Personal Shield Pro
Posted: September 19, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 119 |
| First Seen: | June 10, 2011 |
|---|---|
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
Personal Shield Pro is a clone of other rogue anti-virus software from the WinWeb Security family. Rogue threats from this family, like Personal Shield Pro, will create fake infection warnings, inaccurate system scan results and other false information to make you think that many different infections are attacking your PC. However, this is just part of a scam to steal your credit card information, since Personal Shield Pro can neither remove nor even detect malicious software. Other problems linked to Personal Shield Pro and Personal Shield Pro's clones include browser hijacks and disabled applications. You can remove Personal Shield Pro, and along with Personal Shield Pro, all fake infection warnings, by using Safe Mode to prevent Personal Shield Pro from starting before you use up-to-date anti-virus software to scan your PC.
How the Personal Shield Pro Scam Begins
Personal Shield Pro is likely to be present on a variety of fraudulent homepages and on websites with poor security for file uploads. These sites may describe Personal Shield Pro as being a good security tool, despite Personal Shield Pro's complete lack of threat detection or removal features. Websites affiliated with Personal Shield Pro may also use Trojan attackers to install Personal Shield Pro on your PC without your consent.
Like all recent members of Personal Shield Pro's family, Personal Shield Pro uses a shield icon and a streamlined blue interface to make Personal Shield Pro look like a real security program. What Personal Shield Pro will not mention is that Personal Shield Pro is a direct copy of other threats like Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus. Any differences between these rogue security programs are purely a matter of cosmetic tweaks and detection-thwarting measures.
Personal Shield Pro will pretend to scan your computer and continually find Trojans, keyloggers and other threats that supposedly can be removed only by registering Personal Shield Pro for a not-so-small fee. In addition to the fake scans, Personal Shield Pro will back up Personal Shield Pro's word with a variety of realistic-looking pop-up errors. Examples include, but aren't restricted to:
Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a Trojan-dropper or similar. Threat: Win32/Nuqel.E
Security Alert
Virus Alert!
Application can't be started! The file [application file] is damaged. Do you want to activate your anti-virus software now?
Windows Security Alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.
How Personal Shield Pro Digs in Deeper to Thwart Your Security
Personal Shield Pro will go further than just making you believe that imaginary infections are on your PC. Infections by Personal Shield Pro may also show some of the following, more dangerous symptoms:
- Browser hijacks that block some or all websites with the sole exception of Personal Shield Pro's own homepage.
- Crashes or otherwise blocked usage of a variety of applications. Personal Shield Pro is known to attack security and system maintenance targets like Control Panel, and is likely to attack popular anti-virus scanners, too.
Personal Shield Pro accomplishes these things by running itself automatically through startup Registry entries. Instead of trying to clean your Registry manually, which can result in other system errors, you should reboot into Safe Mode or boot into your OS from a CD. This will stop Personal Shield Pro from running and will let you use any necessary anti-virus software to delete Personal Shield Pro, including Personal Shield Pro's Registry changes.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%ALLUSERSPROFILE%\Application Data\mD01602GlHmG01602\mD01602GlHmG01602.exe
File name: mD01602GlHmG01602.exeSize: 421.88 KB (421888 bytes)
MD5: 19dab1a5fdfff11669c4c1467c6baff0
Detection count: 105
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\mD01602GlHmG01602
Group: Malware file
Last Updated: August 9, 2011
soft.exe
File name: soft.exeSize: 363 KB (363008 bytes)
MD5: e28b3f70d688e78e6c7f8f711ae8174e
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
gD10300AlEiN10300.exe
File name: gD10300AlEiN10300.exeSize: 385.02 KB (385024 bytes)
MD5: 84a3010129e24ac954645ab0bfc488de
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
00124.exe
File name: 00124.exeSize: 860.16 KB (860160 bytes)
MD5: 84d455e3b246818b8096a9b2762f8019
Detection count: 30
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 9, 2011
C:\Documents and Settings\<username>\application data\j47qm3h4g2ea.exe
File name: j47qm3h4g2ea.exeSize: 860.16 KB (860160 bytes)
MD5: a2ba596574440a49cb012ea30b148eab
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: C:\Documents and Settings\<username>\application data\j47qm3h4g2ea.exe
Group: Malware file
Last Updated: August 17, 2022
%Documents and Settings%\All Users\Desktop\Personal Shield Pro.lnk
