Help! ‘Security Shield’ virus back after a clean install

Topic

New Reply

My grand daughters Vista laptop crashed after a ‘Security Shield’ virus infection. There was no recovery disk with machine and she (nor I) had created one. The laptop would just keep shutting itself down. I tried MS Offline Recovery tools & had some success with this as it did find a couple of nasties which were removed. However the machine had a fatal system error soon after and operating system could not be found. I did a clean install with my own Vista recovery disk – downloaded all the drivers etc and all was well. A week later the ‘Security Shield’ pop up window is back. Anyone know how to get rid of this for good ?

Reply | Quote

Replies

Sounds like the reinstall wasn’t a full reinstall.

Try a proper reformat and install from trusted media.

Also, make sure the laptop doesn’t have other partitions, often the case, where the bad stuff may be lurking.

Reply | Quote

Along with the above advice, refrain from connecting to the Internet until a firewall has been installed or fully enabled, whatever the case me be.

Reply | Quote

My grand daughters Vista laptop crashed after a ‘Security Shield’ virus infection. There was no recovery disk with machine and she (nor I) had created one. The laptop would just keep shutting itself down. I tried MS Offline Recovery tools & had some success with this as it did find a couple of nasties which were removed. However the machine had a fatal system error soon after and operating system could not be found. I did a clean install with my own Vista recovery disk – downloaded all the drivers etc and all was well. A week later the ‘Security Shield’ pop up window is back. Anyone know how to get rid of this for good ?

Since it happened a week later, it seems clear that someone is not being careful when browsing the internet. You should try running malwarebytes antimalware, in safe mode if you can’t do it when booting normally.

Reply | Quote

The best security scheme in the world will not protect against the worst offender, the user themselves. I think it might be time to start using some parental controls to prevent a similar reoccurence once you once again reinstall the OS from scratch. If it were something in the system, it would have reoccured quickly, not a week later.

Reply | Quote

After your next reinstall (with full re-format and elimination of other possible partitions!) install Firefox.

Install the correct Adobe Flash version (32- or 64-bit).

Install Adobe Shockwave.

Install the Media Player Plugin (instructions here). You can test if it works here. More background info on video in Firefox here.

In Firefox install Adblock Plus and WOT. It is important to do this AFTER installing the media player plugin; the media player test would need an exception rule in Adblock plus!

Delete all icons/menu entries for IE (since you know about MS Recovery Tools and recovery disks I assume you could find iexplore.exe in Program Files in case you really need it).

Scrap whatever anti virus or security program the system has now and install Microsoft Security Essentials. A very detailed description how to do that correctly is here.

And now the difficult part:

Teach your granddaughter to use Firefox ONLY for anything Internet!

If she says there is a web site she “needs” that requires IE you likely get on the tracks of the culprit for the infections. Tough luck, she will have to live without that web site or you will never get out of the re-install treadmill. :;):

Teach your granddaughter to update, update, update. She has to run Windows Update once every week! Automatic Updates is max. 75% reliable. Most of the updates are security relevant and 75% security is not good enough! She can easily be above 95% if she checks manually often enough and weekly is a proven compromise.

Teach her to keep Adobe Reader and Java up-to-date all the time!

But most important of all: Teach her to live without Internet Explorer!

Good luck.

Reply | Quote

:rolleyes:Some Makers of Laptops have a Recovery Partion which you normally enter by depressing alt-f10 when the computer is starting up. You need to restore this computer to Factory Settings,
Create a Standard user Account for your Grand Daughters instead of an Administrative account, This will deny them certain privilidges to install malware.
You will have to have an Administrative account with a password to give them priviledges when necessary.
Toshiba does not have a Recovery Partition and you will have to order Recovery DVDs from the manufacturer.

Reply | Quote

I hope no-one takes offense, but let me say this…..

“A properly protected PC will NEVER get infected”. An ounce of prevention is worth more than a pound of cure.

