be taken to remove SecurityShield 2012 manually:

1. Restart in Safe Mode with Networking
2. Launch Registry Editor by going to Start. Choose Run, then enter Regedit in the box generated on clicking Run, click OK or strike Enter key.
As you are in Registry Editor, remove the keys specified below:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallSecurityShield 2012 2011
HKEY_CURRENT_USERSoftwareSecurityShield 2012 2011
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “[random]”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Security Manager”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “SecurityShield 2012 2011?
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstallSecurityShield 2012 2011
HKEY_CURRENT_USERSoftwareSecurityShield 2012 2011
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsUser AgentPost Platform "(Default)" = ''
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "SecurityShield 2012 2011"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "SecurityShield 2012 2011 Security"

Please beware of importance of legitimate keys. Make sure the entries you are removing match the values specified above exactly so that useful registry values remain intact.

3. Registry cleanup is inevitable preliminary to be followed by extermination of the basis of any program, its files. The objects below are subject to extermination without any exception.
%AppData%MicrosoftInternet ExplorerQuick LaunchSecurityShield 2012 2011.lnk
%AppData%SecurityShield 2012 2011
%AppData%SecurityShield 2012 2011IcoActivate.ico
%UserProfile%Start MenuProgramsSecurityShield 2012 2011.lnk
%StartMenu%ProgramsSecurityShield 2012 2011
%StartMenu%ProgramsSecurityShield 2012 2011Activate SecurityShield 2012 2011.lnk
%StartMenu%ProgramsSecurityShield 2012 2011Help SecurityShield 2012 2011.lnk
%StartMenu%ProgramsSecurityShield 2012 2011How to Activate SecurityShield 2012 2011.lnk
%StartMenu%ProgramsSecurityShield 2012 2011SecurityShield 2012 2011.lnk
Do not be in haste when performing the removal to prevent casual mistakes. Malware authors would not waste such plain opportunity of bewildering the removers of their creatures as assigning names of striking resemblance to critically important files to its own constituents.
The manual guide is updated to the best of the guide author knowledge and belief. However, malware updates might make the malware evolve faster than the guide is updated, which is incredibly unlikely case when using the automatic removal guide.
If you need further advice, please specify your query in the comment below. Your request will certainly be considered and, if corresponds to the subject matter, responded in shortest terms. Thank you for your taking care of your computer security!


  1. Better way to find this and remove it for Win 7
    Press start and type in "%appdata%" it will bring you to a roaming file, go back one page and it will show three files, one being local. open your temp file and scroll all the way to the bottom, OR click "Date Modified" to bring the most common installs to the top. look for something that looks like a shield and under "type" it will say application.... try and delete it, it will tell you cant because it is open in (lets call it ovrk), im not sure of the name. but none the less open up ctl,alt,del and open task manager and click "description" and look for "ovrk" and end the process. then try and delete the program once more. not you are almost done. go to your temp file and do the same thing "modify by date and look for an application, a .jar file, and a .txt file all installed on the same day... delete them.... and congratulations you removed and invisible virus (not most virus will do it this way)

    1. Hello David,
      Thanks very much for the info. It was very helpful.
      One tip: If Security Shield does not let you delete the specified files and/or open Taksmanager to kill the process, reboot the m/c and then immediately follow the steps above to delete teh file/program, before it has a chance to "fire up".

      That worked for me.

    2. Thank You David. Here is something I had to additionally do.

      I found the application zwljaz.exe in local folder only. When tried deleting, it didn't allow me to. So, I used the command "taskkill.exe /IM zwljaz.exe /F", and killed it. I found the text file in the temp folder jusched.txt. I deleted that too. It worked well.

      Thanks again. I am relieved.

  2. David, thank you so much, it really working. the that i delete is not "ovrk" but something like....shit forgot to write down the name...but i just delete based on the symbol. Security shield symbol like "Oval" in green color...thanks again...

  3. what's "m/c", it won't let me open the task manager to end the process of this cruel virus!