Windows Shielding Utility is a rogue anti-spyware program that deliberately displays fake security alerts and reports false system infections to make you think that your computer is infected with viruses and other dangerous computer threats. The graphical user interface of this rogue anti-spyware program is identical to other widely spread rogueware from the same family. When this malware is installed on your computer it will list a variety of dangerous infections and prompt you to pay for a full version of the rogue anti-spyware program to remove non-existent infections from the system. It goes without saying that you shouldn't purchase this bogus program. We strongly recommend you to remove Windows Shielding Utility from your computer as soon as possible to avoid future damage.
Windows Shielding Utility is installed mostly via fake online anti-spyware scanners and Trojans. Trojans, usually FakeAV, display fake security alerts and notifications stating that your PC is infected or under attack by an Internet virus. FakeAV variants may also download additional malware on to your computer and make the situation even more complicated. It may for example install a password stealer on the compromised computer and steal your sensitive information. Once active, Windows Shielding Utility will be automatically configured to demonstrate system scan and display bogus results each time you log on into Windows. As we have already mentioned, the scan results are fake, you may safely ignore them. The main goal of this infection is to trick you into purchasing totally bogus software.
Furthermore, Windows Shielding Utility will block security related programs and certain websites to protect itself from being deleted. It may disable Task Manager, Registry Editor and other Windows system tools as well. The program will also impersonate Windows Security Center and state that you must purchase Windows Shielding Utility to ensure full system protection. As you can see, this program is nothing more but a scam. Please use the removal guide below to remove Windows Shielding Utility from your computer once and for all.
The latest parasite names used by FakeVimes:
Windows Shielding Utility manual removal:
Delete registry values:
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\SoftwareMicrosoft\Windows\CurrentVersion\Settings "net" = "2012-3-11_2?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "origkboryd"
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe
HKEY_LOCAL_MACHINE\SOFTWAREMicrosoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe
%CommonStartMenu%ProgramsWindows Shielding Utility.lnk
%Desktop%Windows Shielding Utility.lnk