Generalscansite.com
Generalscansite.com is a website used by cyber-criminals to advertise and distribute the rogue application called Live Enterprise Suite. Generalscansite.com is encountered by victims that have been infected with Trojans associated with the malicious domain. When a victim lands on Generalscansite.com a fake scan is run that will claim to detect numerous virus, worm and Trojan infections. Security alerts and pop-up windows will also flood the victim's computer screen. Then the user will be urged to purchase the "full" version of Live Enterprise Suite in order to remove the malware. Live Enterprise Suite is not able to detect or remove malware and Generalscansite.com should never be trusted.
File System Details
Generalscansite.com may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\unins000.exe | |
| 2. | %Program Files%\Common Files\[random path]calc.exe | |
| 3. | %Documents and Settings%\[UserName]\My Documents\My Pictures\atbyin.exe | |
| 4. | %Program Files%\Common Files\]random path]char.exe | |
| 5. | %Documents and Settings%\[UserName]\Local Settings\Application Data\Microsoft\Windows\services.exe | |
| 6. | %Documents and Settings%\[UserName]\Application Data\Microsoft\Windows\winlogon.exe | |
| 7. | %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\uill.ini | |
| 8. | %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\db\config.cfg | |
| 9. | %Documents and Settings%\[UserName]\Local Settings\Application | |
| 10. | %Documents and Settings%\[UserName]\Local Settings\Application Data\Microsoft\Windows\pguard.ini | |
| 11. | %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\db | |
| 12. | %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\db\Urls.inf | |
| 13. | %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\settings.ini | |
| 14. | Data\Microsoft\Windows\log.txt | |
| 15. | %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\updateloadlist.ini | |
| 16. | %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\db\Timeout.inf | |
| 17. | %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite |
Registry Details
Generalscansite.com may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTGRDENGINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Enterprise Suite_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows logon process"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "RealDebugger"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTGrdEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\567 1.4.2.0_is1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Live Enterprise Suite"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "Debugger"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HTGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTGrdEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION "svchost.exe"
