Published Dec 19, 2010|Updated Aug 22, 2017


Alert level: Low Detected with Windows Defender Antivirus

Also detected as: Rogue:Win32/Winwebsec (Microsoft) Trojan.Win32.FakeAV.wly (Kaspersky) Win32/Adware.SecurityTool (ESET) FakeAlert-AVPSec.k (McAfee) Mal/FakeAV-EE (Sophos) TROJ_FAKEAV.BKC (Trend Micro) SecurityShieldFraud (Symantec) Fake utorrent (other)

Security Shield is a variant of Win32/Winwebsec - a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.
In mid to late January this variant of Win32/Winwebsec was observed being distributed via Twitter. A number of tweets were sent to users that contained a malicious link that directed them (via a redirector) to download a copy of the Security Shield variant of Rogue:Win32/Winwebsec.  
Special Note:
Rogue Antivirus programs are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products will detect and remove this threat:
For more information on antivirus software, see