Home Malware Programs Rogue Anti-Spyware Programs Personal Shield Pro

Personal Shield Pro

Posted: September 19, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 117
First Seen: June 10, 2011
Last Seen: April 18, 2018
OS(es) Affected: Windows

ScreenshotPersonal Shield Pro is a clone of other rogue anti-virus software from the WinWeb Security family. Rogue threats from this family, like Personal Shield Pro, will create fake infection warnings, inaccurate system scan results and other false information to make you think that many different infections are attacking your PC. However, this is just part of a scam to steal your credit card information, since Personal Shield Pro can neither remove nor even detect malicious software. Other problems linked to Personal Shield Pro and Personal Shield Pro's clones include browser hijacks and disabled applications. You can remove Personal Shield Pro, and along with Personal Shield Pro, all fake infection warnings, by using Safe Mode to prevent Personal Shield Pro from starting before you use up-to-date anti-virus software to scan your PC.

How the Personal Shield Pro Scam Begins

Personal Shield Pro is likely to be present on a variety of fraudulent homepages and on websites with poor security for file uploads. These sites may describe Personal Shield Pro as being a good security tool, despite Personal Shield Pro's complete lack of threat detection or removal features. Websites affiliated with Personal Shield Pro may also use Trojan attackers to install Personal Shield Pro on your PC without your consent.

Like all recent members of Personal Shield Pro's family, Personal Shield Pro uses a shield icon and a streamlined blue interface to make Personal Shield Pro look like a real security program. What Personal Shield Pro will not mention is that Personal Shield Pro is a direct copy of other threats like Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, Security Shield, MS Removal Tool, Advanced PC Shield 2012, Security Sphere 2012, Futurro Antivirus and Antivirus Center. Any differences between these rogue security programs are purely a matter of cosmetic tweaks and detection-thwarting measures.

Personal Shield Pro will pretend to scan your computer and continually find Trojans, keyloggers and other threats that supposedly can be removed only by registering Personal Shield Pro for a not-so-small fee. In addition to the fake scans, Personal Shield Pro will back up Personal Shield Pro's word with a variety of realistic-looking pop-up errors. Examples include, but aren't restricted to:

Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a Trojan-dropper or similar. Threat: Win32/Nuqel.E

Security Alert
Virus Alert!
Application can't be started! The file [application file] is damaged. Do you want to activate your anti-virus software now?

Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.

How Personal Shield Pro Digs in Deeper to Thwart Your Security

Personal Shield Pro will go further than just making you believe that imaginary infections are on your PC. Infections by Personal Shield Pro may also show some of the following, more dangerous symptoms:

  • Browser hijacks that block some or all websites with the sole exception of Personal Shield Pro's own homepage.
  • Crashes or otherwise blocked usage of a variety of applications. Personal Shield Pro is known to attack security and system maintenance targets like Control Panel, and is likely to attack popular anti-virus scanners, too.

Personal Shield Pro accomplishes these things by running itself automatically through startup Registry entries. Instead of trying to clean your Registry manually, which can result in other system errors, you should reboot into Safe Mode or boot into your OS from a CD. This will stop Personal Shield Pro from running and will let you use any necessary anti-virus software to delete Personal Shield Pro, including Personal Shield Pro's Registry changes.

ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Personal Shield Pro may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%ALLUSERSPROFILE%\Application Data\mD01602GlHmG01602\mD01602GlHmG01602.exe File name: mD01602GlHmG01602.exe
Size: 421.88 KB (421888 bytes)
MD5: 19dab1a5fdfff11669c4c1467c6baff0
Detection count: 105
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\mD01602GlHmG01602\
Group: Malware file
Last Updated: August 9, 2011
c:\documents and settings\all users\application data\j47qm3h4g2ea.exe\j47qm3h4g2ea.exe File name: j47qm3h4g2ea.exe
Size: 860.16 KB (860160 bytes)
MD5: a2ba596574440a49cb012ea30b148eab
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: c:\documents and settings\all users\application data\j47qm3h4g2ea.exe\
Group: Malware file
Last Updated: October 23, 2021
soft.exe File name: soft.exe
Size: 363 KB (363008 bytes)
MD5: e28b3f70d688e78e6c7f8f711ae8174e
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
gD10300AlEiN10300.exe File name: gD10300AlEiN10300.exe
Size: 385.02 KB (385024 bytes)
MD5: 84a3010129e24ac954645ab0bfc488de
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
00124.exe File name: 00124.exe
Size: 860.16 KB (860160 bytes)
MD5: 84d455e3b246818b8096a9b2762f8019
Detection count: 30
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
%Documents and Settings%\All Users\Desktop\Personal Shield Pro.lnk File name: %Documents and Settings%\All Users\Desktop\Personal Shield Pro.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Temp%\[RANDOM CHARACTERS]\ File name: %Temp%\[RANDOM CHARACTERS]\
Group: Malware file
%Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe File name: %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AllUsersProfile%\1030010300\1030010300.exe File name: %AllUsersProfile%\1030010300\1030010300.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AllUsersProfile%\1030010300\1030010300 File name: %AllUsersProfile%\1030010300\1030010300
Group: Malware file
%AllUsersProfile%\1030010300 File name: %AllUsersProfile%\1030010300
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "1030010300"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS].exe”HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

Additional Information

The following messages's were detected:
# Message
1Harmful software detected! Personal Shield Pro has detected malicious software that may cause PC crash. Click “Remove All” button below to remove them now. KBDARME.DLL KBDFR.DLL KBDMON.DLL
2Personal Shield Pro Firewall Alert Personal Shield Pro Firewall has blocked a program from accessing the internet. Internet Explorer Internet Browser is infected with worm Lsas.Blaster.Keylogger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remote host.
3Security Alert Virus Alert! Application can’t be started! The file [application file] is damaged. Do you want to activate your anti-virus software now?
4Warning! Application cannot be executed. The file taskmgr.exe is infected. Please activate your antivirus software.
5Warning: Your computer is infected Windows has detected spyware infection! Click this message to install the last update of Windows security software...
6Windows Security Alert Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.
7Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a Trojan-dropper or similar. Threat: Win32/Nuqel.E

Related Posts

18 Comments

  • Doel says:

    The real problem is your program. My PC just fine before the program Personal Shield Pro into my system. Please stop the product you make, because I feel more disturbed by your product rather than a robber on the streets. you better beg in the streets rather than producing such anti-virus which is annoying ..

  • Petel B says:

    I had luck with spyhunter. not sure what doel\'s deal was? although i did a safe mode boot and things moved along faster and then BOOM, personal shield pro was gone on my next reboot. many thx to you guys!

  • michel jean cairo says:

    IAM DONT HAVE SERIAL KEY..AFTER BUY YOUR LOGICIEL ENTI VIRUS SHIEL PRO..PLEASE HELP ME

  • WebViewer says:

    What is Doel saying, this site is for anyone to remove the fake Av not the company who distribute it.
    Has he read the webpage?? If he has then he should read it again, as he has clearly misunderstood what it says.
    I think its very good, and have successfully remove this Fake Av from my machine with it answers.
    Well done SpywareRemove.com.

  • Dave says:

    how do you get rid of this Personal shield pro, when it wont let you open the malware romoving software?? it is really annoying!!

  • Marion says:

    How to get rid of this I did not ask for it

  • Charlie says:

    BOOM! Spyhunter worked for me. Took a risk on trying it be in the end you guys rocked! Thanks again!

  • Anthony J says:

    Charlie, thanks for telling me that the download worked. I almost did not use it but somehow it was able to stop personal sheild from loading on my screen. thx!

  • Peter Fezzel says:

    WebViewer, you are correct. At first I thought this site was bogus but after using the download malware scanner I know 100% it is legit. That program found personal shield pro and removed it. Excellent work! Many thanks to this removal report and its creators!

  • Stevie Niel says:

    This is just like the personal shield 2.20 program. they have the same interface and luckly i used your spyhunter to remove it AGAIN. why does this mess come back on my sons laptop. i think he is watching porn again.

  • Sue Hunt says:

    what do i do if i purchase personal shield pro? do they have my credit card to use now against my will? I am scared because it was a debit card of mine and i don't have much money to cover additional charges. I called visa and the lady told me to call my credit union also to let them know what happened.

  • Ricky Vesa says:

    Please remove this Personal Shield junk off my PC NOW! I hope to God that your advice works. keeping fingers crossed as I attempt removal right now.

  • Mark Hurbbert says:

    you guys saved my ass! I cannot thank you enough.

  • Mack says:

    can't start pc. When I select "start in safe mode with Networking" it just cycles back to that start-up page. So I can't download any software. any hints?

  • Jayson says:

    Personal Shield Pro anti-virus is not anti-virus at all. They created a robber to robed peaple. Hope some one take them to curt.

  • Mr Sock Puppet says:

    how many of these posts are by the owner (sock puppet). and it's funny how some don't read the information on the webpage, since they think u own personal shield pro (eg Doel)

  • At Doel says:

    Doel, can't you read? how on earth can you think the owner of this site is the maker of personal shield pro? does it mean you didn't bother to even read the first paragraph of this webpage. plz tell us all how you arrived at that conclusion.....

  • Abel says:

    That's a wise answer to a tircky question