Whatever it is, the forum guide did not work. I have Windows 7 Home Premium and I followed the appropriate steps given on the forums for Windows 7 for removing Security Shield to the letter. However, Malwarebytes did not remove it. In fact, it didn't even show up when I ran a full scan. (My version was outdated so I had to update it first, but after that the scan took about an hour and a half, and I feel I should note that Security Shield also made no attempt to stop it as the guide warned it might. Additionally, when I ran RKill beforehand it didn't detect any processes to terminate or remove; nothing showed up in the log.) It did detect 13 other threats though, and I figured that perhaps the malware was labeled differently, so I went ahead and took care of them. I then restarted my computer as per Malwarebytes' instructions (and which the guide said to do) so that it could finish and I could move on to the next set of steps (which I believe was to download a program to allow me to access my HOSTS file and delete it). Imagine my dismay, then, when Security Shield almost immediately booted up afterward, and the same insidious messages from it kept popping up, as well as blocking me from accessing executable files or using the Internet as it did before.
I did exactly as the guide told me to up until step 21, because, as I said above, I wasn't able to continue due to Security Shield's continued presence blocking me from running programs or accessing the Internet. (I should also perhaps note that step 20 mentions that Malwarebytes automatically opens a scan log in Notepad when it finishes. It didn't for me.)
I'm considering doing the whole thing all over again, but since it is time-consuming (and that it didn't work) I was wondering if perhaps someone here might be able to tell me what else I can do. Should I just continue on with the guide where I left off, and go back to Safe Mode? (I can run programs and access internet in Safe Mode, obviously.) I didn't because I'm pretty sure the guide assumes Security Shield is gone at this point, and I didn't want to just go ahead and delete my HOSTS file if it was still around, because I have no idea what said file is or what might happen if I attempted it.
Edit: I see another user posted a problem pretty much identical to mine (except he went ahead and deleted his HOSTS file); wasn't there when I originally came to this forum. Should I follow his responder's suggestion?
Edited by CTM162, 21 March 2012 - 10:26 AM.