Windows Shielding Utility. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - -   Also known as WindowsShieldingUtility | Type: Rogue Antispyware
12

Windows Shielding Utility is a rogue anti-spyware program that deliberately displays fake security alerts and reports false system infections to make you think that your computer is infected with viruses and other dangerous computer threats. The graphical user interface of this rogue anti-spyware program is identical to other widely spread rogueware from the same family. When this malware is installed on your computer it will list a variety of dangerous infections and prompt you to pay for a full version of the rogue anti-spyware program to remove non-existent infections from the system. It goes without saying that you shouldn't purchase this bogus program. We strongly recommend you to remove Windows Shielding Utility from your computer as soon as possible to avoid future damage.

Windows Shielding Utility is installed mostly via fake online anti-spyware scanners and Trojans. Trojans, usually FakeAV, display fake security alerts and notifications stating that your PC is infected or under attack by an Internet virus. FakeAV variants may also download additional malware on to your computer and make the situation even more complicated. It may for example install a password stealer on the compromised computer and steal your sensitive information. Once active, Windows Shielding Utility will be automatically configured to demonstrate system scan and display bogus results each time you log on into Windows. As we have already mentioned, the scan results are fake, you may safely ignore them. The main goal of this infection is to trick you into purchasing totally bogus software.

Furthermore, Windows Shielding Utility will block security related programs and certain websites to protect itself from being deleted. It may disable Task Manager, Registry Editor and other Windows system tools as well. The program will also impersonate Windows Security Center and state that you must purchase Windows Shielding Utility to ensure full system protection. As you can see, this program is nothing more but a scam. Please use the removal guide below to remove Windows Shielding Utility from your computer once and for all.

The latest parasite names used by FakeVimes:
[newest]

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Shielding Utility you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Shielding Utility. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Windows Shielding Utility snapshot
Windows Shielding Utility

Windows Shielding Utility manual removal:

Kill processes:
Protector-[rnd].exe

Delete registry values:
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Run "Inspector"

HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "origkboryd"

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\InternetExplorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe

HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe

Delete files:
%AppData%NPSWF32.dll

%AppData%Protector-3 characters.exe

%AppData%result.db

%CommonStartMenu%ProgramsWindows Shielding Utility.lnk

%Desktop%Windows Shielding Utility.lnk

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author