There are many FREE Anti-Malware programs out there so no-one has to run their PC totally unprotected.

OP, you mentioned that you reinstalled windows, but you say nothing about installing Anti-Virus and Anti-Spyware software.

Here’s what I do when I set up a new PC for one of my customers.
I take the new PC out of the box, connect it up, power it up and go through the windows setup routine.
At the end of the Setup, with the internet connection active, I immediately install AVG 2012 FREE and get the updates and set up the update and scan schedulers.
Then with AVG updated and running, I install Spybot Search & Destroy, a really great FREE anti-spyware program, that does require manual updates and scans once a week. The setup is so specific, that I’ve written up the setup instructions and put that sheet on my web site.
It also immunizes your browser against more than 150,000 bad web sites. I also install ‘Spyware Blaster’ that adds even more immunization.

A properly Immunized PC cannot be infected. Also, make sure that the Windows Firewall in ON and running. It will be, by default, on a new install, unless you turn it off.
On PC’s where kids are present or infections have been encountered in the past, I also install “Malware Bytes” (it’s FREE) and instruct the User on how to keep it updated and how to run scans. Again, this should become a part of a Weekly Security maintenance routine.

On my own PC, which absolutely MUST remain 100% malware free, I bought both AVG 2012 Pro-Internet Security and Malware Bytes Pro and I run them side-by-side in real time. They DO play well together.

I also use Spybot S&D and Spyware Blaster for their immunization ability and I make sure they both get updates once a week.

Being totally safe from infections, doesn’t just happen. You really have to be Pro-Active in installing Good Software and then keeping it up do date on a regular (weekly) schedule.

When reinstalling Windows because of a virus infection, it’s imperative that the HD be wiped CLEAN before the new install.
I use a DOS boot CD to set up new HD’s or clean old ones. On that CD is FDISK, Format and other helpful utilities. FDISK can remove all old partitions and boot sector information and create a new and clean partition and the DOS Format will examine every sector on the HD and block out any that are not reliable. I use that technique for every HD I have to set up, even my new 1TB SATA II drive.
Then I can install any OS with the assurance that it’s the only thing on the HD and there is nothing there that’s going to come back to haunt me. It does take a while on the really big drives, but it’s well worth it, to know that I have a clean and reliable hard drive to install my OS on.

Cheers Mates!
The Doctor
PS: I’m willing to provide a link, to download the ISO for my DOS Utilities Boot CD, to anyone who needs it.
It’s a great tool, for technicians, Geeks, Nerds and guys who just like to muck about with PC’s. It’s totally
menu driven and requires a very minimal amount of DOS expertise.

Reply | Quote

No security software will prevent users mistakes, so I have to agree with the advice given about educating her to use the computer in as safe a way as possible. This is really independent of the apps to use, even the browser. With an uneducated user, just a couple clicks can defeat the best protection.

For the record, IE has always been my default browser and I am perfectly happy with it. As some articles have shown, in some areas, IE 9 is safer than any other browser currently on the market.

Reply | Quote

I had the exact same problem, and came up with a better solution (I created a Visitor User Acct, with NO Admin privileges, and PW protected Admin)-

1. If you have Win 7 (get 32 bit, as 64 didn’t work with Many of my older programs/net…!), after you have done Another reinstall (create a D: … partition/Advanced option… & C: needs 60-100gig).

I temp disable my AV until Restart for all of A.-
A. Type in Search box “Backup and Restore” (I disabled Auto Schedule- about 3gig for my 22gig C:), and
1. Create & Emergency CD boot disk.
2. Create a fully protected system image, and teach her how to do it…
3. If she has a laptop… and already uses full C: drive/ no slave drive…)-
a. Reboot, & Right click on My Computer/Properties/Manage/Disk Management.
b. Right click on C: partition, and shrink to 50-100gig, Reboot & go into Disk Management & create D: (I do slower Full Reformat to wipe…).

B. Quit messing with the slow/problematic freebie AV’s, with their dismal protection rates, and get Fast #1/97% Emsisoft AntiMalware (only $20/Renewals- here too…, at Cnet downloads…). I Hated their pesky pop-up… Surf Guard, and disabled it.
1. 30 second daily auto C: scans (after 1 full scan/remembers…, Direct Disk Access/File extension Filter ), and Easy (after learning-curve) whitelist (under Scan…).

Reply | Quote

1. If you have Win 7 (get 32 bit, as 64 didn’t work with Many of my older programs/net…!)

scottls, I believe you meant to say the many of your older programs didn’t work with Win7 64bit. The way you expressed it sounds like something was “wrong” with the 64-bit version; IMHO nothing could be further from the truth. Having said that I have to disclose that I am NOT a “Microsoft fan boy”, rather to the contrary.

B. Quit messing with the slow/problematic freebie AV’s, with their dismal protection rates, and get Fast #1/97% Emsisoft AntiMalware (only $20/Renewals- here too…, at Cnet downloads…). I Hated their pesky pop-up… Surf Guard, and disabled it.

scottls, this sounds a lot like you never have tried and directly compared MS Security Essentials. It is fast, FREE and has on many occasions (last time yesterday!) found and removed trojans that AVG2012 had ignored. Having said that I have to disclose that for me Emsisoft’s AntiMalware was and still is a go-to tool if I need a good, portable on-demand cleaner.

And then you top it off by recommending Cnet downloads. Have you never heard of their pesky downloader? I consider this downloader to be a typical PUP.

But as usual your mileage may vary.

Reply | Quote

:rolleyes:

scottls, I believe you meant to say the many of your older programs didn’t work with Win7 64bit. The way you expressed it sounds like something was “wrong” with the 64-bit version; IMHO nothing could be further from the truth. Having said that I have to disclose that I am NOT a “Microsoft fan boy”, rather to the contrary.

It’s been a couple of month’s since I had 64 Home, but the biggest deal breaker was that it said my old Adobe Photoshop 4.01LE “is Not compatible with this version”.
I tried installing in XP & 98 mode too. I mostly use Photoshop for simple Twain scanning/editing, and don’t want to pay Big Buck$ for CS…!
Installed just fine with 32 Pro.

scottls, this sounds a lot like you never have tried and directly compared MS Security Essentials. It is fast, FREE and has on many occasions (last time yesterday!) found and removed trojans that AVG2012 had ignored. Having said that I have to disclose that for me Emsisoft’s AntiMalware was and still is a go-to tool if I need a good, portable on-demand cleaner.

Re:”scottls, this sounds a lot like you never have tried and directly compared MS Security Essentials”-
Yes I did try MSE, Avast, Avira, and AVG. All of their restrictive/pesky… Web Guards drove me Nuts (EAM’s too, and was easily permanently disabled).
Not being able to easily access MSE’s common options from taskbar (still in the dark ages…)- Was Really was a Hassle!

Re: “It is fast”-
MSE’s full scan took forever.
With EAM’s Web Guard disabled, I feel that their 30sec daily C: scan is a Must. EAM’s Full scan of my 450gig sys, takes 2min.
I’m going to give to give http://www.toolwiz.com a looksee, for when I’m paying biils…

Re: “found and removed trojans that AVG2012 had ignored”-
http://www.av-comparatives.org/en/comparativesreviews/detection-test MSE’s on-demand detection rate was Last place with 92.1%, and their Retrospective (in the wild/behavior) was next 8th of 10 with 92.1%. MSE was last place in rootkit detection test (4 of 13). For that matter AVG/Avast didn’t fare much better.
-In Q1-Q3 2011 tests- EAM was in first place with 100% across the board http://www.anti-malware-reviews.com/ .

BTW- Give EAM Full a free trial, & I doubt you’ll ever look back (I didn’t)…

And then you top it off by recommending Cnet downloads. Have you never heard of their pesky downloader? I consider this downloader to be a typical PUP.

I Fully agree with you about cnets iffy downloads, that are often corrupted/out-of-date…! Their EAM download version is an Old v5, and current is v6+ (download Only from EAM site).
I meant just to buy your $40 EAM key at cnet download page- for only $20 (one at a time!), and paste key on install.

G’Day

Reply | Quote

I look after and maintain the PC’s of friends and one of the hardest thing to do is instill a “security mindset” into the minds of a lot of older folks as well as youngsters. I now have the majority of the PC’s I care for running various security software (both freeware and in some cases paid) and have not had any phone calls regarding infection for quite a while now so I must be making some headway.

When I set up a PC (either my own or someone else’s) I make certain that I have the minimum of security software set aside on a USB pen-drive. Even if this is outdated it will still provide the minimum of safety.

I then ensure that the PC IS NOT connected to the net and then install the security software as well as all required drivers etc. I then install a drive imaging program (sometimes free sometimes paid depending on whether the owner has plumped for paid or free) After installing all this I then go on-line and update all security software and drivers etc, with SS being the priority. After all this is completed I go about activating windows.

Once that is completed I then make an image of the “C” drive and call this Basic Image, I keep a copy of this on a separate partition AND onto DVD disk. Only after this do I install any software that is wanted. Once complete I make another image as stated previously. I then periodically check that they are UPDATING all security software installed. By doing this I ensure clean backups are available. If someone (previously) through laziness to update or if they have turned SS off I then reinsert one of the images without trying to salvage any files they might need or want. After loosing a few need or wanted files folks soon get the message.

But enough Prattling and onto the issue at hand.

One way of [trying] to keep a PC clean is to use a program similar to “Toolwiz Timefreeze” (this a FREE program) which can be found at the following link:
http://www.toolwiz.com
hen go to downloads and select Time Freeze

This, in effect, runs the PCuser in a “VIRTUAL” environment. I have used it myself (handy when doing Internet banking or buying online and card details are entered) There is NO noticeable lag in the operation of the PC. The program works with all versions of windows from XP through to 8) When the PC is rebooted any and all changes made to the OS are discarded meaning that any infections are alos discarded . Any files you download and save to a separate drivepartition are not affected and will still be there when you restart the PC.If you can get your granddaughter to run this it will save you a lot of hassle.

Edited to correct link.
Ernie

Reply | Quote

Careful!
Toolwiz download comes from Cnet.com. See my previous post in this thread.

Reply | Quote

Careful!
Toolwiz download comes from Cnet.com. See my previous post in this thread.

Tested spyware free, without any downloader or extras. What’s the problem?

Bruce

Reply | Quote

:confused:

But enough Prattling and onto the issue at hand.

One way of [trying] to keep a PC clean is to use a program similar to “Toolwiz Timefreeze” (this a FREE program) which can be found at the following link:
http://www.toolwiz.com
hen go to downloads and select Time Freeze

This, in effect, runs the PCuser in a “VIRTUAL” environment. I have used it myself (handy when doing Internet banking or buying online and card details are entered) There is NO noticeable lag in the operation of the PC. The program works with all versions of windows from XP through to 8) When the PC is rebooted any and all changes made to the OS are discarded meaning that any infections are alos discarded . Any files you download and save to a separate drivepartition are not affected and will still be there when you restart the PC.If you can get your granddaughter to run this it will save you a lot of hassle.

Edited to correct link.
Ernie

:confused: I don’t understand how toolwiz would protect you for doing financial… (good for program evaluation… though!)?
It seems to me if rootkits/keyloggers/malware are already installed on your original system- They could still capture your info… on the virtual system too?
http://www.davescomputertips.com/2011/12/timefreeze-easily-create-a-secure-virtual-environment/

I surf 99% in easy virtual Free sandboxie, and Close/Delete All before doing financial…
http://sandboxie.com/

Scott

Reply | Quote

:confused:
:confused: I don’t understand how toolwiz would protect you for doing financial… (good for program evaluation… though!)?

