NavaShield is a rogue antivirus program that tricks unsuspecting users into downloading it, when it is actually malware. It was initially discovered in 2010, when it advertised itself with the slogan "award winning computer protection". It also makes some grammatical errors in its alerts and such, which is a clue that it is a rogue antivirus.
The logo appears to be a blue shield with a chrome-like color around it. It also has an "N" written in a "fancy" font, which stands for "Nava".
In 2013, it was discovered that its servers are currently down, and any registration key entered in its download window is useless.
PayloadEditIt had its own website, Navashield.com. NavaShield's site looked very user-friendly like any antivirus website, so normal Windows users may have thought it was legitimate. This is aided by the rogue's design.
The rogue does not do anything until one week has passed when it begins nagging the user to buy the "full" version. It does this by making an annoying ticking sound and displaying an ad encouraging the user to buy NavaShield. After the rogue has been on the system for several more weeks, it attempts to simulate an actual malware infection to get the user to purchase the fake program. To do this, it plays the sound of a group of men laughing over and over again. If the user has one of Microsoft's Text-To-Speech voices installed (usually Microsoft Sam), Navashield will make the TTS Voice talk at the user or say nonsensical things, such as "I am a Robot from outer space.", "I love you!", or it can even swear at the user. It also redirects the user to porn sites if the user goes online. It will also open Mail and show a non-existent email address to send to: "beb@sexsex". The icon tray bar will also start changing in size. Finally, another laugh that is higher in pitch starts to play. It also blocks Task Manager to stop the user from cancelling the infection.
Another variant of Navashield will try to fake a malware infection by displaying an inescapable message box that says "Disk drive C:\ is being deleted" and slowly grows while making a beeping sound. Eventually it consumes the entire screen, and afterwards it flashes to the user's desktop wallpaper, but with no icons, taskbar, etc. Some minutes after rebooting, the screen goes back to normal.
- The name "NavaShield" might be a mistranslation of "LavaShield".
- Download an antivirus that can detect rogues (Malwarebytes is suggested for this case).
- Scan with the antivirus.
- Remove some extra remaining files that may not have been detected.
- Delete the malicious registry entries left by the malware.