Live Enterprise Suite Removal Guide



See these Forums for Guides/Assistance

********************************************************************************************************************************

Statement From the Editor

If you have a question, ask in comment area, no sign in required

Click the Pic’s to Visit the Sites!

Read each guide at all links before starting the removal process so that you will know exactly what steps to take and which removal process is best for your issue

********************************************************************************************************************************

Live Enterprise Suite is a rogue security program from the same family as Ghost Antivirus and Internet Antivirus Pro. This program is promoted through the use of malware and advertisements that pretend to be online anti-malware scanners. Regardless of how Live Enterprise Suite is installed on your computer, it uses aggressive techniques to make it difficult to remove it. First, it disables Task Manager so that you cannot end the processes associated with this program. It will also install a random named malware that is created in random paths under the Windows folder. This process, along with the main Live Enterprise Suite, will terminate known security executables as well as constantly terminate Explorer.exe when it restarts itself so that you cannot access your Windows desktop or access any of the programs residing on it. Last, but not least, the TDL3 rootkit has been found with this rogue that may make it even harder to remove.

How to Remove the TDSS,TDL3, or Alureon rootkit using TDSSKiller

Gmer.net for rootkits. Bleeping Computer’s   RootkitList

or*** HitmanPro***RootkitRevealer

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files suggested in this guide to another computer and then transfer them to the infected computer via a CD/DVD, external drive, or USB flash drive. If this is not possible, see the   RescueCD Software section on home page.

Step 1.

Bleeping Computer’s Live Enterprise Suite (Uninstall Guide)

Reboot your computer into Safe Mode with Networking. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Eventually you will be brought to a menu similar to the one below:

Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. If you are having trouble entering safe mode, then please use the following tutorial: How to start Windows in Safe Mode

Malwarebytes’ Tutorial *****by Bleeping Computer

Microsoft How to Get Rid of Malware

****************************************************************************************************************************

If no luck See

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

OR but Not Both

I’m infected – What do I do now?

Complete all the steps you can and post new topic—HERE

*****************************************************************************************************

The tools needed for this removal are:

ATF For cleaning of Temp Files & the Java cache

See Screenshots

<<<<<<<<<<<<<<<>>>>>>>>>>>>>>

Malwarebytes’ Anti-Malware

Please download Malwarebytes’ Anti-Malware to your desktop.

Click the Free Version

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes’ Anti-Malware
    • Launch Malwarebytes’ Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.

See the Tutorial for specific instructions.

Malwarebytes’ Tutorial

If Malwarebytes’ will not install see*****HERE*****

Or*****HERE*****

When Malwarebytes’ will not run see*****HERE*****

Common Issues,Questions,and their Solutions

Step 2. If Needed

<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>

SUPERAntiSpyware Tutorial

When SUPERAntiSpyware will not install or run see*****HERE*****

SUPERAntiSpyware Online Safe Scan

SUPERAntiSpyware Portable Scanner can be downloaded from a different computer and run on the infected computer. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. It runs from the CD and requires NO internet connection. If the infected computer can not download, then this is a solution. Simply download the portable scanner and copy it to a USB/CD. NOTE: The portable scanner is random named to prevent the malware from stopping the scanner from running. For more software similar to this see the RescueCD software section on home page which scan an infected system and can recover personal data due to infection/defective or failing hard drive.

*********************************************

Dr.Web CureIt!

**************************************

Ccleaner for a good clean-up

Screenshots

Step 3.

Uninstall all Adobe software and Java and install the latest versions

Adobe—>HERE

******************************

Use JavaRa to clean out old versions of Java>HERE

Then look for the following Java folders and if found delete them.


C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Windows\Sun
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

Then install new Java—>HERE

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cacheLeave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page HERE

*************************************************************************************************

Step 4

Clean System Restore

Four steps to this. #1. Have your antivirus open or use the ESET Online Scanner below and set to full scan and running. #2. Turn off system restore. #3. Launch ATF and clean until “No Files Cleaned”. #4. When scan is finished, turn system restore back on and create a restore point.

NOTE: Make sure that your computer is clean before taking these steps.

See below for instructions on how to use System Restore.

XP

VISTA

WINDOWS 7

************************************************************************************************************************

NOTE
If you are having problems connecting your computer to the Internet after removing malware or spyware,

Try this Winsock Fix

************************************************************************************************************************

If you are still having issues see

When should I re-format?

Virut and other File infectors-Throwing in the Towel?

VMSAR Virus/Rogue Removal Guide

How to Start Windows in Safe Mode

How to use the Task Manager

How to use the Microsoft Malicious Software Removal Tool

How to Install, reinstall, or uninstall Windows

********************************************************************************************************************************

Online Scanners

That Detect and Remove for Free!

