Severity scale:  
  (72/100)

My Security Shield. How to remove? (Uninstall guide)

removal by Olivia Morelli - -   Also known as MySecurityShield | Type: Rogue Antispyware

My Security Shield is a rogue anti-spyware program from the same family as Security Master AV and My Security Engine. Just like its predecessors, My Security Shield is promoted through the use of fake online scanners and other bogus websites or malware that displays fake security alerts on your computer. The scareware states that your PC is infected with spyware, adware and other viruses and that you should download and install My Security Shield in order to remove the infections. In reality, though, this is nothing more but a scam. And if you decide to install My Security Shield then it will make your computer almost unusable.

Once installed, the rogue program will install a variety of files on your computer that act as fake malware so that the program will find them while scanning. These files are: cid.drv, CLSV.tmp, DBOLE.exe, delfile.sys, fan.dll, grid.sys, kernel32.exe, kernel32.sys, PE.dll, PE.tmp, runddlkey.drv, SICKBOY.drv, std.dll, tempdoc.tmp, tjd.sys and other. All these files are located in %UserProfile%Recent folder.

While My Security Shield is running, it will automatically start scanning your computer and then will state that there are many infected files that should be removed, but this can be done only with a full version of the program. You may also find that your computer starts to become slower. Furthermore, My Security Shield will constantly display fake security alerts stating that your computer is infected and that you should purchase the program immediately to protect your computer. The text of some of these alerts are:

Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user’s passwords.

Memory access problem
WindowsErrorForm has encountered a problem at address 0x1FC408.
We are sorry for the inconvenience.
If you see this error again, operational information can be irrevocably lost.

As you can see, My Security Shield uses misleading methods to scare you into purhcasing the program. The removal guide below will walk you through removing the My Security Shield and any associated malware that may have been installed with it. You can remove this virus manually, but we strongly recommend you to use an automatic removal tool. Finally, if you have already purchased the bogus program then contact your credit card company and dispute the charges.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove My Security Shield you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall My Security Shield. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.
Press mentions on Reimage
My Security Shield snapshot
My Security Shield

My Security Shield manual removal:

Kill processes:
MS345d_2129.exe

Delete registry values:
HKEY_CURRENT_USERSoftware3

HKEY_CLASSES_ROOTCLSID{3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_CLASSES_ROOTMS345d_2129.DocHostUIHandler

HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"

HKEY_CURRENT_USERSoftwareClassesSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"

HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings5.0User AgentPost Platform "control/7.02129"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "My Security Shield"

HKEY_CLASSES_ROOTSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://findgala.com/?&uid=2129&q={searchTerms}"

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = "no"

Unregister DLLs:
mozcrt19.dll

sqlite3.dll

Delete files:
4475.mof

mozcrt19.dll

MS345d_2129.exe

MSS.ico

sqlite3.dll

vd952342.bd

MSJYQMS.cfg

My Security Shield.lnk

cookies.sqlite

Instructions.ini

cid.drv

CLSV.tmp

DBOLE.exe

delfile.sys

fan.dll

grid.sys

kernel32.exe

kernel32.sys

PE.dll

PE.tmp

runddlkey.drv

SICKBOY.drv

std.dll

tempdoc.tmp

tjd.sys

Delete directories:
c:Documents and SettingsAll UsersApplication Data345d567

c:Documents and SettingsAll UsersApplication DataMSHBXRCOBWS

%UserProfile%Application DataMy Security Shield

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions