Tuesday, June 28, 2011

Remove Personal Shield Pro virus

Personal Shield Pro is a program which pretends to be an antivirus software but, in reality, can not remove viruses, trojans, etc., nor will be protect your computer from legitimate future infections. Its created with one purpose to trick you into purchasing so-called full version of the sotware.

Personal Shield Pro is distributed with the help of trojans. Once started, it will be configured to start automatically every time when the system loads.

Once started, Personal Shield Pro will begin a fake system scan and detect a lot of viruses that can only be removed with a full version of the program. Important to note, all of these viruses are a fake and don`t actually exist on your computer. Obviously, such results are a fraud, the program want to scare you into thinking that your computer is infected with malicious software.



While Personal Shield Pro is running, it will flood your computer with fake security alerts and notifications from Windows task bar. All the alerts are totally fabricated and must by no means be trusted!

As it can be clearly seen, Personal Shield Pro is absolutely useless and what is more, even dangerous software. Most importantly, do not purchase it. Instead, please use the removal steps below to remove Personal Shield Pro from your computer for free.

How to remove Personal Shield Pro virus

1. Reboot your computer in Safe mode with networking by doing the following:
- reboot your computer;
- after hearing your computer beep once during startup, but before the Windows icon appears, keep tapping F8;
- instead of Windows loading as normal, Windows Advanced Options menu should appear;
- select second option Safe mode with networking and then press ENTER.


2. Download Malwarebytes Anti-malware. Double click mbam-setup-[version].exe to install the application. When installation is complete, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version.

3. Once the program has loaded you will see a screen like below.

Malwarebytes' Anti-Malware

4. Select "Perform Quick Scan", then click Scan. When the scan is done, click OK, then Show Results to view the results. You will see a list of malware that  Malwarebytes' Anti-Malware found on your computer. Note: list of malware may be different than what is shown in the screen below.

Malwarebytes' Anti-Malware - lists of malicious software

5. Make sure that everything is checked, and click Remove Selected. Once disinfection is finished, a log will open in Notepad and you may be prompted to Restart.

If the instructions does not help you, then ask for help in the Spyware removal forum.

Personal Shield Pro associated files

Windows 7/Vista
C:\ProgramData\[RANDOM]
C:\ProgramData\[RANDOM]\[RANDOM].exe

Windows XP/2000
C:\Documents and Settings\All Users\Application Data\[RANDOM]
C:\Documents and Settings\All Users\Application Data[RANDOM]\[RANDOM].exe

Personal Shield Pro associated registry keys

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [RANDOM]

14 comments:

  1. I got personal shield pro a few minutes after going on a flash game site last night. I already have malwarebytes, but now my computer will not boot up. When I try in safe mode, it pauses telling me to hit enter to continue loading STPD.sys, but never finishes loading files before going back to initial boot screen.

    When I try to boot regular or using last good configuration, it continues booting but shortly after the windows logo it very quickly flashes blue screen of death and goes back to reboot.

    Do you know if there's any direct connection with this to personal shield pro, or a way around it, or will I have to reinstall windows again?
    Thanks
    -Mark

    ReplyDelete
  2. Mark, whats your Windows version ?

    ReplyDelete
  3. damn..i gt the infection too...

    ReplyDelete
  4. i cant install Malwarebytes Anti-malware

    ReplyDelete
  5. @ashok, you have used Safe mode with networking ?

    ReplyDelete
  6. installation as well as other .exe activities have been deactivated by personal shield pro, even in safe mode. should i try to boot from cd?

    ReplyDelete
  7. @Didi, try the following:
    Download HijackThis from the link below:
    http://go.trendmicro.com/free-tools/hijackthis/HiJackThis.exe
    Before saving HijackThis.exe, rename it first to iexplore.exe
    Click Save button to save it to desktop.

    Doubleclick on the iexplore.exe icon on your desktop for run HijackThis. HijackThis main menu opens.

    Click “Scan” button. Look for lines that looks like:

    O4 – HKLM\..\RunOnce: [{RANDOM}] C:\Documents and Settings\All Users\Application Data[RANDOM]\[RANDOM].exe
    O4 – HKLM\..\RunOnce: [{RANDOM}] C:\ProgramData\[RANDOM]\[RANDOM].exe

    Example:
    O4 – HKCU\..\RunOnce: [932849] C:\Documents and Settings\All Users\Application Data\832748\123123.exe

    Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button.
    Close HijackThis. Reboot your PC and try the steps above.

    ReplyDelete
  8. Thanks so much! It's gone --hooray! from New Zealand

    ReplyDelete
  9. I have this virus on the guest log in on my laptop. Have downloaded Malwarebytes but onto the other log in. When I run it, it doesn't remove it from the guest log in. Can't run the guest log in at all as the virus prevents me from opening anything that I could use to remove it - can't open internet, nor task manager, control panel etc. How can I remove it from the guest log in, from my other log in?

    ReplyDelete
  10. @Anonymous, try the steps from my previous comment.

    ReplyDelete
  11. I just got this virus on my work computer and I tried to remove it by starting in safe mode but when I start in safe mode the keyboard is disabled and I can't control alt delete to start it up. these guys that create these viruses not only f*** with your computers but they f*** with peoples livelihood. that's bullshit. any suggestions?

    ReplyDelete
  12. Remove this malware in Normal mode. Use the steps that I have posted above (July 8, 2011 3:06 AM). Next, reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.
    Next, download and scan your computer with Malwarebytes.

    ReplyDelete
  13. Thanks for the last tip!

    ReplyDelete
  14. Thanks! Problem solved.

    ReplyDelete