Livepcantispyware.com

Livepcantispyware.com Description

Livepcantispyware.com is a misleading website that distributes the fake security program called Windows Defender 2010. Livepcantispyware.com is inserted into a victim's Hosts file by a Trojan; once this is done the victim will be constantly redirected to Livepcantispyware.com. Livepcantispyware.com will conduct a fake system scan and report the detection of a number of dangerous computer threats. Do not believe any of the fake security notifications displayed on Livepcantispyware.com and do not follow any recommendations to purchase the "full" version of Windows Defender 2010.

Technical Information

File System Details

Livepcantispyware.com creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Application Data\ave.exe N/A

Registry Details

Livepcantispyware.com creates the following registry entry or registry entries:
RegistryKey
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "ave.exe" /START "firefox.exe" -safe-mode
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "ave.exe" /START "firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "ave.exe" /START "iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" "AntiVirusOverride" = "1"