Description: Live Enterprise Suite is one of the more dangerous fake anti-spyware programs propagating through the internet today. It is related to Ghost Antivirus and Internet Antivirus, but uses even more aggressive methods than its relatives to push users to buy a license for Live Enterprise Suite. This rogue software reaches the user through malware and fake anti-malware scanners on the internet. As soon as it is installed, it will disable essential Windows services like Task manager and Registry editor, making it harder to remove. In addition, it creates random paths within the Windows folder which results in random termination of Windows Explorer and as a result the user gets completely lost when trying to traverse the files and folders in their PC. Next, Live Enterprise Suite will load at startup and start performing fake system scans, flagging legitimate Windows software as threats via countless pop-ups. The rogue software will also claim that the currently installed ‘trial’ version of Live Enterprise Suite is inadequate to clean the detected threats, and it recommends that the user purchase the ‘full’ version of the rogue software. However, it is important to note that the so-called ‘full’ version is incapable of removing the falsely-generated threats. In some cases as it has flagged Windows files as spyware, removing them could cause the system to malfunction. Therefore no user should allow themselves to be bullied into paying for a license of Live Enterprise Suite.
Live Enterprise Suite
» Download Live Enterprise Suite Removal Software
You should take steps to remove Live Enterprise Suite if you find a copy of it on your system. The required steps are outlined below.
Live Enterprise Suite File Removal Procedures
First of all, it is necessary to stop the following processes which are related to Live Enterprise Suite: ( Learn how to terminate a running process )
- winlogon.exe ( Please note this is a real file process that is most likely infected. DO NOT delete the process. Simply end it if you can.
- services.exe
- [random path]char.exe
- IAPro.exe (this is the main LES program. Stop this and you should then be able to use your current secuirity software )
The next step is to unregister the following DLL files:
- WMILib.dll
- [random path].dll
You will need to run a virus scan using whatever security client you like best to determine the other DLL for you. We do just recommend purchasing a security client to unregister the dlls for you.
The final step in file removal is deleting the files and folders themselves. To complete this step, remove the following files and folders from your computer:
- %UserProfile%\Application Data\Live Enterprise Suite
- %UserProfile%\Application Data\Live Enterprise Suite\settings.ini
- %UserProfile%\Application Data\Live Enterprise Suite\uill.ini
- %UserProfile%\Application Data\Live Enterprise Suite\unins000.exe
- %UserProfile%\Application Data\Live Enterprise Suite\updateloadlist.ini
- %UserProfile%\Application Data\Live Enterprise Suite\db
- %UserProfile%\Application Data\Live Enterprise Suite\db\config.cfg
- %UserProfile%\Application Data\Live Enterprise Suite\db\Timeout.inf
- %UserProfile%\Application Data\Live Enterprise Suite\db\Urls.inf
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk
- %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
- %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
- %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
- %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
- %UserProfile%\My Documents\My Pictures\atbyin.exe
- c:\Program Files\Common Files\[random path]char.exe
- c:\Program Files\Common Files\[random path]calc.exe
- c:\Program Files\Internet Antivirus Pro
- c:\Program Files\Internet Antivirus Pro\activate.ico
- c:\Program Files\Internet Antivirus Pro\Explorer.ico
- c:\Program Files\Internet Antivirus Pro\IAPro.exe
- c:\Program Files\Internet Antivirus Pro\unins000.dat
- c:\Program Files\Internet Antivirus Pro\uninstall.ico
- c:\Program Files\Internet Antivirus Pro\working.log
- c:\Program Files\Internet Antivirus Pro\db
- c:\Program Files\Internet Antivirus Pro\db\DBInfo.ver
- c:\Program Files\Internet Antivirus Pro\db\ia080614.db
- c:\Program Files\Internet Antivirus Pro\db\lists.ini
- c:\Program Files\Internet Antivirus Pro\db\WMILib.dll
- c:\Program Files\Internet Antivirus Pro\Languages
- c:\Program Files\Internet Antivirus Pro\Languages\IAEs.lng
- c:\Program Files\Internet Antivirus Pro\Languages\IAFr.lng
- c:\Program Files\Internet Antivirus Pro\Languages\IAGer.lng
- c:\Program Files\Internet Antivirus Pro\Languages\IAIt.lng
- c:\WINDOWS\system32\[random path].dll
- c:\WINDOWS\system32\[random path].dll
- c:\Documents and Settings\All Users\Desktop\Internet Antivirus Pro.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro
- c:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro Home Page.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Purchase License.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk
Once these steps have been completed, Live Enterprise Suite no longer resides on your hard disk.
Registry Removal Procedures
In order to remove Live Enterprise Suite completely from your system, the following registry keys and settings should also be removed: (How to Edit Registry Here)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “Debugger”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe “RealDebugger”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\567 1.4.2.0_is1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Enterprise Suite_is1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HTGRDENGINE
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTGrdEngine
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTGRDENGINE
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTGrdEngine
- HKEY_CURRENT_USER\Software\Microsoft\FTP “SearchDir” = “c:\program files\Internet Antivirus Pro\”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run “[random]”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Live Enterprise Suite”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Microsoft Windows logon process”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION “svchost.exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent “URIAPRO[]”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent “URIAPRO[]”
Once these entries have been removed from the Windows Registry, your computer is completely safe from Live Enterprise Suite.
Conclusion
Inexperienced users should not attempt to remove Live Enterprise Suite manually as a wrong action could cause damage to your system.
Outside Resources:
http://www.bleepingcomputer.com/virus-removal/remove-live-enterprise-suite
Speak Your Mind