Live Security Suite

Live Security Suite Description

Live Security Suite is not a security suite at all. Despite Live Security Suite's rather realistic appearance and use of Windows logos, Live Security Suite is a fraud. Live Security Suite has no affiliation with Microsoft, Live Security Suite isn't a native Windows program, and Live Security Suite isn't capable of protecting your PC security. Live Security Suite was created in order to scare you into paying money for a phony software license, and Live Security Suite isn't capable of doing anything else.

Symptoms Caused by Live Security Suite

It is important to remember that although Live Security Suite claims to be an anti-virus program, Live Security Suite is, in fact, malware. Therefore, the symptoms of an infection with Live Security Suite will take the forms of fake system scans and security alerts. When Live Security Suite is present on your computer, you will notice the following symptoms:

  • Every time Windows starts up, the first thing you see is a Live Security Suite interface. It is detailed and includes realistic Windows styling, as well as a fake version and update number. When this interface appears, Live Security Suite will run a fake scan of your computer, and then tell you that your PC is threatened by a huge number of infections. If you respond to these results by telling Live Security Suite to remove the threats, Live Security Suite will tell you that Live Security Suite can only do that if you pay to register Live Security Suite's software
  • While Windows runs, every few minutes you will see some kind of security alert message from Live Security Suite. These alerts frequently have headers that say things like "Privacy Violation alert!" and "Spyware Activity alert!" and which provide very vague details about a supposed threat to your security. Unlike real anti-virus software, Live Security Suite never tells you the name of the suspicious file, where it is located, or when it was found. All of the alerts created by Live Security Suite are meant to drive you to Live Security Suite's payment website, and if you click on the prompts in the alerts, that is where you will find yourself.
  • Live Security Suite will hijack Internet Explorer, and possibly other browsers, as well. Whenever you try to view a website, you either have been redirected to a payment site for the Live Security Suite scam, or you will get a phony security window within the browser that says that you have been prevented from navigating to a malicious site. This phony security screen includes links to the payment site that Live Security Suite is trying to get you to visit.

So, no matter what threats Live Security Suite claims to find on your system, chances are, none of those threats is present. Live Security Suite can't detect or remove them, and no amount of money spent on a bogus license is going to change that. Also, no amount of money spent on fake licenses will cause Live Security Suite to stop harassing you.

Where Did Live Security Suite Come From?

If you don't remember downloading Live Security Suite, you're not alone. Generally, Live Security Suite relies on Trojans in order to find its way into victim PCs. The Trojan may be tied with a file downloaded through a peer-to-peer service or a freeware download, or it may be pushed onto your system as a drive-by download on a malicious website. However, the most common mode of infection of all is for the Trojan to be disguised as a video codec, especially a Flash codec, so that you will download it without thinking. Then, after the Trojan has downloaded, it makes several important changes to the Registry, and it drops the files for Live Security Suite. Those changes will go into effect the next time you start Windows.

Live Security Suite appeared in May 2010, and Live Security Suite caused most of Live Security Suite's infections in the summer of 2010. Since then, Live Security Suite has been displaced by more malicious and more robust rogue security applications, but Live Security Suite should still be considered a threat.