File name: %Documents and Settings%\All Users\Desktop\Personal Shield Pro.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Temp%\[RANDOM CHARACTERS]\
File name: %Temp%\[RANDOM CHARACTERS]\Group: Malware file
%Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
File name: %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AllUsersProfile%\1030010300\1030010300.exe
File name: %AllUsersProfile%\1030010300\1030010300.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AllUsersProfile%\1030010300\1030010300
File name: %AllUsersProfile%\1030010300\1030010300Group: Malware file
%AllUsersProfile%\1030010300
File name: %AllUsersProfile%\1030010300Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "1030010300"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[RANDOM CHARACTERS].exe”HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
Additional Information
| # | Message |
|---|---|
| 1 | Harmful software detected! Personal Shield Pro has detected malicious software that may cause PC crash. Click “Remove All” button below to remove them now. KBDARME.DLL KBDFR.DLL KBDMON.DLL |
| 2 | Personal Shield Pro Firewall Alert Personal Shield Pro Firewall has blocked a program from accessing the internet. Internet Explorer Internet Browser is infected with worm Lsas.Blaster.Keylogger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remote host. |
| 3 | Security Alert Virus Alert! Application can’t be started! The file [application file] is damaged. Do you want to activate your anti-virus software now? |
| 4 | Warning! Application cannot be executed. The file taskmgr.exe is infected. Please activate your antivirus software. |
| 5 | Warning: Your computer is infected Windows has detected spyware infection! Click this message to install the last update of Windows security software... |
| 6 | Windows Security Alert Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now. |
| 7 | Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a Trojan-dropper or similar. Threat: Win32/Nuqel.E |
The real problem is your program. My PC just fine before the program Personal Shield Pro into my system. Please stop the product you make, because I feel more disturbed by your product rather than a robber on the streets. you better beg in the streets rather than producing such anti-virus which is annoying ..
I had luck with spyhunter. not sure what doel\'s deal was? although i did a safe mode boot and things moved along faster and then BOOM, personal shield pro was gone on my next reboot. many thx to you guys!
IAM DONT HAVE SERIAL KEY..AFTER BUY YOUR LOGICIEL ENTI VIRUS SHIEL PRO..PLEASE HELP ME
What is Doel saying, this site is for anyone to remove the fake Av not the company who distribute it.
Has he read the webpage?? If he has then he should read it again, as he has clearly misunderstood what it says.
I think its very good, and have successfully remove this Fake Av from my machine with it answers.
Well done SpywareRemove.com.
how do you get rid of this Personal shield pro, when it wont let you open the malware romoving software?? it is really annoying!!
How to get rid of this I did not ask for it
BOOM! Spyhunter worked for me. Took a risk on trying it be in the end you guys rocked! Thanks again!
Charlie, thanks for telling me that the download worked. I almost did not use it but somehow it was able to stop personal sheild from loading on my screen. thx!
WebViewer, you are correct. At first I thought this site was bogus but after using the download malware scanner I know 100% it is legit. That program found personal shield pro and removed it. Excellent work! Many thanks to this removal report and its creators!
This is just like the personal shield 2.20 program. they have the same interface and luckly i used your spyhunter to remove it AGAIN. why does this mess come back on my sons laptop. i think he is watching porn again.
what do i do if i purchase personal shield pro? do they have my credit card to use now against my will? I am scared because it was a debit card of mine and i don't have much money to cover additional charges. I called visa and the lady told me to call my credit union also to let them know what happened.
Please remove this Personal Shield junk off my PC NOW! I hope to God that your advice works. keeping fingers crossed as I attempt removal right now.
you guys saved my ass! I cannot thank you enough.
can't start pc. When I select "start in safe mode with Networking" it just cycles back to that start-up page. So I can't download any software. any hints?
Personal Shield Pro anti-virus is not anti-virus at all. They created a robber to robed peaple. Hope some one take them to curt.
how many of these posts are by the owner (sock puppet). and it's funny how some don't read the information on the webpage, since they think u own personal shield pro (eg Doel)
Doel, can't you read? how on earth can you think the owner of this site is the maker of personal shield pro? does it mean you didn't bother to even read the first paragraph of this webpage. plz tell us all how you arrived at that conclusion.....
That's a wise answer to a tircky question