Saturday, 15 May 2010

How to remove Live Security Suite (Removal instructions)

Live Security Suite is a fake anti-malware program that gives false or exaggerated reports of threats on your computer and displays fake warnings to make you think that your computer is infected with malicious software, Trojans, adware, spyware and other viruses. Just like all the other fake programs, it's promoted through the use of Trojans, fake online scanners and misleading video websites that prompt to update or install flash player to view certain videos. Once, Live Security Suite is installed, it will state that it has detected numerous malware infections on your computer and then will prompt you to pay for a full version of the program to remove the infections and make your computer protected against future security threats. Sounds great, but the problem is that LiveSecuritySuite is actually a scam, don't trust it.



If you are reading this article, then your computer is probably infected with Live Security Suite virus. The good news is that this fake anti-malware program can be removed for free using legit malware removal tools. Please follow the removal instructions below to remove Live Security Suite from your computer.

As you may already know, this rogue program is very annoying. It displays fake security warnings and pop-ups like every five minutes stating that your computer is infected or under attack. Some of the fake alerts read:

"Spyware activity alert!
Spyware.BrowserDeath activity detected. This kind of spyware is attempts to steal passwords from Internet Explorer, Mozilla Firefox, Opera and other programs, including logins and passwords from online banking sessions, eBay, PayPal, etc."


"Privacy Violation alert!
Live Security Suite detected a Privacy Violation. A program is secretly sending your private data to an untrusted internet host. Click here to block this activity by removing the threat (Recommended)."


"Live Security Suite has detected harmful software in your system. We strongly recommended you to register Live Security Suite to remove these threats immediately."

Moreover, Live Security Suite will hijack Internet Explorer, block safe websites and display a fake warning stating that the website you are about to visit is risky or infected with malware. This is actually a very clever way to make the whole scam look even more realistic. The text of the fake Internet Explorer warning are:

"Internet Explorer has closed this webpage to help protect your computer.
A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage."



Another very important thing to remember when removing Live Security Suite virus is that it may actually come bundled with TDSS rootkit. That's why we strongly recommend you to scan your computer with TDSSKiller utility (see TDSS, Alureon, Tidserv, TDL3 removal instructions using TDSSKiller utility). Also note, that you should scan your PC with at least two anti-malware programs to really make sure that every single infected file related to Live Security Suite was removed from your computer. If you have already bought this virus, then you should contact your credit card company immediately and dispute the charges. If you have any questions or additional information about this malware, please leave a comment. Good luck and be safe!

Live Security Suite removal instructions (method #1):

Download one of the following legitimate anti-malware applications and run a quick system scan. Don't forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.

NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.

Removing Live Security Suite in Safe Mode with Networking (method #2):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
Live Security Suite files and registry values:

Folders and files:
  • C:\Documents and Settings\All Users\Start Menu\Programs\Live Security Suite
  • C:\Program Files\Live Security Suite
  • C:\Program Files\Live Security Suite\activate.ico
  • C:\Program Files\Live Security Suite\Explorer.ico
  • C:\Program Files\Live Security Suite\LiveSS.exe
  • C:\Program Files\Live Security Suite\unins000.dat
  • C:\Program Files\Live Security Suite\uninstall.ico
  • C:\Program Files\Live Security Suite\working.log
  • C:\Program Files\Live Security Suite\db
  • C:\Program Files\Live Security Suite\Languages
  • %UserProfile%\Application Data\Live Security Suite
  • %UserProfile%\Application Data\Live Security Suite\settings.ini
  • %UserProfile%\Application Data\Live Security Suite\uill.ini
  • %UserProfile%\Application Data\Live Security Suite\unins000.exe
  • %UserProfile%\Application Data\Live Security Suite\Uninstall Live Security Suite.lnk
  • %UserProfile%\Application Data\Live Security Suite\db
  • %UserProfile%\Application Data\Live Security Suite\db\config.cfg
  • %UserProfile%\Application Data\Live Security Suite\db\Timeout.inf
  • %UserProfile%\Application Data\Live Security Suite\db\Urls.inf
  • %UserProfile%\Desktop\LiveSS.exe.txt
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
  • %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
Registry values:
  • HKEY_CURRENT_USER\Software\Live Security Suite
  • HKEY_LOCAL_MACHINE\SOFTWARE\Live Security Suite
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Suite_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
  • HKEY_CURRENT_USER\Software\Microsoft\FTP "SearchDir" = "C:\Program Files\Live Security Suite\"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS" = "http://gen-avpay.com/choose/?productid=GENAV3&uid=0&machineid=c3f92274b4b15694ae2311bd2316c727"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "uniname" = "Live Security Suite_is1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Live Security Suite"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AVPath" = "\\.\root\SecurityCenter:AntiVirusProduct.instanceGuid="{653E64F8-62B6-4F96-B22D-4FFC6E44130E}""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent "URLSS[2.0.3.0]"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallDisableNotify" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirstRunDisabled" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "UpdatesDisableNotify" = "0"
Share this information with other people:
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)