Technical Information

File System Details

Live Security Suite creates the following file(s):
# File Name Detection Count
1 %UserProfile%\Application Data\Live Security Suite\unins000.exe N/A
2 c:\Program Files\Live Security Suite\db\WMILib.dll N/A
3 c:\Program Files\Live Security Suite\LiveSS.exe N/A
4 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe N/A
5 c:\Documents and Settings\All Users\Start Menu\Programs\Live Security Suite\Live Security Suite Home Page.lnk N/A
6 c:\Documents and Settings\All Users\Start Menu\Programs\Live Security Suite\Purchase License.lnk N/A
7 c:\Program Files\Live Security Suite N/A
8 c:\Program Files\Live Security Suite\unins000.dat N/A
9 c:\Program Files\Live Security Suite\db N/A
10 %UserProfile%\Application Data\Live Security Suite N/A
11 %UserProfile%\Application Data\Live Security Suite\db\config.cfg N/A
12 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Live Security Suite.lnk N/A
13 %UserProfile%\Desktop\Live Security Suite.lnk N/A
14 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png N/A
15 c:\Documents and Settings\All Users\Start Menu\Programs\Live Security Suite N/A
16 c:\Documents and Settings\All Users\Start Menu\Programs\Live Security Suite\Purchase Licence.lnk N/A
17 c:\Program Files\Live Security Suite\db\lists.ini N/A
18 c:\Program Files\Live Security Suite\Explorer.ico N/A
19 c:\Program Files\Live Security Suite\working.log N/A
20 c:\Program Files\Live Security Suite\Languages N/A
21 %UserProfile%\Application Data\Live Security Suite\uill.ini N/A
22 %UserProfile%\Application Data\Live Security Suite\db\Urls.inf N/A
23 %UserProfile%\Application Data\Live Security Suite\db N/A
24 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png N/A
25 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini N/A
26 c:\Documents and Settings\All Users\Desktop\Live Security Suite.lnk N/A
27 c:\Documents and Settings\All Users\Start Menu\Programs\Live Security Suite\Live Security Suite.lnk N/A
28 c:\Program Files\Live Security Suite\db\ia080614.db N/A
29 c:\Program Files\Live Security Suite\activate.ico N/A
30 c:\Program Files\Live Security Suite\uninstall.ico N/A
31 c:\Program Files\Live Security Suite\db\DBInfo.ver N/A
32 %UserProfile%\Application Data\Live Security Suite\settings.ini N/A
33 %UserProfile%\Application Data\Live Security Suite\db\Timeout.inf N/A
34 %UserProfile%\Application Data\Live Security Suite\Uninstall Live Security Suite.lnk N/A
35 %UserProfile%\Desktop\LiveSS.exe.txt N/A
36 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png N/A

Registry Details

Live Security Suite creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS" = "http://gen-avpay.com/choose/?productid=GENAV3&uid=0&machineid=c3f92274b4b15694ae2311bd2316c727"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallDisableNotify" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent "URLSS[2.0.3.0]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Suite_is1
HKEY_CURRENT_USER\Software\Live Security Suite
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Live Security Suite"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AVPath" = "\\.\root\SecurityCenter:AntiVirusProduct.instanceGuid="{653E64F8-62B6-4F96-B22D-4FFC6E44130E}"
HKEY_LOCAL_MACHINE\SOFTWARE\Live Security Suite
HKEY_CURRENT_USER\Software\Microsoft\FTP "SearchDir" = "C:\Program Files\Live Security Suite\"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "uniname" = "Live Security Suite_is1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirstRunDisabled" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "UpdatesDisableNotify" = "0"

More Details on Live Security Suite

The following messages associated with Live Security Suite were found:
Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. Click here to remove it immediately with Live Security Suite.
Internet Explorer has closed this webpage to help protect your computer.
A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.
Live Security Suite has detected harmful software in your system. We strongly recommended you to register Live Security Suite to remove these threats immediately.
Live Security Suite has found %Found% viruses on your computer. It is recommended to disinfect files as soon as possible.
Malicious spyware that can harm your system has been detected on your PC. Click here to remove this riskware immediately with Live Security Suite.
Privacy Violation alert!
Live Security Suite detected a Privacy Violation. A program is secretly sending your private data to an untrusted internet host. Click here to block this activity by removing the threat (Recommended).
Self restoring Trojan virus that can lead to total system crash has been detected on your PC. Click here to remove this harmful virus immediately with Live Security Suite.
Spyware activity alert!
Spyware.BrowserDeath activity detected. This kind of spyware is attempts to steal passwords from Internet Explorer, Mozilla Firefox, Opera and other programs, including logins and passwords from online banking sessions, eBay, PayPal, etc.
System files modification alert!
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unauthorized modification by removing threats (Recommended).
Tracking cookies that steal your passwords, accounts and credit card information have been detected in your system. Click here to remove them immediately with Live Security Suite.
Your PC is still infected with dangerous viruses. It is strongly recommended to activate antivirus protection to prevent data loss and to avoid the theft of your credit card details. Click here to activate protection.

Related Posts