Monday, May 21, 2012

Get rid of Windows Private Shield as it tries to dupe you

Windows Private Shield fake system utility attempts to convince users it is an award-winning product approved by leading software developers.
First of all, most of the victims dealing with the application are drawn to one of its pages. There are two types of them, one is designed to look like an online scanner, another one pretends to be an online product description. However, please note exceptions happen in abundance as the rogue is distributed through JavaScript exploits, trojans. In those cases, the introduction does not involve user as a party that provides an agreement: the user simply finds the malware installed as though someone else decides which programs the user should get.
Anyway, the program cheats people; remove Windows Private Shield regardless of its introduction details.
Click here to launch free scan followed by Windows Private Shield removal and extermination of other findings resulted from the system inspection suggested. 

Windows Private Shield screenshot:


Windows Private Shield may generate and show the following popup alerts:
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
Windows Private Shield activation code (helps removal):
0W000-000B0-00T00-E0020
NOTE: "Activating" Windows Private Shield is not enough. You need to remove related trojans \ rootkits using reliable malware removal solution.
It is important to fix Windows registry after Windows Private Shield malware removal using safe registry cleaner software.

Windows Private Shield manual removal guide:

Delete infected files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\W34r34mt5h21ef.dat
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Private Shield.lnk
%Desktop%\Windows Private Shield.lnk
Delete Windows Private Shield registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorAdmin” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “2012-4-27_2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “tovvhgxtud”
HKEY_CURRENT_USER\Software\ASProtect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[random].exe

No comments: