Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 4 July 2011

How to Remove Personal Shield Pro (Uninstall Guide)

Posted on 14:19 by Unknown
Personal Shield Pro is a malicious application claiming to be an antivirus program. Most of the time computers are infected when users are presented with a fake security warning that seems to indicate that the computer is suddenly infected with viruses, spyware or other malicious software and they are asked to install free malware removal tool to remove viruses. Cyber criminals use other sophisticated methods to attempt to trick users into installing Personal Shield Pro — including spam emails and drive-by downloads when simply visiting an infected website is enough to become infected by this fake security program and other malware. Once installed, Personal Shield Pro pretends to scan your computer for viruses and displays fake security alerts to make you think that your computer is infected. Generally, false positives and fake security alerts are the primary method used to convince the user of the compromised computer to purchase the rogue product. What is more, this form of malware can significantly slow your computer's performance, change your background image and download additional malware onto your computer. If your computer does become infected, please follow the steps in the removal guide below to remove Personal Shield Pro malware from your computer.



When Personal Shield Pro is running, it blocks certain application on your computer, usually Task Manager, Registry editor, other system utilities and of course legitimate anti-malware software. It displays fake notification saying that the program is infected:

Application taskmgr.exe cannot be activated. Reason: suspected in virus activitiy and moved to quarantine. Please, activate your antivirus software to clean application.
Personal Shield Pro displays other fake security alerts like every on or two minutes. Thankfully, this fake AV can be removed rather easily. If you are good with computers, you can remove this fake security program manually. But if you are not that good with computers then I suggest using free anti-malware tools listed below.

Personal Shield Pro video (old graphical user interface):


OPTIONAL: In case you can't boot your PC in Safe Mode with Networking or you can't delete the malicious files manually, you can use this code 8945315-6548431 to register the rogue application in order to stop the fake security alerts. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly. If you need help in removing Personal Shield Pro from your computer, please leave a comment below.

Last, but not least, if you have already purchased this fake security application, please contact your credit card company and dispute the charges. Please note that you may become a victim of credit card scam or even identity theft. Additional information about this malware and comments are welcome. Good luck and be safe online!


Personal Shield Pro removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Alertane Personal Shield Pro removal instructions:

Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
  • Hide extensions for know file types
  • Hide protected operating system files
Click OK to save the changes.


1. Find Personal Shield Pro file(s).

On computers running Windows XP, malware hides in:
C:\Documents and Settings\All Users\Application Data\

On computers running Windows Vista/7, malware hides in:
C:\ProgramData\

2. Look for suspect ".exe" or ".pspro" files in the given directories depending on the Windows version you have.

Example Windows XP:
C:\Documents and Settings\All Users\Application Data\aYHmMJuqrr2.pspro

Example Windows Vista/7:
C:\ProgramData\aYHmMJuqrr2.pspro

Basically, there will be a malicious ".pspro" file named with a series of numbers or letters.



Rename aYHmMJuqrr2.pspro to aYHmMJuqrr2.vir For example:



It should be: C:\Documents and Settings\All Users\Application Data\aYHmMJuqrr2.vir

Instead of: C:\Documents and Settings\All Users\Application Data\aYHmMJuqrr2.pspro

3. Restart your computer. The malware should be inactive after the restart.

4. Open Internet Explorer. Download exe_fix.reg and run it. Click "Yes" to safe the changes.

5. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.


Personal Shield Pro associated files and registry values:

Files:

Windows XP:
  • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].exe
  • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].pspro
Windows Vista/7:
  • C:\ProgramData\[SET OF RANDOM CHARACTERS].exe
  • C:\ProgramData\[SET OF RANDOM CHARACTERS].pspro
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
  • HKEY_CLASSES_ROOT\.pspro
  • HKEY_CLASSES_ROOT\PSP
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].pspro"
  • HKEY_CLASSES_ROOT\.exe "Default" = 'PSP'
Share this information with other people:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Rogue programs | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...
  • Remove "System Check" (Uninstall Guide)
    System Check is malicious software posing as Windows system utility. Although, it may look like a real thing, it isn't! You are actuall...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ►  January (20)
  • ▼  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ►  September (24)
    • ►  August (28)
    • ▼  July (32)
      • How can I tell if my computer is infected?
      • How do I know if I have spyware on my computer?
      • Remove "Your computer is infected with Spyware!" A...
      • Norton AntiVirus ENHANCED PROTECTION MODE
      • Microsoft Defender ENHANCED PROTECTION MODE
      • Microsoft Security Essentials ENHANCED PROTECTION ...
      • McAfee ENHANCED PROTECTION MODE
      • Dr.Web ENHANCED PROTECTION MODE
      • Comodo ENHANCED PROTECTION MODE
      • Avira AntiVir ENHANCED PROTECTION MODE
      • Remove "Avast ENHANCED PROTECTION MODE" Trojan (Un...
      • Remove "Your codec version is too old" (Uninstall ...
      • How to Remove Total Protect (Uninstall Guide)
      • How to Remove Zentom System Guard (Uninstall Guide)
      • Remove www5.antimalware-lab.com (Uninstall Guide)
      • Remove Jucheck.exe Trojan (Uninstall Guide)
      • How to Remove BlueFlare Antivirus (Uninstall Guide)
      • What Is Cloud Computing? Defining the Cloud
      • IaaS - Cloud Computing
      • PaaS - Cloud Computing
      • SaaS - Cloud Computing
      • How to Remove Scour (Uninstall Guide)
      • How to Remove System Repair (Uninstall Guide)
      • Are there any safe adult websites that won't give ...
      • Remove Windows XP Fix, Windows Vista Fix or Window...
      • "System process at address 0x3BC3 have just crashe...
      • How to Remove Anti-Malware Lab (Uninstall Guide)
      • How do I block a website on Google Chrome?
      • How to Remove Personal Shield Pro (Uninstall Guide)
      • How to Create a Strong Password
      • Remove Windows Supervision Center (Uninstall Guide)
      • Remove TR/VB.Agent.20480.A (Uninstall Guide)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile