Windows Shield Tool
Posted: February 24, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 21 |
First Seen: | February 24, 2012 |
---|---|
Last Seen: | January 8, 2020 |
OS(es) Affected: | Windows |
Windows Shield Tool is one of the latest variants to offshoot out of the Rogue:Win32/FakePAV family of rogue anti-malware scanners. Since Windows Shield Tool shares both the looks and the distinct lack of legitimate security features that are both known traits for FakeVimes-based PC threats, SpywareRemove.com malware research team doesn't recommend that you purchase Windows Shield Tool or even tolerate its existence on your PC for any longer than necessary. Standard signs of a Windows Shield Tool infection, which may be installed by other PC threats such as Zlob Trojans, include fake pop-up alerts and unrelated applications being blocked under false pretenses. These issues can be resolved by booting your PC via a method that avoids triggering Windows Shield Tool's Registry startup entries, and then deleting Windows Shield Tool with an appropriate anti-malware program.
How Windows Shield Tool Acts as a Shield Against Your Own Software
Windows Shield Tool keeps the external appearance of anti-malware software, including carefully-crafted messages about Trojans and other PC threats that Windows Shield Tool supposedly identifies, but all the information that Windows Shield Tool provides is fraudulent and can be ignored without harming your computer. In fact, SpywareRemove.com malware experts strongly discourage any attempts to delete files or applications that Windows Shield Tool notes as infected or damaged, since this will lead you to destroy files that, in fact, are unlikely to be experiencing any issues other than Windows Shield Tool's own attacks.
Windows Shield Tool and other members of scamware from the Rogue:Win32/FakePAV family may also scan your computer's memory continually and shut down memory processes without your consent. Programs that SpywareRemove.com malware experts have noted as being in danger of being attacked thusly include:
- Adobe-brand programs, including Acrobat Reader and Photoshop.
- Popular web browsers (Internet Explorer, Opera and Chrome).
- Instant messengers.
- Webcam utilities.
- Google-brand programs, including the Google Toolbar.
Although Windows Shield Tool may also accompany these attacks with inaccurate warnings about the above applications being damaged or infected, SpywareRemove.com malware analysts stress that Windows Shield Tool has no ability whatsoever to find or remove any sort of legitimate problem in other programs.
The End Game for the Windows Shield Tool Hoax
In spite of its lack of legitimate anti-malware features, Windows Shield Tool is invested in creating the appearance of being a legitimate anti-malware product due to its ultimate goal of encouraging you to spend money on a 'more complete' version of its software. Of course, SpywareRemove.com malware analysts note that spending money on Windows Shield Tool's junk software not only will not make your PC safer than it was prior to Windows Shield Tool's arrival, but will even risk further abuse of your financial information by Windows Shield Tool's criminal development team. Some of the many errors that Windows Shield Tool may create during this charade are noted below:
Warning! Running trial version!
The security of your computer has been compromised!
Now running trial version of the software!
Click here to purchase the full version of the software and get full protection for your PC!
Warning!
Name: [Application file name]
Name: [Application file path]
Application that seems to be a key-logger is detected. System information security is at risk. It is recommended to enable the security mode and run total System scanning.
Warning! Database update failed!
Database update failed!
Outdated viruses databases are not effective and can't [sic] guarantee adequate protection and security for your PC!
Click here to get the full version of the product and update the database!
System Security Warning
Attempt to modify register key entries is detected. Register entries analysis is recommended
Warning!
Location: [Application file path]
Viruses: Backdoor.Win32.Rbot
Identical clones of Windows Shield Tool should also be considered equally harmful to your computer as Windows Shield Tool itself, since Rogue:Win32/FakePAV-based rogue anti-malware programs are distributed under many names. Well-known variants of Windows Shield Tool include Privacy Guard Pro, PrivacyGuard Pro 2.0, Extra Antivirus, Fast Antivirus 2009, Presto TuneUp, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, Live PC Care, PC Live Guard, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus and Smart Security.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%APPDATA%\Protector-ntu.exe
File name: Protector-ntu.exeSize: 2.01 MB (2012672 bytes)
MD5: 3e1177906fb1222590f01678f5352c40
Detection count: 90
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 24, 2012
%APPDATA%\Protector-yco.exe
File name: Protector-yco.exeSize: 2.01 MB (2013184 bytes)
MD5: 9ca4f33ba3b524015f00b0b39c99b571
Detection count: 89
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 24, 2012
%APPDATA%\Protector-ngo.exe
File name: Protector-ngo.exeSize: 2.17 MB (2171124 bytes)
MD5: 0e565afa6f7233aa78cd7e848785b935
Detection count: 10
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 8, 2020
%APPDATA%\Protector-qsy.exe
File name: Protector-qsy.exeSize: 2.01 MB (2014720 bytes)
MD5: 179982a6ce74b96c1efe6286a84ae9f6
Detection count: 3
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 24, 2012
%AppData%\Protector-oak.exe
File name: %AppData%\Protector-oak.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\NPSWF32.dll
File name: %AppData%\NPSWF32.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%CommonPrograms\%Windows Shield Tool.lnk
File name: %CommonPrograms\%Windows Shield Tool.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Desktopdir%\Windows Shield Tool.lnk
File name: %Desktopdir%\Windows Shield Tool.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.