Home Rogue Websites Www5.my-security-shield.com

Www5.my-security-shield.com

Posted: August 20, 2010

Www5.my-security-shield.com is the website My Security Shield uses to promote itself. The corrupt site uses fake warnings claiming the system is infected to urge unwary users to purchase My Security Shield, which is also a fake. Use a legitimate malware remover to terminate these pests from your computer.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Shield.lnk
    2 %Documents and Settings%\[UserName]\Application Data\My Security Shield\
    3 %Documents and Settings%\[UserName]\Application Data\My Security Shield\cookies.sqlite
    4 %Documents and Settings%\[UserName]\Desktop\My Security Shield.lnk
    5 %Documents and Settings%\[UserName]\Recent\ANTIGEN.drv
    6 %Documents and Settings%\[UserName]\Recent\ANTIGEN.exe
    7 %Documents and Settings%\[UserName]\Recent\cid.dll
    8 %Documents and Settings%\[UserName]\Recent\CLSV.drv
    9 %Documents and Settings%\[UserName]\Recent\DBOLE.sys
    10 %Documents and Settings%\[UserName]\Recent\ddv.dll
    11 %Documents and Settings%\[UserName]\Recent\ddv.sys
    12 %Documents and Settings%\[UserName]\Recent\energy.tmp
    13 %Documents and Settings%\[UserName]\Recent\FS.drv
    14 %Documents and Settings%\[UserName]\Recent\gid.drv
    15 %Documents and Settings%\[UserName]\Recent\PE.drv
    16 %Documents and Settings%\[UserName]\Recent\PE.exe
    17 %Documents and Settings%\[UserName]\Recent\PE.sys
    18 %Documents and Settings%\[UserName]\Recent\PE.tmp
    19 %Documents and Settings%\[UserName]\Recent\runddlkey.dll
    20 %Documents and Settings%\[UserName]\Recent\std.exe
    21 %Documents and Settings%\[UserName]\Recent\tjd.drv
    22 %Documents and Settings%\[UserName]\Recent\tjd.sys
    23 %Documents and Settings%\[UserName]\StartMenu\My Security Shield.lnk
    24 %Documents and Settings%\[UserName]\StartMenu\Programs\My Security Shield.lnk
    25 %Documents and Settings%\All Users\Application Data\8d7ca11\
    26 %Documents and Settings%\All Users\Application Data\8d7ca11\25.mof
    27 %Documents and Settings%\All Users\Application Data\8d7ca11\MS8d7c_2155.exe
    28 %Documents and Settings%\All Users\Application Data\8d7ca11\MSS.ico
    29 %Documents and Settings%\All Users\Application Data\8d7ca11\MSSSys\vd952342.bd

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\3HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "My Security Shield"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\MSSSys.DocHostUIHandler
Loading...