Live Security Suite

May 14, 2010 webmaster Rogue, 0

What is Live Security Suite?

Live Security Suite is another malicious security program that originated from the same authors who developed Live Enterprise Suite. Most of the time, Trojans will carry this malware and infects a computer while it remains invisible to anti-virus program. Once inside, the Trojan is able to modify system settings as well as registry entries. This will allow the unwanted software to run on its own every time Windows starts. At each boot-up, it will perform a virus scan and reports that dozens of threats are found on the computer. Also, fake alert and warning messages are posted on the screen to even more scare its victims and persuade them into buying the registered version of Live Security Suite.

Similar to other fake anti-virus, Live Security Suite is promoted as the sole program that can remove viruses from a computer. It also promises to stop annoying messages, alerts and browser redirection. Where in fact, the one who created this computer displeasure is no other than the claimant itself. Its goal is to trick you into having the Live Security Suite activation code. If there is a virus or threat that requires immediate removal from a computer, then it should be this rogue program – Live Security Suite.

Type	Rogue
Sub-Type	FakeAV
OS Affected	Windows XP, Windows Vista, Windows 7

What are the Symptoms of Live Security Suite Infection?

It will modify Windows Registry and add the following entries:

• HKEY_CURRENT_USER\Software\Live Security Suite
• HKEY_LOCAL_MACHINE\SOFTWARE\Live Security Suite
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\taskmgr.exe
• HKEY_CURRENT_USER\Software\Microsoft\FTP “SearchDir” = “%Program Files%\Live Security Suite\”
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS” = “http://gen-avpay.com/choose/?productid=GENAV3&uid=0&machineid=c3f92274b4b15694ae2311bd2316c727″
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “uniname” = “Live Security Suite_is1″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “Live Security Suite”

The threat will drop the following malicious files:

• %Program Files%\Live Security Suite\LiveSS.exe
• %Program Files%\Live Security Suite\db\WMILib.dll
• %UserProfile%\Application Data\Live Security Suite\unins000.exe
• %UserProfile%\Application Data\Live Security Suite\db\config.cfg
• %UserProfile%\Application Data\Live Security Suite\db\Timeout.inf
• %UserProfile%\Application Data\Live Security Suite\db\Urls.inf
• %UserProfile%\Desktop\LiveSS.exe.txt
• %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
• %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe

Follow these Procedures to Remove Live Security Suite

Procedure 1: Manual Removal

1. Restart your computer in Safe Mode
- After Power-On the computer, just before Windows start, press F8.
- From the selections, Select Safe Mode.

2. Remove Registry entries added by Live Security Suite. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run.
- Type in the field, regedit.
- Navigate and look for the registry entries mentioned above and delete if necessary.

3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file.
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.

4. Scan computer with Antivirus Program
- Update antivirus program.
- Scan computer and delete all detected threats.
- Restart Windows.

Procedure 2: Scan PC with Removal Tool

To remove Live Security Suite, download Malwarebytes Anti-Malware by clicking on the button below. This tool is effective in getting rid of Trojans, viruses and malware.

1. After downloading, please install the program using the default settings.
2. At the end of the installation, please make sure that it will download necessary updates.
3. Once update has completed. The tool will launch.
4. Thoroughly scan the computer and remove all threats detected by Malwarebytes Anti-Malware.

Protect your PC from Live Security Suite or Similar Attack

Turn On Security Features of your Internet Browser

For safe browsing, each browser programs have their own features for blocking malicious Internet traffic. This feature is capable of detecting whether the site you are trying to visit is listed as harmful and infected with viruses. Phishing and malware web sites will not escape the filtering applied by your browser if the feature is active. Here are the safety features for corresponding Internet browsers.

• Internet Explorer - Smart Screen Filter
  This feature of Internet Explorer will check web pages for harmful entities. SmartScreen Filter immediately alerts you if it found the page suspicious. View complete information from this page.
• Google Chrome - Phishing and Malware Protection
  Safe browsing feature of Google Chrome uses a technology that protects the computer against virus and malware attacks that may arise while browsing the web. Click here to activate this feature.
• Mozilla Firefox - Block Attack Site and Web Forgeries

Install a Decent Anti-malware Program

Aside from having up-to-date anti-virus software, your computer will be safer if it is protected by anti-malware program. Anti-malware not just blocks malicious files from entering the computer but also checks if the web site you are trying to visit contains harmful elements.

Widgi Toolbar FakeAlert-AVPSec.e