Home Malware Programs Rogue Anti-Spyware Programs Shield Soldier

Shield Soldier

Posted: October 7, 2010

Shield Soldier (or ShieldSoldier) is a rogue antispyware program designed to con computer users into spending money. Shield Soldier uses scare tactics to convince users that the PC is infected with malware. The system will then be bombarded by popup warnings urging the purchase of ShieldSoldier to remove the alleged threats. Do not become another hapless victim of cybercrime and have Shield Soldier removed using a reliable antispyware program.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Desktop\ShieldSoldier.lnk
    2 %UserProfile%\Local Settings\Temp\.exe
    3 c:\Documents and Settings\All Users\Desktop\RegistryClever.lnk
    4 c:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\
    5 c:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\Homepage.lnk
    6 c:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\RegistryClever.lnk
    7 c:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\Uninstall.lnk
    8 c:\Documents and Settings\All Users\Start Menu\Programs\ShieldSoldier.lnk
    9 c:\Program Files\FDFCA\
    10 c:\Program Files\FDFCA\F0E84.exe
    11 c:\Program Files\FDFCA\Uninstall.exe
    12 c:\Program Files\RegistryClever Software\
    13 c:\Program Files\RegistryClever Software\RegistryClever\
    14 c:\Program Files\RegistryClever Software\RegistryClever\license.txt
    15 c:\Program Files\RegistryClever Software\RegistryClever\RegistryClever.exe
    16 c:\Program Files\RegistryClever Software\RegistryClever\RegistryCleverTray.exe
    17 c:\Program Files\RegistryClever Software\RegistryClever\Styles\
    18 c:\Program Files\RegistryClever Software\RegistryClever\Styles\Vista.cjstyles
    19 c:\Program Files\RegistryClever Software\RegistryClever\uninstall.exe
    20 c:\WINDOWS\.bin
    21 c:\WINDOWS\.cpl
    22 c:\WINDOWS\.dll
    23 c:\WINDOWS\system32\.bin
    24 c:\WINDOWS\system32\.cpl
    25 c:\WINDOWS\system32\.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TrayScan"HKEY_CURRENT_USER\Software\RegistryCleverHKEY_CURRENT_USER\Software\ShieldSoldierHKEY_LOCAL_MACHINE\SOFTWARE\RegistryCleverHKEY_LOCAL_MACHINE\SOFTWARE\ShieldSoldierHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "F0E84.exe"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}RegistryCleverShieldSoldier
Loading...