********************************************************************************************************************************

Manual Removal Section Caution, a mistake here could cause operating system failure  😦

Live Enetrprise Suite Associated Files:

c:\Documents and Settings\All Users\Desktop\Internet Antivirus Pro.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro
c:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Purchase License.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk
%UserProfile%\Application Data\Live Enterprise Suite
%UserProfile%\Application Data\Live Enterprise Suite\settings.ini
%UserProfile%\Application Data\Live Enterprise Suite\uill.ini
%UserProfile%\Application Data\Live Enterprise Suite\unins000.exe
%UserProfile%\Application Data\Live Enterprise Suite\updateloadlist.ini
%UserProfile%\Application Data\Live Enterprise Suite\db
%UserProfile%\Application Data\Live Enterprise Suite\db\config.cfg
%UserProfile%\Application Data\Live Enterprise Suite\db\Timeout.inf
%UserProfile%\Application Data\Live Enterprise Suite\db\Urls.inf
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
%UserProfile%\My Documents\My Pictures\atbyin.exe
c:\Program Files\Common Files\<random path>char.exe
c:\Program Files\Common Files\<random path>calc.exe
c:\Program Files\Internet Antivirus Pro
c:\Program Files\Internet Antivirus Pro\activate.ico
c:\Program Files\Internet Antivirus Pro\Explorer.ico
c:\Program Files\Internet Antivirus Pro\IAPro.exe
c:\Program Files\Internet Antivirus Pro\unins000.dat
c:\Program Files\Internet Antivirus Pro\uninstall.ico
c:\Program Files\Internet Antivirus Pro\working.log
c:\Program Files\Internet Antivirus Pro\db
c:\Program Files\Internet Antivirus Pro\db\DBInfo.ver
c:\Program Files\Internet Antivirus Pro\db\ia080614.db
c:\Program Files\Internet Antivirus Pro\db\lists.ini
c:\Program Files\Internet Antivirus Pro\db\WMILib.dll
c:\Program Files\Internet Antivirus Pro\Languages
c:\Program Files\Internet Antivirus Pro\Languages\IAEs.lng
c:\Program Files\Internet Antivirus Pro\Languages\IAFr.lng
c:\Program Files\Internet Antivirus Pro\Languages\IAGer.lng
c:\Program Files\Internet Antivirus Pro\Languages\IAIt.lng
c:\WINDOWS\system32\<random path>.dll
c:\WINDOWS\system32\<random path>.dll

Live Enterprise Suite Windows Regisrty Information:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\567 1.4.2.0_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Enterprise Suite_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HTGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTGrdEngine
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTGrdEngine
HKEY_CURRENT_USER\Software\Microsoft\FTP “SearchDir” = “c:\program files\Internet Antivirus Pro\”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run “<random>”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Live Enterprise Suite”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Microsoft Windows logon process”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION “svchost.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent “URIAPRO[]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent “URIAPRO[]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “RealDebugger”

Issues that “may” be in a HijackThis log:

O4 – HKCU\..\Run: [Microsoft Windows logon process] %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Run: [Live Enterprise Suite] “c:\program files\Internet Antivirus Pro\IAPro.exe” /s
O4 – HKCU\..\Policies\Explorer\Run: [<random path>] “<random path>\<random>.exe”
O23 – Service: Guard Service (HTGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe

Have your HijackThis log analyzed*****HERE*****Copy your log and paste it in the box at the site and wait for the results. Scroll down the page and you will see a detailed description of each entry and suggestion actions to take,if any, with each, but before you do use SystemLookup below to double check the results. A mistake here can cause Operating System Failure!

Use*****SystemLookup*****as a reference resource for HijackThis

HijackThis Tutorial*****by BleepingComputer

********************************************************************************************************************************

If you run across a file that is not being detected or removed, you can upload the file to*****VIRUSTOTAL*****and they will analyze it and when the results are shown, it will give a list of whatsoftware’s are detecting the threat and which are removing it, kinda takes the guess work out of the equation.

More to use

Jotti’s Malware Scan

Dr. Web Online Check

Kaspersky File Scanner

********************************************************************************************************************************

Other Useful Infromation:

Virus Identification Resources

Security Software, Online Scanners and Virus Removal Tools

Video on “How to Remove Malware for Free” by Mirzo’s

Forums

********************************************************************************************************************************

********************************************************************************************************************************

Advertisements

Posted February 5, 2010 by Wide Glide in Virus Removal

All Things Equal

A fine WordPress.com site

Everything Anti-Malware!

Reviews, Step-by-Step Guides,Toolkits and News

TechNet Blogs

Malware Removal

SUPERAntiSpyware Blog

Malware Removal

Security Garden

Malware Removal

S!Ri.URZ

Malware Removal

miekiemoes' Blog

Malware Removal

Malwarebytes Labs

Malware Removal

Metallica's blog

About malware

Malware Removal

Opera News

Malware Removal

WordPress.com

WordPress.com is the best place for your personal blog or business site.

%d bloggers like this: