538 thoughts on “Remove Live Security Platinum (Uninstall Guide)”

1. I often see posts where the issue didn’t work out thru no fault of the person doing the helping on somebody’s PC problem. The person getting the help is totally disrespectful. Being thankful for someone trying to help is expected when they didn’t cause the problem to begin with. They are taking their own time to try and help. It’s totally the fault of the person with the problem. If you would do diligence on the daily maintenance end of your own computer, keep it updated, install the necessary essential security software like spyware, malware, registry cleaner, and keep your device drivers up to date, and keep it backed up daily which only takes a minute or two, you could eliminate the majority of your computer problems. Downloading all the freeware out there to save a buck is just the beginning of your problems.

2. Hello,
   You’ve got a pretty nasty infection on this machine. It’s a ZeroAccess rootkit which has corrupted your Windows Defender settings.
   To remove this infection, please follow the instructions from this guide: http://malwaretips.com/blogs/file-contained-a-virus-and-was-deleted-removal/

   Stay safe!

3. Hello aixirt,
   You can follow this guide: http://malwaretips.com/blogs/win-7-internet-security-2011-virus/
   Stay safe!

4. i mean threats

5. Good day Stelian!

   I am one of those infected this malware and I followed the above instruction of yours last 5 months ago.
   I am now infected with another malware yesterday, the name is “windows xp 2011 unregistered version”.
   I would like to know if you have encountered this treats and made a post how to get rid off it.
   I searched in the web yet I am not satisfied about their instruction.
   Your posts were perfectly clear and easy to follow step by step.
   Hope you can help me. Thanks a lot.

6. Oh thank you great malware remover god. I am naming all my grandchildren after you!!!! Even if they are girls!!!

7. Thanks a lot!

8. Thankyou – this blog was great – followed every step and now have my computer back – AWESOME

9. Thank you SteliaN!

10. YOU ROCK!You should get a medal!

11. phenomenal! thanks a lot.

12. ** tnx mate :)

13. tnx might

14. You are a great man!Thank you.

15. Hello Magnus,
    The Kaspersky desinfection process is really slow and not well designed…however it works…..Now can you please run a Combofix scan and post the log here so that I can take a look at what’s going on your machine:

    Download ComboFix from one of the following locations:

    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

16. Thanks!

17. Greetings from Mexico,
    Thx a lot for your help !!
    You Rock Stelian, See ya !!

18. Ok. I ran Kaspersky and it was supposed to take about 4 and a half hours, but about 3 hours in, it found a virus, Trojan? that it said it had to deal with immediately. This was a separate pop up window, and the scanner was still scanning in the background. At first I was going to wait till the scanner finished, but it had about another hour and a half to go. So to take care of the pop up window, it said to either ‘disinfect the files’ or some other option which was something like “No, not now…”. Seeing as this looked important, and it said after it fixed the files it would reboot, I didn’t know how the scan would react to this. If it finished before the original scan finished, then it would reboot and my 3+ hours of scanning would be in vain! I wasn’t going to wait around for another hour and a half, so I clicked “Yes, Disinfect my computer…” and it opened another window that started scanning on top of the other scanner. I was prompted to do this partly because I think the new virus (something like “seomncxrv.exe” with a red umbrella logo in ProcessExplorer, and when I googled the exact file name, google came up blank (not a single page)!!! Perhaps I should have got the hint,) was already causing me problems. Anyway, in middle of the second scan, the first scan just stopped, and I had to fool around with the program to find out what it found. It found a bunch of bad files and I clicked “Neutralize them”, and tried to get Kaspersky to fix the problems. It went back to the ‘Disinfect’ scan and I think I closed the other scan in frustration. But I don’t remember exactly what happened next, but basically, I think the virus tried to do something and something happened and the next thing I know windows explorer stopped working so that everything on my desktop disappeared, the taskbar, everything, and the only thing left was the Disinfect Scan. It said it had about 15 minutes left, so I let it run. What else could I do? After it finished, it rebooted the computer. Thank goodness, because I had no access to anything. Once it restarted (everything went back to normal), Kaspersky was deleting some stuff, and then it opened to the regular page, asking me to install the program. At this point I didn’t know what to do, but it looked like it successfully deleted the new virus, Trojan, so I decided to continue with your advice. I closed Kaspersky and downloaded and scanned with ESET scanner, and it found 27 bad files. I think it took care of them. After that I scanned with HitmanPro, and this time it found 13 problematic items. As the removal of these is disabled on my HitmanPro, what should I do now? Do you still want a log of the Tracking Cookies and ZeroAccesses? Or seeing as this whole process didn’t go as planned, perhaps there is another path that I should be taking? Where do we go from here?
    Thanks for all your help.

19. Hello Magnus,
    We can manually remove this files however let’s see if we can get rid of some of them using the below software:
    1.Run a scan with Kaspersky Virus Removal Tool
    Click here to download the Kaspersky Virus Removal Tool.

    1. Save it to your desktop.
    2. Double click the setup file to run it.
    3. Follow the onscreen prompts until it is installed
    4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
       • System Memory
       • Hidden startup objects
       • Disk boot sectors
       • Local Disk (C:)
       • Also any other drives (Removable that you may have)
    5. Then click on Actions on the left hand side
    6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    7. Click on Automatic Scan
    8. Now click the Start Scanning button, to run the scan
    9. After the scan is complete, close the program

    2.Run a scan with Eset Online Scanner.

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    NEXT,please re-run a scan with HitmanPro and post the log or a screenshot here and I’ll give you instructions on how to remove the left over files.
    Good luck!

20. Hey Stellion. I got the Live Security Platinum Virus on my compter again, but this time I was able to follow your guide. I got pretty far in it (and I think Malwarebytes deleted it), but I got stuck at the HitmanPro part. It scanned my computer and found 25 malicious files, but it won’t remove them for me. There was no “Acitvate Free License”; the only option is to buy the product. I tried running it again, and this time noticed that on the bottom there’s a warning sign and next to it, it says “Trial license expired. Removal of viruses and other malicious software is disabled. Buy Now”. Seeing as I prefer not to buy the product, I was wondering how you suggest I proceed? Should I do Step 7 with Rogue Killer, or do I first need to complete the HitmanPro step? And how can I get rid of those 25 malicious files?
    Please instruct me on what to do next.
    Thanks

21. Hello,
    HitmanPro and Malwarebytes should have removed this rogue antivirus,however for your peace of mind I would suggest that you perform a scan with the following utilities:

    1.Run a scan with Kaspersky Virus Removal Tool
    Click here to download the Kaspersky Virus Removal Tool.

    1. Save it to your desktop.
    2. Double click the setup file to run it.
    3. Follow the onscreen prompts until it is installed
    4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
       • System Memory
       • Hidden startup objects
       • Disk boot sectors
       • Local Disk (C:)
       • Also any other drives (Removable that you may have)
    5. Then click on Actions on the left hand side
    6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    7. Click on Automatic Scan
    8. Now click the Start Scanning button, to run the scan
    9. After the scan is complete, close the program

    2.Run a scan with Eset Online Scanner.

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

22. Thank yoU!!!

23. Thanks a lot Stelian. I’ll do so.

    Kindest Regards,

    Eloy
    Seville

24. omg…thank you soooooo much. I spent nearly 1 day trying to remove (several boot cd’s etc.) that frigging malware until I found your post. THANK YOU!
    Still one question: Should I reinstall my OS to be 100% sure that this malware is gone?

25. Hello Eloy,
    Your Combofix log shows that you’ve still got some infection on this machine.Can you please start a thread in our Malware Removal Assistance forum as we need to remove this viruses.

26. Hello Cristy,
    You can ignore that alert…Internet Explorer has displayed that alert because this file isn’t commonly downloaded …
    Also:

    1.Run a scan with Kaspersky Virus Removal Tool
    Click here to download the Kaspersky Virus Removal Tool.

    1. Save it to your desktop.
    2. Double click the setup file to run it.
    3. Follow the onscreen prompts until it is installed
    4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
       • System Memory
       • Hidden startup objects
       • Disk boot sectors
       • Local Disk (C:)
       • Also any other drives (Removable that you may have)
    5. Then click on Actions on the left hand side
    6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    7. Click on Automatic Scan
    8. Now click the Start Scanning button, to run the scan
    9. After the scan is complete, close the program

    2.Run a scan with Eset Online Scanner.

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

27. Thank you so much! This all worked great right up to the last step. Windows will not allow me to download Roguekiller. I am not given an option like do you want to download anyway….it just will not let me, saying it is unsafe. Is there another option/program?

