Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Saturday, June 2, 2012

Live Security Platinum Removal Guide

Tell your friends:
Live Security Platinum is a fake antivirus program (scareware) that attempts to extort money from less computer savvy users. It's a very well documented malware family, unfortunately there's always a chance that a PC user that has never had any kind of malware infection on his machine will contract this scareware. Cyber crooks are always looking for such PC users because they are usually not aware of fake security alerts and most likely will fall victim to scam.

Below is a screenshot of the Live Security Platinum:



As far as I am aware, Live Security Platinum is being transmitted via fake online virus scanners and pop-up notifications claiming that you need to update your antivirus software. There was a huge decrease in scareware traffic in the past few months. Only a few scareware families were actively distributed and they were insignificant comparing to the number of successfully installed banking trojans and worms. It seems that cyber crooks decided to 'push' other malware, mostly Cridex worm and password stealing trojans Ursnif and Fareit. Besides, there's a new password stealing trojan called Tinba alias Suzy. It belongs to a completely new malware family. This indicates that password stealing trojans and similar malware is taking the lead. Anyway, rogue security programs are still in the game.

Once installed, Live Security Platinum pretends to scan your computer for malicious software. It throws hundreds of fake virus warnings to make you think that you are infected. This rogue security program belongs to the Rogue:Win32/Winwebsec malware family. The previous version of this malware was named Smart Fortress 2012. It re-associates certain file extensions with this software, making it impossible to run task manager, registry editor or even command prompt. The nasty bug may modify Windows host file and change Windows proxy settings. Besides, Live Security Platinum stays active in safe mode. To 'unlock' the allegedly infected computer the user is instructed to pay almost 90 bucks.

Fake security alerts:



When running, this rogue security program blocks legitimate antivirus software and pretty much any other utility that can be used to delete or at least disable this malware. Live Security Platinum hijack web browsers too. It displays a fake securuty warning claiming that the website you are about to visit is not safe and may contain malicious code.

Last, but not least, if you don't remove this malware from your computer or remove it partly, it may continue to operate on your computer and can be used to commit online banking and credit card fraud. What is more, the rogue program can be bundled with TDSS rootkit. It may redirect Google search results to infected or misleading websites.

Live Security Platinum runs from "All User\Application Data" data folder in Windows XP and C:\ProgramData folder in Windows 7. A randomly named folder can be located very easily, unless of course it's hidden. But this isn't a problem either. Here's a quick guide on how to see hidden files and folder in Windows. Simply rename the malicious folder or malicious executable inside the malcious folder and reboot your computer. The rogue security program won't run because it won't find the associated files. Please, note that you still need to scan your computer with anti-malware software to completely remove the rogue antivirus program from your computer.

Another option is to reboot your computer in Safe Mode with Networking, remove Live Security Platinum core components and then run recommend anti-malware software.

And the probably the most easiest way to remove the virus from your PC is to use the debugged registration key to register the rogue program. The rogue antivirus program will disable all restrictions and you will be able to download recommended anti-malware software and run a full system scan without any problems.

To remove this virus and associated malware from your computer, please follow the removal instructions below. If you need help removing this virus, please leave a comment below. Safe surfing folks!

Source: http://deletemalware.blogspot.com


Live Security Platinum removal in Safe Mode with Networking:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.



3. Search for Live Security Platinum in the list. Select the program and click Remove button.
If you are using Windows Vista/7, click Uninstall up near the top of that window.

When it asks you to reboot, please do so. After the computer reboots and you are back at your Windows Desktop (Normal Mode), please continue with the next step.

4. Launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab.
Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.



5. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

NOTE: don't forget to update anti-malware software before scanning your computer.


Quick Live Security Platinum removal guide:

1. Open Live Security Platinum scanner. Click the "Registration" button (top right corner). Enter the following debugged registration key and click "Activate" to register the rogue antivirus program. Don't worry, this is completely legal since it's not genuine software.

AA39754E-715219CE




Once this is done, you are free to install recommended anti-malware software and remove Live Security Platinum from your computer properly.

2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

NOTE: don't forget to update anti-malware software before scanning your computer.


Associated Live Security Platinum files and registry values:

Files:

Windows XP:
  • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS]\
  • %UserProfile%\Desktop\Live Security Platinum.lnk
  • %UserProfile%\Start Menu\Programs\Live Security Platinum\
  • %UserProfile%\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
Windows Vista/7:
  • C:\ProgramData\[SET OF RANDOM CHARACTERS]\
  • %UserProfile%\Desktop\Live Security Platinum.lnk
  • %UserProfile%\Start Menu\Programs\Live Security Platinum\
  • %UserProfile%\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum\
Tell your friends:

10 comments:

Anonymous said...

I found this virus on my computer today. Thanks for your instructions, these help me remove it.

Anonymous said...

The key is invalid.

Anonymous said...

Key is not valid

Admin said...

Yes, we know that, however, there are not valid key at the moment. Please follow the alternate removal guide.

Anonymous said...

Running a search for any .exe files (using an admin account) created in the last 7 days usually finds it. Rename it, reboot, then run the scans.

Anonymous said...

Why is Spyware Doctor the recommended AM-software for this? Just curious.

Admin said...

Because I know it removes this malware. But you may use any other antimalware software if you like.

Anonymous said...

The alternate removal guide didn't work, either, as this malware does not let you remove it by going to Control Panel and then Add/Remove program. I was able to get rid of it a different way, though. I went it to Safe Mode as instructed above and then ran Malware Bytes Anti-Malware (free program which I already had on my computer, last updated on July 4, 2012). This program located the malware and deleted it. Hope this helps.

Anonymous said...

My antivirus was operating while "Live Security Platinum" was active. I scanned the system and confirmed that the alarm was fake. Then I put the "Live Security Platinum" in quarantine with the antivirus and my computer started operating normally again (eg. control panel, internet explorer etc).

Anonymous said...

My antivirus was still functional. I scanned to confirm fake alarm. Then I put “Live Platinum Security” in quarantine, and the PC started operating normally again.