Home > Threats > ShieldSafeness

What is ShieldSafeness

Posted on 27 October 2009 under Rogue Programs

1. What is ShieldSafeness?

ShieldSafeness is a villainous computer product, designed to fool internet users, by convincing the victim that his computer system is at risk, and protective measures are inevitable.

ShieldSafeness infects computers with the help of Trojan.Fakesmoke. For inexperienced user may initially appear that this is not a dishonest intent to protect the computer. This impression is further enhanced by the following program behaviour:
  • ShieldSafeness source of infection - Online Computer scanner - which is nothing but a web page full of images, making an impression that computer is being searched for threats. This is not a reliable way to determine the level of computer protection, because the scan is being performed only for fraudulent incentive. After the alleged computer check was completed, the user will be prompted to use ShieldSafeness program in order to eliminate assumed computer system security gaps.
  • ShieldSafeness advertising will be created in fake Windows Security Center, which appearance is very similar to the original. Almost every reference contained in Security Center window will direct user to rogue payment page to get ShieldSafeness license.
  • Every few minutes interval, "Security Center Alert!" will appear in the right-hand bottom of the screen, warning user about the virus attack, with attackers IP address and port. ShieldSafeness will be offered in order to block this attack.
  • ShieldSafeness Spyware alert displayed in the taskbar area, as a notice of Security Center: Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of ShieldSafeness and remove spyware threats from your PC.

2. How to remove ShieldSafeness:

  1. Internet connection might be disabled or Internet browser might be blocked by ShieldSafeness, so it won't be possible to download any files to infected computer. In this case please download all files required for ShieldSafeness removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove ShieldSafeness download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove ShieldSafeness.

  5. Restart the computer to complete ShieldSafeness removal procedure.

3. ShieldSafeness files:

ead3.tmp.exe, shieldsafeness.exe

4. Hijackthis entries:

O4 - HKCU\..\Run: [ead3.tmp.exe] C:\WINDOWS\system32\ead3.tmp.exe