28. I am starting a thread and I have read your blog and saved it! :) But…..I’m not sure what I’m supposed to put on the thread…..
    I will try not to meet again on here! :)

29. Hi Stelian,

    Thanks a lot for your answer and your attention. I followed your instructions closely and ran ComboFix and ESSET Online Scanner. The report created by ComboFix is to be found at the end of my this post. As for ESSET Online Scanner, it didn’t find any threat. However, as I described in my previous post, I’m still unable to install Kaspersky Internet Security 2011. In the middle of the process, I get an unexpected black screen and a sudden reboot. When I try to install Kaspersky Internet Security 2013, I still get a report stating that my PC could be infected and am recommended to scan my system with Kaspersky Virus Removal Tool. Something new happens now: Kaspersky Virus Removal Tool cannot be run now as I also get a black screen and a reboot when I try to install it. I hope you can help me with this. Many thanks in advance.

    Best regards,

    Eloy
    Seville
    Spain

    COMBOFIX REPORT *****************************************

30. Hello Eloy,
    Can you please run a scan with Combofix and ESET online scanner and post the logs here so that I can get an idea on what’s going on :

    STEP 1 : Run a scan with Combofix

    Download ComboFix from one of the following locations:

    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    ---

    STEP 2: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Waiting for your reply to tell me if your machine is ok and the logs from this utilit

31. Yes,run a scan with Malwarebytes and then go ahead with the HitmanPro scan… keep me up-to-date with what’s going on!:)

32. can i do this step on safe mode ? im using windows xp
    – i already done the STEP 5: Remove Live Security Platinum malicious files with Malwarebytes Anti-Malware FREE coz i had the software before this sh*t virus infected

33. Hi Stelian,

    Great job!!! Thanks for your post. I still need some help. Hope you can answer. I got my office’s computer infected with the Live Security Platinum one week ago and tried to remove it with my usual desinfection tool, Kaspersky Antivirus 2011. I scanned my pc with this application, which detected the virus and seemed to delete it. But whenever I restarted my computer, I still got messages from Platinum still working and downslowing my system. Then I scanned my PC with Kaspersky Virus Removal Tool and this detected a lot of infections and got rid of them. At that moment I thought my computer was already clean, but after the following restart, Kaspersky Antivirus 2011 collapsed. It stopped working. and did not started any more. I was advised to reinstall it. However, that has turned to be impossible, as during the setup process, I always get a black screen and the computer switches off all of a sudden. This continues to happen: whenever I try to install Kaspersky Antivirus 2011, my computer switches off and never get the chance to finish setup. Yesterday, I installed Kaspersky Internet Security 2013, but during the process I got a message reporting that my computer may be infected and wassuggested to download Kaspersky Virus Removal Tool. I downloaded this tool again and scanned my computer, but on this occasion it didn’t find any virus. Every time I install Kaspersky Internet Security 2013 (complete installation is possible) I get this message reporting possible infection. And every time I try to install Kaspersky Antivirus 2011, I get a black screen and my PC goes down. Could you please help me with any suggestion? Thanks a lot.

    Best regards from Seville, Spain

34. Hello Jodi,
    That alert is most likely generated by Live Security Platinum!
    Anyway,here is how you can create your own registryfix.reg :

    1.Create and run your registryfix.reg

    A.Copy all the text in bold below and paste to Notepad/Text Document

    Windows Registry Editor Version 5.00

    [-HKEY_CLASSES_ROOT\.exe\shell]

    [-HKEY_CLASSES_ROOT\.exe\DefaultIcon]

    [HKEY_CLASSES_ROOT\.exe]
    @=”exefile”

    [HKEY_CLASSES_ROOT\exefile]
    “Content Type”=-

    [HKEY_CLASSES_ROOT\exefile\shell\open\command]
    @=”\”%1\” %*”
    “IsolatedCommand”=-

    [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
    “IsolatedCommand”=-

    [HKEY_CLASSES_ROOT\.bat]
    @=”batfile”

    [HKEY_CLASSES_ROOT\batfile\shell\open\command]
    @=”\”%1\” %*”

    [-HKEY_CURRENT_USER\SOFTWARE\Classes\.exe]

    [-HKEY_CURRENT_USER\Software\Classes\exefile]

    [-HKEY_CLASSES_ROOT\secfile]

    [-HKEY_CURRENT_USER\Software\Classes\secfile]

    [-HKEY_CLASSES_ROOT\pezfile]

    [-HKEY_CURRENT_USER\Software\Classes\pezfile]

    [-HKEY_CLASSES_ROOT\sezfile]

    [-HKEY_CURRENT_USER\Software\Classes\sezfile]

    [-HKEY_CLASSES_ROOT\ah]

    [-HKEY_CURRENT_USER\Software\Classes\ah]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
    @=”firefox.exe”

    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
    @=”firefox.exe”

    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
    @=”iexplore.exe”

    B.THIS IS VERY IMPORTANT! Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)

    C. Double-click on fix.reg file to run it. Click “Yes” for Registry Editor prompt window. Then click OK.

    NEXT,follow the guide to remove the malicious file from your computer.
    Good luck!

35. Hello Barry,
    Exactly what’s happening…This infection has compromised your firewall… Please uninstall your firewall and run the below scans:

    1.Run a scan with Kaspersky Virus Removal Tool
    Click here to download the Kaspersky Virus Removal Tool.

    1. Save it to your desktop.
    2. Double click the setup file to run it.
    3. Follow the onscreen prompts until it is installed
    4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
       • System Memory
       • Hidden startup objects
       • Disk boot sectors
       • Local Disk (C:)
       • Also any other drives (Removable that you may have)
    5. Then click on Actions on the left hand side
    6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    7. Click on Automatic Scan
    8. Now click the Start Scanning button, to run the scan
    9. After the scan is complete, close the program

    2.Run a scan with Eset Online Scanner.

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

36. Hello jiwan,
    Can you perform a scan with the following utilities:

    1.Run a scan with Kaspersky Virus Removal Tool
    Click here to download the Kaspersky Virus Removal Tool.

    1. Save it to your desktop.
    2. Double click the setup file to run it.
    3. Follow the onscreen prompts until it is installed
    4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
       • System Memory
       • Hidden startup objects
       • Disk boot sectors
       • Local Disk (C:)
       • Also any other drives (Removable that you may have)
    5. Then click on Actions on the left hand side
    6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    7. Click on Automatic Scan
    8. Now click the Start Scanning button, to run the scan
    9. After the scan is complete, close the program

    2.Run a scan with Eset Online Scanner.

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    VERY IMPORTANT!: NEXT,please delete Combofix from your desktop and download a fresh copy of this utility.After you have disabled your antivirus,run a scan with Combofix and post the log here.

37. Hi i had this problem and my friend recomended to install malwarebytes and it removed the malware, so then i uninstall malwarebytes but on the next day the malware still showed up. Again i had to install the malwarebyted and it removed the malware i also used comboflix. Still on the lower right when i click customize it shows something like 9d62tmp. live security premium. Please help me to completely remove it
    Thanx

38. nevermind it had something to do with firewall i guess.

39. Thanks for the help. Got through all the steps and I seem to be doing ok except 1 major problem.
    I cannot run any programs that require connecting to the internet after login and username. For example Tweetdeck or Thinkorswim.

    Unable to connect. Please check your network.

40. The link that you have provided on step 3 for the Registryfix.reg download link doesn’t work for me. :/ It says it was blocked due to containing walware and exploits. How exactly does this virus get into a computer? Because I don’t download any programs on this laptop ever. I save a few pictures, but that’s about it. :(

41. What type of error do you get when trying to download this utility?Can you try to download RogueKiller from here,if it doesn’t work then go ahead with the below steps:
    1.Run a scan with Kaspersky Virus Removal Tool
    Click here to download the Kaspersky Virus Removal Tool.

    1. Save it to your desktop.
    2. Double click the setup file to run it.
    3. Follow the onscreen prompts until it is installed
    4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
       • System Memory
       • Hidden startup objects
       • Disk boot sectors
       • Local Disk (C:)
       • Also any other drives (Removable that you may have)
    5. Then click on Actions on the left hand side
    6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    7. Click on Automatic Scan
    8. Now click the Start Scanning button, to run the scan
    9. After the scan is complete, close the program

    2.Run a scan with Eset Online Scanner.

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

42. My computer won’t let me d/l roguekiller..

43. you are the best, great instructions and worked like a charm, thank you very much

44. Thanks from my 13 year old son! He got Live Security and this has been a great step by step to follow. All seems fine now. Took some time, but worth it!

