asked on

new Security Shield? How to remove

One of my workstation just got infected with Security Shield. This must be a new version because none of the howto removal tips work. I cannot see an .exe in the task manager or on this drive with 9 random characters in the name, e.g. i98uy76tr.exe. I've logged in as another user and run AVG, spybot and Malwarebytes on the entire computer and, while the found some things, none of them found and removed Security Shield. When I log back in as the normal user it's still there.

Any ideas?

the computer is XP

ASKER CERTIFIED SOLUTION

younghv

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Mark

ASKER

RogueKiller seems to have done the job, and quite quickly once I was able to run it. It was tough to download because the infected computer wouldn't let anything download and other Windows workstations in the office running AVG or Norton would instantly kill the downloaded file. I finally downloaded it to a Linux host, samba mounted the Linux volumn on the infected computer, then quickly double-clicked on the program (I couldn't run it from the 'run' menu or open a cmd Window). It ran and killed Security Shield in seconds. So fast, I wasn't sure it even ran. But, the machine seems clean now. I'll give this 24 hours to make sure. If that worked, fantastic!

younghv

Good to hear. The creator of RogueKiller (Tigzy) is a member here on EE and I've found it to be much more effective than similar rogue process stoppers.

Mark

ASKER

That did the trick! No messages today (tho' i've read Security Shield can lay dormant for days or weeks before activating). But, I'll keep my fingers crossed! Yeah, it worked really fast! That guy must know a thing or two about viruses!