Live Security Suite

Live Security Suite is another malicious security program that originated from the same authors who developed Live Enterprise Suite. This program will be carried by a Trojan that will infect a computer and still undetected by some anti-virus programs. Affected computer’s system settings will be modified by Live Security Suite’s Trojan including registry entries. This will allow the unwanted application to run automatically when Windows is started. At each boot-up, It will perform a virus scan and detects dozens of threats found on the computer. A fake alert and warning messages will be posted to even more scare its victims and persuade them into buying the registered version of Live Security Suite. It will be promoted as the sole program to remove viruses from a computer and stop annoying messages, alerts and browser redirection. Where in fact it was the one who created this computer displeasure to trick you into having the Live Security Suite activation code.  If there is a virus or threat that must be remove from a computer then it should be this rogue program.

What are the Symptoms of Live Security Suite Infection?

It will modify Windows Registry and add the following entries:

• HKEY_CURRENT_USER\Software\Live Security Suite
• HKEY_LOCAL_MACHINE\SOFTWARE\Live Security Suite
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\Live Security Suite_is1
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\taskmgr.exe
• HKEY_CURRENT_USER\Software\Microsoft\FTP “SearchDir” = “%Program Files%\Live Security Suite\”
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS” = “http://gen-avpay.com/choose/?productid=GENAV3&uid=0&machineid=c3f92274b4b15694ae2311bd2316c727″
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “uniname” = “Live Security Suite_is1″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “Live Security Suite”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AVPath” = “\\.\root\SecurityCenter:AntiVirusProduct.instanceGuid=”{653E64F8-62B6-4F96-B22D-4FFC6E44130E}””
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\5.0\User Agent “URLSS[2.0.3.0]“
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallDisableNotify” = “0″
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirstRunDisabled” = “0″
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “UpdatesDisableNotify” = “0″

The threat will drop the following malicious files:

• %Program Files%\Live Security Suite
• %Program Files%\Live Security Suite\activate.ico
• %Program Files%\Live Security Suite\Explorer.ico
• %Program Files%\Live Security Suite\LiveSS.exe
• %Program Files%\Live Security Suite\unins000.dat
• %Program Files%\Live Security Suite\uninstall.ico
• %Program Files%\Live Security Suite\working.log
• %Program Files%\Live Security Suite\db
• %Program Files%\Live Security Suite\db\DBInfo.ver
• %Program Files%\Live Security Suite\db\ia080614.db
• %Program Files%\Live Security Suite\db\lists.ini
• %Program Files%\Live Security Suite\db\WMILib.dll
• %Program Files%\Live Security Suite\Languages
• %Documents and Settings%\All Users\Desktop\Live Security Suite.lnk
• %Documents and Settings%\All Users\Start Menu\Programs\Live Security Suite
• %Documents and Settings%\All Users\Start Menu\Programs\Live Security Suite\Live Security Suite HomePage.lnk
• %Documents and Settings%\All Users\Start Menu\Programs\Live Security Suite\Live Security Suite.lnk
• %Documents and Settings%\All Users\Start Menu\Programs\Live Security Suite\Purchase Licence.lnk
• %Documents and Settings%\All Users\Start Menu\Programs\Live Security Suite\Purchase License.lnk
• %UserProfile%\Application Data\Live Security Suite
• %UserProfile%\Application Data\Live Security Suite\settings.ini
• %UserProfile%\Application Data\Live Security Suite\uill.ini
• %UserProfile%\Application Data\Live Security Suite\unins000.exe
• %UserProfile%\Application Data\Live Security Suite\Uninstall Live Security Suite.lnk
• %UserProfile%\Application Data\Live Security Suite\db
• %UserProfile%\Application Data\Live Security Suite\db\config.cfg
• %UserProfile%\Application Data\Live Security Suite\db\Timeout.inf
• %UserProfile%\Application Data\Live Security Suite\db\Urls.inf
• %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Live Security Suite.lnk
• %UserProfile%\Desktop\Live Security Suite.lnk
• %UserProfile%\Desktop\LiveSS.exe.txt
• %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
• %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
• %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
• %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
• %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe

How to Remove Live Security Suite Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary

3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.

4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.

How to Easily Remove Live Security Suite

1. Download and run Removal Tool to remove this computer threat.