45. Thank you very much, you save my lap…

46. Hello nat,
    Read the guide above and you’ll get rid of this fake antivirus! :)

47. Hello JohnnyW,
    Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on :

    STEP 1 : Run a scan with Combofix

    Download ComboFix from one of the following locations:

    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    ---

    STEP 2: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

48. Thanks !

49. Hi, Stelian. My problem is still exist, hope you can me some advice.
    I followed your Step 1 to Step 6, so that my PC got back to Internet and IE browsing. Unfortunately when I conducted Step 7 Roguekiller, I got blue Screen when the program started prescan. Then I tried ESET Online Scanner and it cleared 10 files with threads. But I still encounter same problem when I conducted Roguekiller, I worry about the status of my PC, is it safe to use? What else can I do? Please give your expert comment, thanks.

50. I followed your step by step process and it worked magically to remove a virus called “Live Security Platinum” fake software that took over my computer instantly! I am blessed to have found your site.

    Thanks for all you do!
    Jerry Kelly

51. hello i was wondering if anyone can help me. live security platinum virus appears to have taken over my laptop. i have started it in safemode and can now finally access the internet however i have no clue how to remove it. i tried to unistall it but this did not work. i have read numerous posts on ways to remove it by downloading things and typing in stuff but it all seems complicated to me (im not the best with technology) can anyone explain and give me an easy method to get rid of this horrible virus? thank you

52. For some weird reason i didn’t do all of those things mentioned above…i tried the old skool ways lol….shut down my modem and let the PC running without any internet connection whatsoever, i just right clicked the Platinum AV icon on my desktop and open File Location, delete any files related to this crap fake AV. eventho u CAN’T delete the whole files on that folder (3 files listed inside the folder), but you CAN delete 2 of them, except the main Platinum AV.exe file. Once you delete those files turn your PC off, completely OFF!!. Turn it back on after a while and put your internet back on and download SUPERantispyware and Malwarebytes’ Anti-Malware to your PC, install them apps and run complete scan with both applications just to make sure your PC is clean from the virus. Restart your PC and it should running without any problem.

    I know it looks simple and very old skool, but it worked! i’m running Windows 7 Ultimate x64.

    Good luck folks..

53. Hello aisling,
    Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on :

    STEP 1 : Run a scan with Combofix

    Download ComboFix from one of the following locations:

    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    ---

    STEP 2: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

54. Cheers Stelian, this was great to follow and heaps of help, now I should ban my wife from using the computer.
    thanks again

55. fake alerts keep coming up though i have done everything

56. Hello Nichole,
    You can ignore that alert .. The program is safe otherwise I wouldn’t recommended :)

57. THANK YOU…………………..
    was just doing some work at home in the office and the Live-Security-Platnium somehow started ans in less than 4 mins i could not use anything on my laptop.
    luckily a had my mac for other programs i used and googled the damn thing.

    i looked at a couple links and yours loked the best.
    I tried everything you said and it all worked great except for “Rogue Killer” I was unable to download or open it.

    Anyway, all is GREAT and working again.
    THANKS A MILLION

58. thanks, iam linux but my mom no :/ very useffuly!

59. Thanks a lot. You should be nominated for the Nobel-price.

60. Thanks for sharing! I am having trouble with step 7, RogueKIller. My computer is saying it is not commonly downloaded and could harm computer. It won’t let me run this. Should I save? Try another Roguekiller ???

61. same thing happened with me, just did everything in safe mode up until the hitman pro im pretty sure

62. Thankyou soooooo much !!!
    was in the middle of doing a high school certificate assignment when the stupid live whatever platnum crap appeared !!
    not sure what that last stuff did though – the rogue killer stuff
    but im just glad the virus is gone.
    again thanks so much for this ! youre a legend !!!

63. You are a life saver. Thank you so much for this!

    I followed your instructions and my computer works fine again.

64. Thanks a lot..Wonderful Guide.

65. Hi,

    Thanks so much. I think it works. I followed all the steps, but when doing step 6 onwards I still had to stay in safe mode. When I tried running the computer in normal mode after the anti-malware scan (step 5), live security platinum was still running. I wanted to check that doing step 6 onwards in safe mode is ok, or do I need to do something else. Now, after haveing done all the steps, I am able to work in normal mode fine.

    Again, thanks a lot. You’re a savior!

66. Hello Jessica,
    The RogueKiller log looks good…..Unless you are having other problems, it is time to do the final steps.

    1. Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
    2. In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK
    3. Follow the prompts on the screen
    4. A message should appear confirming that ComboFix was uninstall

    Delete the following folders: (If they exist)
    C:\ComboFix
    C:\Qoobox

    You should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard
    Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions.

67. Hello Katherine,
    Can you please run a scan with RogueKiller (Instructions on STEP 7) and then try to run the Malwarebytes scan.
    If you are still having issues reply back and I’ll help you with further instructions.

68. When I try running Malwarebytes again it always freezes up at the same point. Also it seems that Rkill didn’t terminate any processes.

69. Hi. Malwarebytes ran for about 20 minutes, didn’t detect any objects yet and then froze up before it finished. Do you know how I can fix this problem?

    Thanks
    Katherine

70. Without you I’m nothing!

    the perfect guide to how to!

    a 1000 time thank you!

71. I now have internet access! There aren’t enough words to express my gratitude for your help. You are a special person for helping us non-techies.

    I am posting the RK log below, it did say I have an infection.
    Do I delete the RK quarantine file?

    ESET came back with no infections as well.

    RK log:
    RogueKiller V8.0.0 [08/26/2012] by Tigzy
    mail: tigzyRKgmailcom
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Mama Bear [Admin rights]
    Mode : Shortcuts HJfix — Date : 08/27/2012 08:06:18

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 0 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 9 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 86 / Fail 0
    My documents: Success 117 / Fail 117
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 138 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume1 — 0x3 –> Restored
    [D:] \Device\CdRom0 — 0x5 –> Skipped

    ¤¤¤ Infection : ¤¤¤

    Finished : <>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

72. Dude!!! Thanx alot!! You managed to save my computer while I am in the bush!!!
    Well done and thanx again!!!

73. Lets try another thing…Can you please disable McAfee (Firewall and Antivirius) and see if you’ve got back your internet connection….

74. I briefly had an internet connection but lost it before I could download and run Rogue Killer and ESET.

    Should I ‘re copy and run Combo fix again?

75. Ok Jessica, we are making a good progress …. Can you please run a scan with RogueKiller and then run the Complete Internet Repair utility as seen in my previous reply….
    Good luck!

76. Thank you for the reassurance and patience. The scan ran and generated a log but still cant’t access the internet. I also noticed a red “shield” with a pop-up saying my computer is at risk b/c McAfee is off. It was not from McAfee (I didn’t click on it) Below is the combo fix log report It is lage:

    ComboFix 12-08-25.04 – Mama Bear 08/26/2012 10:09:33.1.2 – x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1579 [GMT -4:00]
    Running from: c:\documents and settings\Mama Bear\Desktop\Combo-Fix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    ——–><----

77. Hello Jessica,
    Can you please let the scan run , you shouldn’t lose any files… The scan will go up to Stage 50 and then it will generate a log…..

78. Hi. I downloaded combo fix to a thumb drive, copied it to the infected computer and double clicked after closing all virus protection. I received an error message about needing updating for windows restore before the program would continue. Iclicked ok to connet to the internet for update. another message saying no connection. I hit “x” since it said it wouldn’t work but then it started running looking for malware and I am concerned that nor restore point has been set and I will loose everything. I had only partially been able to back-up files. waiting for money to buy a new back-up drive.

    I captured the message with a screen shot but I don’t know how to upload it. is all lost?

    Current message 2 sreens, On blue background screen “completed stage 2” and gray error message says “failed to download required files. Aborting….Shall continue scanning for malware” I have NOT clicked ok yet.

79. No,it’s not normal the Combofix scan should not take more than 10 to 20 minutes….
    Can you please run a scan with RogueKiller and post the log here….

80. Unless you are having other problems, it is time to do the final steps.

    1. Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
    2. In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK
    3. Follow the prompts on the screen
    4. A message should appear confirming that ComboFix was uninstall

    Delete the following folders: (If they exist)
    C:\ComboFix
    C:\Qoobox

    You should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard
    Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions.

