Home Malware Programs Rogue Anti-Spyware Programs Shield Soldier

Shield Soldier

Posted: October 7, 2010

Shield Soldier (or ShieldSoldier) is a rogue antispyware program designed to con computer users into spending money. Shield Soldier uses scare tactics to convince users that the PC is infected with malware. The system will then be bombarded by popup warnings urging the purchase of ShieldSoldier to remove the alleged threats. Do not become another hapless victim of cybercrime and have Shield Soldier removed using a reliable antispyware program.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Desktop\ShieldSoldier.lnk
    2 %UserProfile%\Local Settings\Temp\.exe
    3 c:\Documents and Settings\All Users\Desktop\RegistryClever.lnk
    4 c:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\
    5 c:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\Homepage.lnk
    6 c:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\RegistryClever.lnk
    7 c:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\Uninstall.lnk
    8 c:\Documents and Settings\All Users\Start Menu\Programs\ShieldSoldier.lnk
    9 c:\Program Files\FDFCA\
    10 c:\Program Files\FDFCA\F0E84.exe
    11 c:\Program Files\FDFCA\Uninstall.exe
    12 c:\Program Files\RegistryClever Software\
    13 c:\Program Files\RegistryClever Software\RegistryClever\
    14 c:\Program Files\RegistryClever Software\RegistryClever\license.txt
    15 c:\Program Files\RegistryClever Software\RegistryClever\RegistryClever.exe
    16 c:\Program Files\RegistryClever Software\RegistryClever\RegistryCleverTray.exe
    17 c:\Program Files\RegistryClever Software\RegistryClever\Styles\
    18 c:\Program Files\RegistryClever Software\RegistryClever\Styles\Vista.cjstyles
    19 c:\Program Files\RegistryClever Software\RegistryClever\uninstall.exe
    20 c:\WINDOWS\.bin
    21 c:\WINDOWS\.cpl
    22 c:\WINDOWS\.dll
    23 c:\WINDOWS\system32\.bin
    24 c:\WINDOWS\system32\.cpl
    25 c:\WINDOWS\system32\.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TrayScan"HKEY_CURRENT_USER\Software\RegistryCleverHKEY_CURRENT_USER\Software\ShieldSoldierHKEY_LOCAL_MACHINE\SOFTWARE\RegistryCleverHKEY_LOCAL_MACHINE\SOFTWARE\ShieldSoldierHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "F0E84.exe"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}RegistryCleverShieldSoldier

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Shield Soldier may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.