Tech Support: I have started a new Forum on this site. If you have any questions/ problems, please ask them in this forum

WiniShield

Last Updated on Wednesday, 13 January 2010 17:20 Sunday, 09 August 2009 08:59

Rogue - Antispyware

 
WiniShield is reported to be a rogue application. There are malicious webites like winishield(dot)com distributing this application.
  1. You may have downloaded it knowingly or unknowingly mistaking it to be something else.
  2. It may have automatically downloaded while you were visiting some harmful website
  3. Your computer may have a trojan virus which in turn downloads such an application.
Recently I have noticed that the malware authors are also keeping track of the removal instructions published on the internet. As soon as they think that the malware is exposed, they change the file/folder names and the locations where they are saved on the hard disk. So keeping this in mind you will require the latest information of the malware in order to be able to remove it.

You can see the threatexpert analysis report on this link.

If you happen to have the virus installer, you can submit it to threatexpert site and get it analyzed. That will help you to get the precise information about the virus.  

Trying system restore

 If you know the duration since your computer is infected, you can try to restore your computer at a prior date, that will work like a miracle in removing the infection

Free removal tools

  • Special tools to remove a single virus or a family of virus.
  • Free Online virus scanners
  • Fully functioning antivirus/ antispyware
All these tools are listed below

Manual Removal

The steps to be taken to remove the infected files manually   

Remove Processes from Task Manager 

Press Ctrl Shift Esc to open Task Manager. See in the list of the processes for a processe/s named winishield.exe or winishieldsvc.exe ,  select if found and press the End Process button. It will prompt you , say yes, and then close the Task Manager.

Optionally you can use Windows Defender to see the path of a currently running program/ process and its publisher, so as to differentiate malware processes from windows genuine processes.

 

 Removing entry from windows startup

  The system configuration can be started in xp and in vista by typing msconfig in the run box/ start menu search box. In xp by clicking on Start > run . The windows startup is reversible, therefore you can check / uncheck any entry from windows startup any number of times.

After the system configuration utility window is open, Click on the Startup tab, that will list all the programs that are scheduled to start when you turn your computer On. Expand the middle column using your mouse pointer so that you can see the path of the program on the hard disk, that will give you a clear idea, what program that is. Locate and uncheck the entries if  found "WiniShield" or "WiniShield Software" (look for any other suspicious names) Uncheck the boxe in front of these entries.   Press Apply , Press Close/Ok , Stay in the system configuration utility for the next step.

Disabling Windows Process

Click on the Services tab, locate a process named "WiniShield Security Service" or WiniShieldSvc. Uncheck the box in front of its name. Press Apply, Press Close/Ok. You may now restart the computer if prompted. 

View Hidden Files 

Before you could delete WiniShield and its associated files you need to search for them, and before doing that you need to enable to view hidden files and folders

  •  
    •  How to Enable to View Hidden Files and Folders in Windows XP
      •          How to Enable to View Hidden Files and Folders in Windows Vista

 

Searching and Deleting the Folders / files on the hard disk

After restarting the computer, use the windows search utility to search for "WiniShield". This search will find all its folders on the hard disk , delete the folders from the hard disk. Delete its all instances.

The Folders could be found in following locations
    %CommonPrograms%\WiniShield
     %Temp%\nsb2.tmp
     %ProgramFiles%\WiniShield Software
     %ProgramFiles%\WiniShield Software\WiniShield

(in order to remove the files from the temp folder, using a temp files cleaner like CCleaner is recommended)

%Program Files% is typically C:\Program Files\
%CommonPrograms% is typically C:\Documents and Settings\All Users\Start Menu\Programs\
%Temp% is typically C:\Documents and Settings\[UserName]\Local Settings\Temp\

Run CCleaner

Even  If you manage to find and delete Antivirus 2008 XP and its associated files , there will be remaining entries in the windows regitry. If you run a free temp files/registry cleaner called CCleaner, that will automatically clean the registry as well as the temp folder . Click here to read more

Editing Registry 

if you are comfortable in editing the regisrty manually using the regedit command.


 You can find a list of all the registry modifications done by this rogue on this link 

More Problems

If you are unable to open Task Manager, registry editor, system restore, Folder Options etc

If the virus has disabled them. There are free tools and techniques to solve this problem.  They are listed here.

Tools for Windows XP

Tools for Windows Vista

Using the system file checker

If the windows is not functioning normally, you need to make sure if the genuine windows system files are not altered by the virus, you can use the system file checker utility to find it out and in case if they are altered then to repair them. See the appropriate link for your version of windows.

  •  How to run System File checker utility in windows XP
    •          How to run System File checker utility in windows Vista

Unable to access security related sites

It can happen if your Hosts file has been altered. To repair/ edit the hosts file. Login as administrator. open the following file in notepad
C:\ WINDOWS \system32 \drivers \etc \hosts
remove anything other than 127.0.0.1 Localhost, and save and close the file.

Using Firewall 

Check your firewall for any suspicious communincation from your computer to the internet and block it using firewall.

 Reference of threatexpert reports with permission from ThreatExpert.com

Search within this site

Read in your language


Main Menu

Home
----Sections----
Harmful Files
Virus Removal
Trojan Removal
Worms Removal
Rogues Removal
Unwanted Apps
Removal Tools
Current News
----Articles----
Warning/ Disclaimer
Common Folders
Preventive Measures
Removal Instructions
Video Tutorials
----Site Info----
Sitemap
About/Contact

Useful Links

Author's Profile


Free Download


HijackThis

Help is at hand


To make things easier, I will help you to find out viruses on your computer. To do that, You can send me a Hijackthis log.

Hijackthis is a free tool for Windows from TrendMicro. Download/install and run it, that will create a text file called hijackthis.log You can save this file on your hard disk.

You can mail it to me on support(at)comprolive.com Or you can post it in the forum on this site

Make your donations here


Select Amount
Privacy Policy