81. And I used Hitman Pro as well (Safe Mode too). :)

82. Hi again, Thanks so much for the prompt reply. After leaving a comment here, I looked through the comments here and decided to try ComboFix, Rogue Killer and Complete Internet Repair Utility (in this order) in Safe Mode with Networking. I then restarted normally (without Safe Mode) and my computer seems to be working fine. Should I still repeat the actions in your comment above? Please let me know if you would like the logs as well. Thanks heaps and much appreciated.

83. hi…after ComboFix rebooted my computer, a ComboFix window popped up saying “Please wait.” and it has been like that for at least an hour now…is this normal? thanks.

84. Just wanted to say a big THANKYOU for your instructions – removed the virus, no problem!

85. Hello Noelle,
    Can you please use this license key ( AA39754E-715219CE ) to register this fake antivirus (so that you’ll get back your Internet connection) and then run a scan with Combofix,RogueKiller and ESET online scanner and post the logs here :

    STEP 1 : Run a scan with Combofix

    Download ComboFix from one of the following locations:

    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      ———————————————————–
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
        ———————————————————–
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

      ———————————————————–

     

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    ---

    STEP 2: Run a scan with RogueKiller

    1. Please download the latest official version of RogueKiller.
       RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
    3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

    ---

    STEP 3: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Next,please run HitmanPro and Malwarebytes as seen on the guide.
    Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

86. Hi, Thanks for this guide. I did Step 1 to 5. However, when the computer restarted normally, it was still the same as before. It wouldn’t let me use the Internet and there were still the Live Security Platinum Virus doing its scans etc. :( What should I do? Thanks heaps.

87. Thanks a lot, the tut it’s so easy!
    thanks for all.

88. Hello Jessica,
    Can you please run a scan with Combofix,RogueKiller and ESET online scanner and post the logs here :

    STEP 1 : Run a scan with Combofix

    Download ComboFix from one of the following locations:

    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      ———————————————————–
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
        ———————————————————–
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

      ———————————————————–

     

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    ---

    STEP 2: Run a scan with RogueKiller

    1. Please download the latest official version of RogueKiller.
       RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
    3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

    ---

    STEP 3: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Next,please run the below utility:
    Download and run the Complete Internet Repair utility.
    1.Download Complete Internet Repair utilityto your desktop
    2.Unzip all the files to their own folder on the desktop
    3.Within the folder double click CIntRep
    4.Select the following items,then press the GO button.

    • Reset Interent Protocol (TCP/IP)
    • Repair Winsock (Reset Catalog)
    • Renew Internet Connection
    • Flush DNS Resolver Cache
    • Reset Windows Firewall Configuration
    • Reset the default hosts fie

    Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

89. Hello Alfredo,
    Yes,you can delete or uninstall all the tools that we’ve used!
    Stay safe!

90. Can I delete the “rkill’ folder and txts, as well as the “RK_Quarantine” folder and “RKreport” txts after I finish the entire process? Thanks a lot, your guide was super helpful.

91. Thank you! We were able to fix my son’s computer with this guide. Now my computer is infected with something because I suddenly can’t access the internet. I went to your regular malware removal guide but can’t get past the step where I turn off the proxy server. Even after a reboot (to safe mode) I still can’t access the internet. Please help!

92. Thanks for the great tutorial. Work fantastic! Keep up the good work.

93. THANK YOU!

94. Thank you!!!!

95. Thank you so much for your advice. The problem seems to have been solved for now and my machine is working normally.

96. awesome!you are awesome!this is awesome!
    THANK YOU!

97. Amazing! Really usefull. Thank you.

98. I followed your instructions and it worked for me! Thank you so much!!! <3

    PS. Live Security Platinum popped up on my computer shortly afer I downloaded Skype.

99. Don’t worry about that just go ahead with the scan…. If you need to reboot then please run again RKILL……
    NEXT,please follow this steps and post the logs here :

    STEP 1 : Run a scan with Combofix

    Download ComboFix from one of the following locations:

    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      ———————————————————–
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
        ———————————————————–
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

      ———————————————————–

     

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    ---

    STEP 2: Run a scan with RogueKiller

    1. Please download the latest official version of RogueKiller.
       RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
    3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

    ---

    STEP 3: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Next,please run HitmanPro and Malwarebytes as seen on the guide.
    Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

100. Hello Alex,
     Can you please run a scan with Combofix,RogueKiller and ESET online scanner and post the logs here :

     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with RogueKiller

     1. Please download the latest official version of RogueKiller.
        RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
     2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
     3. After the scan has completed, press the Delete button to remove any malicious registry keys.
     4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

     ---

     STEP 3: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Next,please run HitmanPro and Malwarebytes as seen on the guide.
     Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

101. My free trial license for Hitman Pro has expired

     I have completed all other steps

     Can I use any other software?

102. Awsome, problem fixed. ty

103. Dear Stelian,
     I have this virus and am very new to all this, so please forgive my ignorance. I followed your instructions until STEP 5, no.3 i.e. to download and install Malwarebytes Anti-Malware (MBAM). However, I mistakenly altered the default settings for installation by selecting the “Create a Quick Launch icon” option and this led to installation. Once I reached the “Finish” window, there were 3 options which were selected (I cannot remember exactly what was the 3rd one). I tried to uninstall MBAM and download it again but it did not take me further without having to reboot my laptop for the uninstallation and the re-installation to take effect. As you advised, I did NOT reboot. When I clicked the MBAM icon saved in my folders, a window popped up stating “Run-time error ‘339’: Component ‘vbalsgrid6.ocx’ or one of its dependencies not correctly registered: a file is missing or invalid”
     Can you please advise me on how I can get out of this mess? Thanks, MUKit

104. Hello Suman,
     Can you please run a scan with Combofix,RogueKiller and ESET online scanner and post the logs here :

     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with RogueKiller

     1. Please download the latest official version of RogueKiller.
        RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
     2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
     3. After the scan has completed, press the Delete button to remove any malicious registry keys.
     4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

     ---

     STEP 3: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Next,please run HitmanPro and Malwarebytes as seen on the guide.
     Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

105. Hi I actually had this live security platinum virus and I somehow got rid of this by some sort of malware. But I still feel like Live security platinum virus is still around. My HP laptop has HP icon with live security symbol on it. Does tht mean the virus has gone off or still on my laptop. Because my wirelss connection drops out often and there is something else between my internet connection and the internet. Please help me with this problem.

106. Worked perfectly, thanks!

107. Thank you thank you thank you!!! It works

108. Thank you Stelian!!

109. Thanks for the help :)

     Worked like a charm, the guide was really easy and well written

110. Hello Angel,
     Yes,even after you’ve enter the activation code ,you will still need to remove this infection!….

111. If I enter the code registration code would I still be able to delete it once I do all the steps?

112. Thankyou so much for your how to on this little bug. I got this virus just after accepting a conformation of adobe flash update. I disregarded any concerns because three of my other office computers all had an update for adobe.

     Again many thanks for your effort in providing a very easy walk through :)

113. You had a lot of malicious files on your computer……Please take better care of it from now on….
     Ok,now lets uninstall Combofix:

     1. Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
     2. In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK
     3. Follow the prompts on the screen
     4. A message should appear confirming that ComboFix was uninstall

     Delete the following folders: (If they exist)
     C:\ComboFix
     C:\Qoobox

     You should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard
     Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions.

114. It finally worked!!! Thanks so much. Here’s the two different logs I saved:
     ComboFix 12-08-14.05 – Sandi 08/15/2012 12:19:28.1.2 – x64
     Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2325 [GMT -4:00]
     Running from: c:\users\Sandi\Desktop\ComboFix.exe
     SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     .
     .
     ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

115. Sandi,can you please run a scan with Combofix and ESET online scanner and post the logs here, so that I can get a log of your computer… :

     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Next,please run HitmanPro and Malwarebytes as seen on the guide.
     Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

116. While in Normal Mode, can you connect to the Internet?
     Also what type of internet connection do you have?

117. Hello Aasheesh Chhiber,
     Can you please run a scan with Combofix and ESET online scanner and post the logs here :

     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Next,please run HitmanPro and Malwarebytes as seen on the guide.
     Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

118. Still not working!!!! Please make my computer happy!!!

119. It seems like that everything is working perfectly,
     Thank you!

120. Hello Magnus,
     You computer is safe,Qoobox is just the quarantine folder of Combofix…… so you can delete it.
     Please uninstall Combofix:

     1. Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
     2. In the Run box, type in ComboFix /Uninstall (Notice the space between the “x” and “/”) then click OK
     3. Follow the prompts on the screen
     4. A message should appear confirming that ComboFix was uninstall

     Delete the following folders: (If they exist)
     C:\ComboFix
     C:\Qoobox

     Next,you can uninstall all the files that we’ve used in the Malware Removal Process… Stay safe!