I surf 99% in easy virtual Free sandboxie, and Close/Delete All before doing financial…
http://sandboxie.com/

Scott

Scott
I was working on the assumption that the system would be clean and if run just prior to doing on-line banking etc and then PC rebooted afterwards any infectionloggers etc picked up would be “deleted”. It can also be run every time the PC is used to surf the net and after reboot anyall infections are zapped. Just the same as you do with sandiebox.

Careful!
Toolwiz download comes from Cnet.com. See my previous post in this thread.

Just as Bruce said it is virus free and does not have any hidden add ons. I would warn others if there were any hidden extras (toolbars etc) and if I had not tried the program I would state so. I personally have never had any issues with Cnet. But they like lots of other places do have programs that install these extras and if a person wants to install freeware, shareware and some paid software this is something they must take into account when installing. This is where a program like Toolwiz & Sandboxie show their worth.

Something I would recommend is that when installing any program is to look for CUSTOM install and if available go this route and double check exactly what the installation says to you and remove any “extras”

Reply | Quote

Thanks to all for replies. These will give me food for thought. Some other info whether pertinent or not:

1. I reinstalled windows from oem disk that came with my own laptop so should be ok- healthwise. I think they restrict the number of reinstalls you can perform from this but I think I may have two left.
2. Immediately after reinstalling o/s I ran all updates (phew) installed IE9, then installed MSSE – ran a full scan and it found nothing. Also downloaded Malwarebytes – ran scan and it also found nothing amiss.
3. I previously mentioned a delay of a week before pop-ups started again. This was an error on my part – it was week before I became aware that ‘it’ was back. I believe it appeared the following day.
4. My grand daughter tends to use machine mainly for streaming video via iplayer – games and youtube etc. Not indescriminate browsing. She did, however, tend to ignore the windows update icon !! Some education work to be done here methinks.
5. Her Acer 5536 did have a partition (D:) but after reinsatallation now only shows C:

6. The pop ups seem to be much less aggressive now and only appears infrequently. I realise this could change soon.

My own thought was that it must have latched on somewhere other than HD – but cant think this would be the possible. In any case I dont want to be beaten by this and will have another attempt.
Thanks again for all you views on this.

Reply | Quote

Cawdy55

1. I reinstalled windows from oem disk that came with my own laptop so should be ok- healthwise. I think they restrict the number of reinstalls you can perform from this but I think I may have two left.

My Solution to OEM CD’s limited uses!- I Copy the OEM CD’s using excellent/free CDBURNERXP (compatible with all win & ISO’s too), and be sure to tick Finalize… (so they can’t write # of uses on it…). I save (don’t use) my original, just in case…
Download cdbxp 32 or 64 from eiklien’s favorite cnet :^_^: http://download.cnet.com/1770-20_4-0.html?query=cdburnerxp&platformSelect=Windows&platformSelect=Mobile&platformSelect=Webware&tag=srch&searchtype=downloads&filterName=platform%3DWindows%2CMobile%2CWebware&filter=platform%3DWindows%2CMobile%2CWebware

5. Her Acer 5536 did have a partition (D but after reinsatallation now only shows C:

Did you try shrinking C:/reboot, and then creating D: (also using Manage…, per instructions in my earlier post)?

Scott

Reply | Quote

Hello, If this virus enters your system, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If you have a saved restore point before My Shield Security virus infiltrates the computer or before you used Security Shield Virus Removal, please restore Windows to previous settings.

Reply | Quote

Illustrated removal instructions here: http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield

However, as other contributors have suggested, you need to create a non-administrative user account for your daughter so that she doesn’t have installation privileges anymore.

See also: Why use a standard user account instead of an administrator account?

Reply | Quote