Home > Rogue Anti-Spyware > Windows Shield Center

How to remove Windows Shield Center ?

January 29th, 2011
Goto comments

What is Windows Shield Center ?

Windows Shield Center is one of the rogue antiviruses using faked Microsoft Security Essentials alerts to convince user into giving away credit card details for software they do not need nor which is working. Typically, you are infected by trojans distributing Windows Shield Center and other parasites in following ways: visiting hijacked websites or viewing infected advertisements, downloading faked updates to software, cracks or codecs or by email, social networking or IM spam. Any of these ways are possible and sometimes it is hard to say how one got the trojan. However, what happens next is quite predictable:
First, you will start seeing a faked popup by “Microsoft Security Essentials”. This popup will state that PC is infected by unknown WIN32 Trojan, so you need to scan your PC.

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more.

Threat prevention solution found
Security system analysis has revealed critical file system vulnerability caused by severe malware attacks.
Risk of system files infection:
The detected vulnerability may result in unauthorized access to private information and hard drive data with a seriuos possibility of irreversible data loss and unstable PC performance. To remove the malware please run a full system scan. Press ‘OK’ to install the software necessary to initiate system files check. To complete the installation process please reboot your computer.

System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended.

System component corrupted!
System reboot error has occurred due to lsass.exe system process failure.
This may be caused by severe malware infections.
Automatic restore of lsass.exe backup copy completed.
The correct system performance can not be resumed without eliminating the cause of lsass.exe corruption.

What does look strange is, typically MSE will block undetected threats and thats it. It recommends running scans periodically, rather than after threat detected, and scans are unnecessary once threat is detected – it either can be removed or is not detected at all.
So if you launch this faked scan, The “Trojan” is identified as Trojan.Horse.Win32.PAV.64.a and it is stated that it can not be removed by MSE. That is particullary strange, as MSE can remove all parasites that it can detect and identify.
Lastly, the fake MSE searches for solution and suggests installing Windows Shield Center, which will activate on reboot. Once you press OK, system downloads the rogue and reboots the system to finalize its install. Then additional problems start happening.
Windows Shield Center will execute after the reboot, and it will not allow doing anything else till PC “scan” is finished. The scan will detect numerous infections on the PC, which could not be detected by other antiviruses. These infections are faked, most of the files “infected” are harmless or even non-existent. Windows Shield Center has no real database of parasites, thus it relies on false positives only. It will refuse to fix all the problems in its free version, asking to purchase FULL version of the rogue. I strongly advice not to pay for Windows Shield Center, as there is no legitimate company behind and it will steal your credit card details.
If you close Windows Shield Center after scan, you still won’t be able to use the PC normally. First, you will be bombed with various alerts claiming that this fake antivirus detected more threats to your PC and privacy, claiming that your system components are corrupted or that half of your programs are infected with keyloggers that try to steal your information. These Windows Shield Center lies serve 2 purposes. The first one is to convince you into giving away credit card details. The other one is to prevent legitimate antiviruses and anti-malware programs from being downloaded and executed, so it would be harder to get rid of Windows Shield Center.
However, it is still possible to remove Windows Shield Center. The removal procedure looks like this:
First, you will need either reboot into safe mode with networking or/and stop its processes. I recommend downloading process explorer from here (renamed version). Launch it. If Windows Shield Center will block its execution, do not close that window, but launch the program again.
Next step is identifying and stopping Windows Shield Center processes. These processes are randomly named, but they will be launched from folder containing string Application Data, APPDATA, or ProgramData (or similar). Stop them. If you do it successfully, the Windows Shield Center window will close.
Third step is fixing system registry. Launch regedit. Modify these keys accordingly:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Shell”=”Explorer.exe”
This should stop Windows Shield Center from launching on startup.
Also, look for keys like these :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
These keys disable legitimate antivirus processes thus it is good idea to delete the debugger key/value pair.
The last step is scanning with decent anti-malware programs and deleting all the files associated with Windows Shield Center. I recommend Spyhunter or Malwarebytes Anti-Malware for that, though there are other superb programs for that, like Hitman Pro, Emsisoft Anti-Malware, etc. Full versions of these programs have likely blocked WIndows Shield Center from infecting your PC and saved lots of time.


Windows Shield Center is Extremely dangerous

arrow Windows Shield Center is a corrupt Anti-Spyware program
arrow Windows Shield Center may spread via Trojans
arrow Windows Shield Center may display fake security messages
arrow Windows Shield Center may install additional spyware to your computer
arrow Windows Shield Center may repair its files, spread or update by itself
arrow Windows Shield Center violates your privacy and compromises your security
Download Spyhunter
for Windows Shield Center detection
Note: Spyhunter trial provides detection of parasite like Windows Shield Center and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.



Manual Windows Shield Center removal


Important Note: Although it is possible to manually remove Windows Shield Center , such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other malware and spyware removal applications found on 2-viruses.com.
Stop these Windows Shield Center processes:
Remove these Windows Shield Center Registry Entries:
Remove these Windows Shield Center files:
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Windows Shield Center infected files and get help in Windows Shield Center removal by using free Spyhunter scanner. It comes with free real-time protection module that helps preventing Windows Shield Center and similar threats.

Windows Shield Center is classified as Rogue Anti-Spyware. After infecting a user’s system, it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only Windows Shield Center can help you to remove it after you download the trial version. As soon as the victim downloads Windows Shield Center trial version, it pretends to scan your computer and shows a grossly exaggerated amount of non-existent errors. Then, Windows Shield Center offers to buy the full version to fix these false errors. If the user agrees, Windows Shield Center does not only fix the errors, but it also takes the user’s money and may even install additional spyware into the victim’s computer.

Some Rogue Anti-Spyware, such as Windows Shield Center , may offer users to buy it after the victim clicks on a banner or a pop-up while surfing the internet. Usually, a Trojan is installed to a victim’s computer after clicking on the advertisement. It then proceeds to download or even install Windows Shield Center , which is another way for Rogue Anti-Spyware to spread itself.

Most of rogue Anti-Spyware, such as Windows Shield Center , is nearly impossible to remove manually.


How to tell if your PC has been infected by a Rogue Anti-Spyware such as Windows Shield Center ?

Numerous undesirable and annoying pop-ups: A typical Rogue Anti-Spyware parasite keeps track of your internet browsing habits, sending your browsing history data to remote servers, owned by third party companies that use this information to advertise their products via numerous pop-ups, toolbars, hijacked homepages and spam letters. All these undesirable advertising methods are used on the victims of Rogue Anti-Spyware.
Changed or new icons: Sometimes, Rogue Anti-Spyware installs unwanted software to a victim’s PC without user’s knowledge and consent. This may lead to slower PC performance and stability, as well as more unwanted programs you can't remove.

Rogue Anti-Spyware

  1. No comments yet.
  1. No trackbacks yet.