121. Hi – I tried all 12 files of Malware Chameleon and while a MS-DOS command window opened in each, it indicated that a protective driver was missing and it needed a reboot to install that. Once a reboot occured (I tried both safe and normal modes), 2 error messages popped up related to a path not being found after which nothing happened. Can you please help?

122. Hi Stelian. You helped me get rid of the Live Security Platinum Virus about 2 and a half weeks ago. As I was looking through my files on my computer, I found a folder in Local Disc (C:) called ‘Qoobox’, which has in it a ComboFix quarantine log and a Quarantine folder that has .vir files. Can I delete them? Isn’t that the virus files?
     Also, can I delete Malwarebytes from my computer? Can I remove HitmanPro, iExplorer, registryfix, ESET, and Kaspersky setup?

123. Hello Matt,
     Can you please follow the below steps:
     strong>STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     STEP 2: Run a scan with RogueKiller

     1. Please download the latest official version of RogueKiller.
        [b]RogueKiller Download Link[/b] (This link will automatically download RogueKiller on your computer)
     2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
        
     3. After the scan has completed, press the Delete button to remove any malicious registry keys.
        
     4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
        

     ---

     STEP 3 Please perform a scan with HitmanPro as seen on the guide.
     If you are having problems starting this program please use the ForceBreach mode as described in the guide.

     ---

     STEP 4: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Waiting for your reply to tell me how everything is running!
     Good luck…

124. Hello Pranav,
     I’m happy that you manage to remove this infection…AND you DON’T need to send me any money… Just stay safe and have an awesome life… :D

125. Great!
     Now, please follow the below steps:
     Step 1: Run a scan with RogueKiller

     1. Please download the latest official version of RogueKiller.
        [b]RogueKiller Download Link[/b] (This link will automatically download RogueKiller on your computer)
     2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
        
     3. After the scan has completed, press the Delete button to remove any malicious registry keys.
        
     4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
        

     The report has been created on the desktop.In your next reply please post:

     [b]All RKreport.txt [/b] text files located on your desktop.

     ---

     2.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Waiting for your reply to tell me how everything is working…

126. I’ve come across a problem at step 4. I use the Rkill, which you say I shouldn’t reboot once it’s done, but the program will restart my computer without any choice. Is there a way to stop this?

127. Thank you very much!
     You saved my computer.
     Should I still run Hitman Pro? I couldn’t since I was disconnected from the internet.
     Thank you again!

128. Wow. You are a life saver. I can’t believe I was able to follow someone instructions and actually perform all the steps without complications (as what usually happens because either it is a step by step video on youtube or elsewhere which goes too quickly and you constantly have to pause, or they miss a step in written instructions and things don’t work out). I should send you some money because I would have had to taken my laptop somewhere to get it fixed.

129. Thank you so much! Your steps worked perfectly!

130. Hi Stelian,
     I have tried the RKill but it didn’t work so I proceeded to ran the combofix and it seems successfully deleted “something” (I am not sure) so I paste the combofix log as follows:
     c:\programdata\Windows
     c:\programdata\Windows\ccdxmmde.dat
     c:\programdata\Windows\drss.dat
     c:\programdata\Windows\xessmsxe.dat
     c:\users\dinah yunitawati\AppData\Roaming\Ceufo
     c:\users\dinah yunitawati\AppData\Roaming\Ceufo\uroc.gaw
     c:\users\dinah yunitawati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
     c:\users\dinah yunitawati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
     c:\users\dinah yunitawati\AppData\Roaming\mscre.dll
     c:\users\dinah yunitawati\Desktop\Live Security Platinum.lnk
     c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@
     c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U0000001.@
     c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000000.@
     c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\800000cb.@
     F:\install.exe
     .
     Infected copy of c:\windows\system32\services.exe was found and disinfected
     Restored copy from – c:\32788r22fwjfw\HarddiskVolumeShadowCopy3_!Windows!System32!services.exe

     However, when I tried to run the Malwarebytes, I didn’t get any Internet connections and I tried Complete Internet Repair utility and still I can’t connect to the internet. any other ways to fix my laptop? Appreciated much.Thanks.

     PS: a bit background info for you, hope it’s helping you to analyze my problem :P : My OS is Win 7 Premium, Laptop Dell Inspiron 13R; I can’t enter BIOS and Safe Mode by pressing F8, the latter only worked through msconfig when I don’t connect to the internet.

131. You pretty much saved the day.

132. Hello Sarah,
     Can you please run a scan with Combofix and ESET online scanner and post the logs here :

     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

133. Hello Shelly,
     Can you please run a scan with Combofix and ESET online scanner and post the logs here :

     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

134. Hello,
     Lets try to see if we can fix this :
     Get a USB stick and copy on it Combofix, then transfer it to the infected computer and perform the following steps:
     Please read and follow all the steps very carefully.

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     Please add the log that Combofix will produce in your next reply.

     STEP 2 : Download and run the Complete Internet Repair utility.
     1.Download Complete Internet Repair utilityto your desktop
     2.Unzip all the files to their own folder on the desktop
     3.Within the folder double click CIntRep
     4.Select the following items,then press the GO button.

     • Reset Interent Protocol (TCP/IP)
     • Repair Winsock (Reset Catalog)
     • Renew Internet Connection
     • Flush DNS Resolver Cache
     • Reset Windows Firewall Configuration
     • Reset the default hosts fie

     Let me know if this fixed the problem…

135. Hello,
     Thank you so much for the instructions!
     I have one minor problem though.
     After Step 5 (Running Malwarebytes Anti-Malware) and restarting my lap top I can’t access internet. This is strange, since my network setting say that I am connected. McAffee says that I don’t have any problems also.
     Could you please help?
     Thanks.

136. Hi Stelian,
     Thanks for the great tutorial. I’m bookmarking this site in case something like this happens in the future. I was able to get through all the steps and get rid of the malware. But, when I opened back up in Regular mode and downloaded Hitman Pro I see that at some point (probably when we had another virus) my husband has already used a 30 day trial of Hitman Pro. So, while it did let me do a scan (and found several Trojan, Virus, etc. files that no other program has found) I cannot remove them since I can’t activate a free trial (and don’t really want to spend $20 on it since I’m not currently working. Is there another program I can run that may have better luck finding these files (Malwarebytes isn’t finding them, neither is AVG or Avira Anti-Vir). Thanks in advance for your help!
     Shelly

137. I found this, as it appeared to be the exact problem I was having. Hitman Pro was successful, however, I am once again trying to run RKill, in normal mode, exactly as it is stated above, and I keep getting the same “critical error automatically restarting in 1 minute please save work” message. What else can I do??

138. Thanks Bro… :)

139. Please run a Combofix scan and post the log here!…
     Good luck!

140. Hi again,

     Many thanx… everything went well and my security is back on.
     You are the modern day Tim Berners-Lee of computer repair :)
     I extend my sincerest thanks and gratitude.

     Regards,
     Steve

141. I have the same problem. I only got connection with docp, when i put in the ip adress manually, the computer dont got connection.

142. Hello John,
     Please read and follow all the steps very carefully.

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     Next, please post the log back here and let me know how things are running.

143. All right, I have everything working again. I had to restart my computer and Combo Fix decided to work that time. I had to be patient and give it some time to work. Whatever infected me really slowed things down. Combo Fix patched up services.exe which was great. MalwareBytes found some things, and HitmanPro found a lot of trackers and stuff embedded into Firefox. My internet was taking forever to load websites and I suppose that was the cure. ESET also found a few items. All of this headache from Live Security Platinum.
     I browse and open tabs constantly and sometimes don’t take the time to read every pop-up because usually it’s the same stuff like Adobe updates or Java updates or other junk I don’t want to deal with at the moment. I think Live Security Platinum disguised itself as an Adobe update because I had a bad feeling about accidentally clicking on that one.

     Anyway, thanks for your sevice to me and everyone else on here! It seems to be impossible to dig up info on services.exe that was written in the last year or so.

144. I followed your guide exactly how it was written, even your further replies to other people’s posts. I can run Eset and hitman pro when I am in safemode, when I am in normal mode it says I am not connected to the internet. However, I can access the internet via IE but not Mozilla. I set the proxy settings exactly how you said to do them. In safe mode Mozilla runs perfectly fine, the issue is when I get into normal mode when things start to mess up.

     Thank you for this guide, any and all further help would be appreciated.

145. Can you please run Malwarebytes Chameleon and then do the Combofix scan….You have the instructions in my previous post.

146. I downloaded ComboFix onto the desktop, renaming it Combo-Fix. When I run it, it extracts a lot of files and then closes. I get no further prompts or anything. I’m just back at the desktop like nothing happened. There is no new program in my start menu or anything. What should I do?

147. Hello,
     Please read and follow all the steps very carefully.

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     2.Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     3.Please perform a scan with HitmanPro as seen on the guide.

     ---

     4.Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Waiting for your reply to tell me how everything is running!
     Good luck…

148. Hi Stelian. I tried following the instructions but I can’t get past the rkill.exe stage. When rkill.exe runs, I get a dialogue box saying the computer has to restart. I have no choice in this matter and the computer restarts in a minute or so. There is clearly a problem with services.exe because it gets terminated in the rkill log, and AVG keeps telling me it’s a trojan about every hour. AVG does not give the choice to remove it. Only to ignore it.

     So how do I fix services.exe, and how do I run rkill.exe without it automatically rebooting the computer?

149. Hello Kobus,
     If you can’t back-up your files than you can just go on with the instructions…You should be ok…
     You can follow this steps:
     Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     2.Please perform a scan with HitmanPro as seen on the guide.

     ---

     3.Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Waiting for your reply to tell me how everything is running!
     Good luck…

150. Hi
     I am reading this on another PC as I cant manage anything from mine.
     I will print this and try at my infected PC.
     I am not able to back-up or copy any of my data or photos in normal mode or safe mode.
     Can I start the process before backing-up or is this risky?
     Kind regards
     Kobus

151. Hi Stelian,

     Thanks very much for creating an excellent tutorial that allowed me to successfully remove the Live Security Platinum malware/virus off my laptop.
     With great appreciation
     Hal

152. All the tools that I recommend are safe to use… Just ignore that warning and download and run those files. :)

153. Hi Stelian, thank you again for taking the time to offer me advice on how to sort out my security issues… However when I tried to run rogue killer and the windows repair all in one my sysyem is advicing that I dont install ” rogue killer and window aio repair is not commonly downloaded and could harm your computer “… What do you advise I do?
     Thanks again,
     Steve

154. Thank you very much. ขอบคุณครับ

155. Hello Sandi,
     Can you try this steps:
     1. Click the Start buton
     2. Type “cmd” in the Search Box and then press Enter
     3. Right-click “cmd.exe” and select “Run as administrator”
     4. Click “Continue” on the “User Account Control” Window
     5. In the command prompt type the following command
     sc create BITS binpath= “c:\windows\system32\svchost.exe -k netsvcs” start= delayed-auto
     6.Restart your computer and check if the problem is solved.

156. Hello Peter,
     Lets try to see if we can fix this.Can you please run a scan with Combofix.
     Please read and follow all the steps very carefully.

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     STEP 2 : Download and run the Complete Internet Repair utility.
     1.Download Complete Internet Repair utilityto your desktop
     2.Unzip all the files to their own folder on the desktop
     3.Within the folder double click CIntRep
     4.Select the following items,then press the GO button.

     • Reset Interent Protocol (TCP/IP)
     • Repair Winsock (Reset Catalog)
     • Renew Internet Connection
     • Flush DNS Resolver Cache
     • Reset Windows Firewall Configuration
     • Reset the default hosts fie

     Let me know if this fixed the problem…

157. Hello,
     Can you please run a scan with Combofix and ESET online scanner and post the logs here :

     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Waiting for your reply to tell me if your machine is ok ..

158. Hello Steve,
     Lets try to fix this.
     First run a scan with RogueKiller:

     1. Please download the latest official version of RogueKiller.
        ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
     2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
        
     3. After the scan has completed, press the Delete button to remove any malicious registry keys.
        
     4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
        

     ---

     Next, download Windows Repair All In One and install this utility.
     Go to the Startup Repairs tab and click the Start button (bottom right)
     Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.

     1. Click Unselect All
     2. Put a checkmark in the following items:
        • Repair Hosts File
        • Remove Temp Files
        • Repair Windows Firewall
        • Remove Policies Set By Infections
        • Set Window Services To Default Startup

        Note: Leave everything else unchecked

     3. Put a checkmark in Restart System When Finished
     4. Now click the Start button (bottom right)

     Let me know everything goes…:D

159. Thank you very much. You’ve saved my computer and my life :-)

160. Hi Stelian,

     Firstly, thanks for this great advice on the removal of this nasty.
     Since using the removal advice though, I can’t seem to turn on my Security in the Security Center… Any ideas would be well appreciated.

     Cheers again

161. Hey, the removal process went perfectly however, now my computer has really slowed down and I cant figure out how to remove the rkill from my system. I’ve already tried the steps suggested to another comment about the speed of their machine but, those haven’t helped from what I can tell. Any more advice is greatly appreciated!

162. i tried to work in normal mode to go through the chameleon steps but in normal mode i cant use the internet, so i tried to do it in safe mode.. once i tried using the chameleon link a box popped up with files. one had a yellow question mark and the other had the black DOS next to it. i clicked on that one and it said i would have to execute files in order for it to install properly. I clicked execute and it left me with one file, the mbam chameleon. now i dont know what to do..

163. Hello,
     Hello TJ,
     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     Please post the log in your reply and details on how your computer is running.

164. Hello Allison,
     Lets work in NORMAL MODE to see if we can get around this :
     Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     2.Please perform a scan with HitmanPro as seen on the guide.

     ---

     3.Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

165. After I run RKill and after it completes my computer automatically shuts down. Is there a way to stop this? My computer tells me it’s going to shut down in 1 minute and there isn’t a cancel button.. Can you help me with this?

166. Hello Stelian, I have been trying to overcome this nasty virus for 3 days now and i’ve been able to get it to stop running in normal mode thanks to your advice. But now when I enter normal mode my computer is very slow (also when starting up) and I can maybe use the internet for maybe 5 minutes before it randomly stops responding along with the desktop, making normal mode unusable. I have used almost every scanner available and have been able to remove some of the viruses. I then ran full scans afterwards and have not been able to detect anymore viruses, but i’m not sure what to do next as I cannot use normal mode since my whole desktop will stop responding. I need you’re advice!

167. Got rid of it !!!

168. Hello John,
     Lets work in NORMAL MODE to see if we can get around this :
     Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     2.Please perform a scan with HitmanPro as seen on the guide.

     ---

     3.Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

169. Hi,i can’t start my computer in Safe Mode with Networking or only Safe Mode.Perheps it’s stoped by the virus.Thank U very much!

170. Hello,
     Yes, you can uninstall HitmanPro is that’s what you want!:)

171. Thank you very much, Stelian. This info helped me incredibly. Is it OK if I uninstall Hitman Pro and so on now that my laptop’s clean already?
     I’ve also updated Adobe a few hours before this malware stroke, BTW.
     Thanks again:)

172. I did this, tried both methods offered but neither worked. I don’t have the “Background intelligent transfer service” that it says to click on. What now? Thanks

173. Hello Debra,
     Can you please try to start MS Outlook from it’s folder…..

174. Hi – thanks for your free guide to remove this virus. Seems to have worked on my laptop however now that I’ve rebooted I can’t get MS Outlook to launch. I click on the shortcut and nothing happens? if you have any advice, I’d be grateful. thanks

175. i ahve very little computer knowledge and i followed these instructions and removed this virus. i had an adobe flash player update and clicked it and believe that is where i got this virus.
     you should have a donation link for people to send you money if they want. i’d send some to you.
     thanks, gary

176. Muchas gracias Stelian. Just removed this virus from my computer thanks to your guide. It’s so very kind and generous of you to help us all gratis.

177. Man, this is why internet is absolutely amazing! Precious FREE information for real troubles!

     Thanks so much for your assistance. Managed to get rid of Live Premium virus with the first part of your help

178. Please run this two scans :
     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Waiting for your reply to tell me if your machine is ok ..

179. Hello John,
     No, you can remove all the tools that we’ve used! :)
     Stay safe!

180. The original post worked well and purged all malware off my system. Thanks for the instructions – they saved my computer and academic career.

181. Dude! You are a legend!!!!!!!

     Just restored my faith in human kind, so stoked people like you exist and want to help people for nothing in return… good on you and keep up the good work, I now have no more viruses thanks to you.

     Cheers Wes

182. If I remove the programs you said to download after I am finished, will it cause any problems?

183. not sure if you got my last message because i cant see it, i havent been able to remove it completely from my computer, plz help

184. just a while ago my pc got infected by Live Security Platinum and everything in my pc frozed and admittedly i have no idea what to do but luckily and glad i found this site and just followed the direction carefully and it does help me back on track using my pc as if theres nothing happened. im so glad that helps comes in a site like this and all i can say is THANK YOU!

185. Helo,
     1.Run a scan with RogueKiller

     1. Please download the latest official version of RogueKiller.
        ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
     2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
        
     3. After the scan has completed, press the Delete button to remove any malicious registry keys.
        
     4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
        

     ---

     2.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Let me know how is your computer running!

186. Hello alissa,
     Lets work in NORMAL MODE to see if we can get around this :
     Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     2.Please perform a scan with HitmanPro as seen on the guide.

     ---

     3.Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

187. Hello,
     Please download and scan with Malwarebytes and HItmanPro, just to make sure everything is ok!:)

188. This tutorial works on my laptop. But, why are my laptop runs slower than before infected? Could you please give some advice? Thanks for your hard work on this tutorial.

189. Not trying to be a smart ass, but I put the registration for security platinum and did a system restore from 2 days before the problem happened, all gone, never existed…Any collateral effects doing this?

190. and when i do the rkill it says nothing detected and then reboots my cpu after 1 minute

191. i cannot get the rkill icon to appear on my desktop….

192. Thenk you sooooooo mutch!!!!

193. Hello John,
     Here is the direct download link : http://malwaretips.com/attachment.php?aid=1000
     Alternatively ,you can create your own registrfix…Here is how:

     A.Copy all the text in bold below and paste to Notepad/Text Document

     Windows Registry Editor Version 5.00

     [-HKEY_CLASSES_ROOT\.exe\shell]

     [-HKEY_CLASSES_ROOT\.exe\DefaultIcon]

     [HKEY_CLASSES_ROOT\.exe]
     @=”exefile”

     [HKEY_CLASSES_ROOT\exefile]
     “Content Type”=-

     [HKEY_CLASSES_ROOT\exefile\shell\open\command]
     @=”\”%1\” %*”
     “IsolatedCommand”=-

     [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
     “IsolatedCommand”=-

     [HKEY_CLASSES_ROOT\.bat]
     @=”batfile”

     [HKEY_CLASSES_ROOT\batfile\shell\open\command]
     @=”\”%1\” %*”

     [-HKEY_CURRENT_USER\SOFTWARE\Classes\.exe]

     [-HKEY_CURRENT_USER\Software\Classes\exefile]

     [-HKEY_CLASSES_ROOT\secfile]

     [-HKEY_CURRENT_USER\Software\Classes\secfile]

     [-HKEY_CLASSES_ROOT\pezfile]

     [-HKEY_CURRENT_USER\Software\Classes\pezfile]

     [-HKEY_CLASSES_ROOT\sezfile]

     [-HKEY_CURRENT_USER\Software\Classes\sezfile]

     [-HKEY_CLASSES_ROOT\ah]

     [-HKEY_CURRENT_USER\Software\Classes\ah]

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
     @=”firefox.exe”

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
     @=”firefox.exe”

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
     @=”iexplore.exe”

     B.THIS IS VERY IMPORTANT! Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)

     C. Double-click on fix.reg file to run it. Click “Yes” for Registry Editor prompt window. Then click OK.

194. Im on step 3 asabove but i cant find the REGISTRYFIX.REG DOWNLOAD LINK…please help

195. Hello Roger,
     Yes,if you have an older version of Java or Adobe is very possible to be infected by an exploit or drive-by.
     You can watch these videos to better understand this process :
     http://www.youtube.com/watch?v=_cBed6-ufIQ&feature=plcp
     http://www.youtube.com/watch?v=K3TeUzPkO-o&feature=plcp

196. thanks a lot, it worked!
     on a side note im pretty sure i got the virus throgh a link that a random person sent me on youtube. this may seem like a stupid question (maybe it is!) but is it possable to get a virus just while looking at a website like without downloading anything?

197. Thanks so much, my computer works again.

198. Hello,
     Can you please try to run a Combofix scan?
     Please read and follow all the steps very carefully.

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     Next,please re-run the Complete Internet Repair utility as seen on my previous post.
     Waiting for your reply to tell me if your machine is now ok.

199. The combination of Malware Bytes and Hitman cleared not only this virus but every other little-lurking-evil-virus-of-evilness from my friends Laptop.
     Fantastic! Thank you very very much!

200. It didn’t. It connects for a few seconds and then I get ‘server not found’ and/or ‘the connection has timed out’.

201. Oh my! my computer is normal now!
     I just followed each step and got out of the nightmare.

     Thanks a lot!

202. Thank you so much, this worked perfectly and your instructions were great!

203. Hello,
     Lets try another way around this :
     STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove the detected infections.

     STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
     1.Download any re-named version of Rkill (direct download links bellow):
     RKILL DOWNLOAD LINK #1
     RKILL DOWNLOAD LINK #2
     RKILL DOWNLOAD LINK #3
     2.Next,please perform a scan with Malwarebytes and then do a RogueKiller and Unhide.exe scan as seen on the guide

     ---

     STEP 3. Run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

     Waiting for your reply to tell me how everything is working.. :) Good luck!

204. Hello,
     Can you please run this utility:
     1.Download Complete Internet Repair utilityto your desktop
     2.Unzip all the files to their own folder on the desktop
     3.Within the folder double click CIntRep
     4.Select the following items,then press the GO button.

     • Reset Interent Protocol (TCP/IP)
     • Repair Winsock (Reset Catalog)
     • Renew Internet Connection
     • Flush DNS Resolver Cache
     • Reset Windows Firewall Configuration
     • Reset the default hosts fie

     Let me know if this fixed the problem…

205. Awesome it really worked, thanks man.

206. My computer was recently infected with this virus. I just wanted to say that I was able to remove the virus by using JUST HitmanPro, and none of the other programs like Malwarebytes. All I did was run a scan with HitmanPro while IN safe mode, and it found a suspicious file that it deleted. After that, my computer worked fine. =) Just wanted to add that I didn’t need to use any other programs to remove it.

207. 100% Satisfaction. Thank You.

208. I was recently infected with the Live Security Platinum malicious program. I managed to remove it but something is blocking my access to the Internet. I contacted my ISP and everything is working on their end. I have checked the Windows firewall, which is off, (I have Windows Vista) and my anti virus firewall and neither is blocking Firefox. I don’t use IE but I can’t access the Internet on that one either. I have checked the proxy settings on both following the instructions you provided and nothing. I’m thinking I should restart my computer in ‘Safe Mode with Networking’ and run Malware bytes. But now I’m afraid to download anything because that’s how I got infected in the first place. Through a fake update. Any help will be greatly appreciated. Thanks in advance!

209. So I get all the way to step #4 (Run RKill) and it works…the only problem is I get a window that pops up and says: Windows has encountered a critical problem and will automatically restart in one minute. Please save your work now.
     I dont have enough time to finish your process before windows reboots. It happens everytime RKill finishes running. Im using Win 7 x64
     :(

210. Thank you sooo much. You are indeed a lifesaver! :)

211. Can you please run this utility:
     1.Download Complete Internet Repair utilityto your desktop
     2.Unzip all the files to their own folder on the desktop
     3.Within the folder double click CIntRep
     4.Select the following items,then press the GO button.

     • Reset Interent Protocol (TCP/IP)
     • Repair Winsock (Reset Catalog)
     • Renew Internet Connection
     • Flush DNS Resolver Cache
     • Reset Windows Firewall Configuration
     • Reset the default hosts fie

212. Can you please try to follow the steps from this guide to fix your Windows Update problem: http://support.microsoft.com/kb/956706

213. Hello,
     While in Norman Mode , can you connect to the Internet?If yes,please follow this steps:

     STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove the detected infections.

     STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
     1.Download any re-named version of Rkill (direct download links bellow):
     RKILL DOWNLOAD LINK #1
     RKILL DOWNLOAD LINK #2
     RKILL DOWNLOAD LINK #3
     2.Next,please perform a scan with Malwarebytes and then do a RogueKiller and Unhide.exe scan as seen on the guide

     ---

     STEP 3. Run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

     Waiting for your reply to tell me how everything is working.. :) Good luck!

214. Thank you so much!!!!!!!!!1

215. Thank you! This was perfect! I appreciate it.

216. Hi, my wifes computer got infected with Live Security Platinum and I was unable to access the internet from her computer in safety mode. I ran rkill and Malware and the computer restarted. I downloaded all the required software from my computer and transfered it with a memory stick. When i start in normal mode the LSP starts again. I tried starting HitmanPro in safety breach but it tries to connect to the internet. I dont know what to do now. Im using windows XP. Please help my wife needs the computer for her work.

217. Hello,
     I advise you to remove McAfee and install another security product because McAfee is not that great..
     Quick tips;
     Free – Avast 7 Free version or COMODO Internet Security
     Paid : Norton Internet Security 2012 or Avast Internet Security 7
     Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard

     Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions:)

218. Thank you so much my computer is back to normal now xx

219. Thanks man, what a lifesaver. May you be blessed enormously with offspring and may your path be guided by the heavenly father.

220. Also, i’ve just tried fixing the dhcp service. Running vista. Went to control panel-system & maintenance-administrative tools. The went to open “services” and got this message: “the specified service does not exist as an installed service”

221. No luck. I was able to run the karversky10 disk and it removed one theat. However i still can’t access internet. Same message – “the dhcp client service is not runnibg on this computer”. This is taking me hours and i can’t even get past step 1:(

     Is a system restore a viable option?

222. Thank you very much!

223. I printed the instructions (all 57 pages) off of my daughter’s computer and found a comment from Dan W. on July 27, 2012 at 3:04 am who said that his windows update was no longer working. Mine isn’t either. I can’t access your response to him on my computer and clink on your direct link to the Windows Repair All In One. I was able to search for the RogueKiller and found what you pictured and took care of that part, but can’t find the other. Can you send me the link to the other? Other than that….I’m extremely happy I found this while searching for the removal….it worked! :) Thanks!

224. Thank you for these clear instruction and links.
     McAfee failed to warn me of the infection and also to this day cannot detect it in a scan. They are, however, willing to charge me to have their people remove it for me. -Nice.
     Best Buy wanted me to buy a $200 one-year subscription for them to remove it.

225. A million thanks my dearest! You are really a genius. How I wish more and more computer-skilled persons be like you, someone who uses his gift and skills in helping people unlike those who use their knowledge in creating problems, virus in particular. Thank you so much, you have no idea how much you’ve helped me… Your instructions are indeed concise and fantastic!!! Thanks….

226. Thanks much – great guide! Easy to follow and very effective.
     Cheers,
     Marl

227. You are truly a life-saver! Followed all the steps but couldn’t get RKill to work, but then I just looked at your reply to a comment below and voila!

     Extremely happy that I can use my PC like nothing ever happened to it. Thank you so much!!!

228. Stelian, you are a star!

229. Thank you! :)

230. omg thanks its just showed up a few min ago

231. Please start a thread in our Malware Removal Assistance forum.

232. Hello,
     The proxy box needs to be unchecked ,if it’s already unticked then just move ahead.
     Regarding the .reg file,after you have created it or download it, right click on it and select “Open with” then select “Registry Editor”

     Good luck!

233. thanks….

234. Hey, I have two questions.
     On STEP 2 it says to uncheck the option “Use proxy server…”. However on your screen it is checked and you have checked “Automatic detect settings” and u have checked “bypass proxy server…” with the address of “xxx.xxx.xx”. Do you want us to copy what is on the screen or just uncheck the “use proxy server…” box. The reason I am asking, also, is because my box for “use proxy server…” was ALREADY unchecked.

     Second Question:
     When I download registryfix.reg it asks if i want to run it or save it. When i run it it just takes me to notepad. I then did what you asked for Ashley and saved it as fix.reg on desktop as “all files” however the same thing comes up and it just takes it to Notepad. Is there something I am doing wrong?
     A reply would be much appreciated I need to get this virus out it is still intact in my office computer. THANK YOU.

235. Thanks so much, worked a treat :)

236. Thank you@@@!!!!!!!!!!!

237. Please run this two scans :
     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Waiting for your reply to tell me if your laptop is ok ..

238. Hello Gabe,
     Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     2.Please perform a scan with HitmanPro as seen on the guide.

     ---

     3.Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

239. I am a Vietnam and I want to say “thank you very much!!!!!!”

240. Agreed! Awesome of you to take the time to help the technically challenged people!

241. i can’t download rkill!! Help please!!!

242. also in normal mode the Live platinum does not alow me to run Vodaphone and hitman seems to require internet connection to do a scan.

243. Hi i am using Vodaphone internet connection for my laptop, my computer is unable to sense the device in safe mode. I downloaded all the above softwares and the Malwarebyte found 200+ files so i removed them, when i restarted my com the @#$% live platinum was still there also i was unable to run Hitman pro… please help me – Ivor val.

244. Hello ashley,
     Here is how you can create your own registryfix.reg :

     1.Create and run your registryfix.reg

     A.Copy all the text in bold below and paste to Notepad/Text Document

     Windows Registry Editor Version 5.00

     [-HKEY_CLASSES_ROOT\.exe\shell]

     [-HKEY_CLASSES_ROOT\.exe\DefaultIcon]

     [HKEY_CLASSES_ROOT\.exe]
     @=”exefile”

     [HKEY_CLASSES_ROOT\exefile]
     “Content Type”=-

     [HKEY_CLASSES_ROOT\exefile\shell\open\command]
     @=”\”%1\” %*”
     “IsolatedCommand”=-

     [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
     “IsolatedCommand”=-

     [HKEY_CLASSES_ROOT\.bat]
     @=”batfile”

     [HKEY_CLASSES_ROOT\batfile\shell\open\command]
     @=”\”%1\” %*”

     [-HKEY_CURRENT_USER\SOFTWARE\Classes\.exe]

     [-HKEY_CURRENT_USER\Software\Classes\exefile]

     [-HKEY_CLASSES_ROOT\secfile]

     [-HKEY_CURRENT_USER\Software\Classes\secfile]

     [-HKEY_CLASSES_ROOT\pezfile]

     [-HKEY_CURRENT_USER\Software\Classes\pezfile]

     [-HKEY_CLASSES_ROOT\sezfile]

     [-HKEY_CURRENT_USER\Software\Classes\sezfile]

     [-HKEY_CLASSES_ROOT\ah]

     [-HKEY_CURRENT_USER\Software\Classes\ah]

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
     @=”firefox.exe”

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
     @=”firefox.exe”

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
     @=”iexplore.exe”

     B.THIS IS VERY IMPORTANT! Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)

     C. Double-click on fix.reg file to run it. Click “Yes” for Registry Editor prompt window. Then click OK.

     NEXT,follow the guide to remove the malicious file from your computer.
     Good luck!

245. I’m having the same issue… but I also can’t download registryfix…. Argh, what do I do? Help! :(

246. Hi I am from a small cauntry named Israel, I have ziro knolage in computers. I wanted to say thank u so much for writing this gide so easy to use!!! Thank u thank u thank you!

247. Thanks so much for this guide! You are s lifesaver!

248. Hello waly,
     Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     2.Please perform a scan with HitmanPro as seen on the guide.

     ---

     3.Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

249. I cannot run rkill in step 4. I tried everyway. renamed it to anything else. Downloaded it on this computer and transferred it to the infected computer through usb, but didn’t work.

     Downloaded the other renamed versions as suggested here but still didn’t work

     What am I supposed to do

250. Thank you for using your superpowers for good and not evil! So grateful to you.

251. Thank you so much for this guide. Helped a lot of people. :)

252. Thank you so much for this easy to follow and effective guide. I was panicking when the attack began and managed to clear everything with little fuss. Saved me !

253. Yes, I ran combo fix, allowed it to scan and restart and then I also used the ESET right after that. When I was finished with the two steps you gave me, ESET rebooted my computer and when it loaded into Windows Hitman Pro was still displaying that same message.

254. Really appreciate your help! All clean now.

255. Did you run Combofix as I’ve ask you to do??

256. i love you

257. THANK YOU!!! THANK YOU!!! My mother who is 73yr old, called to me know her comp was infected for a few days. So glad I found your link using my laptop and although it took two hours her comp is finally clean! I also have McAfee and wondered how she got this virus, then I noticed she was using the free wi-fi my complex offers. Hmmm… Again…

     THANK YOU!!!!!!

258. Thanks for the great help!
     By the way the registrycleaner.reg doesnt really work anymore i used glary soft registry repair(also free) and it worked fine!

259. Thank you so much for this guide! It was very helpful and much appreciated.
     Thank you again,
     Melissa

260. Okay! All that seems to have helped, and my antivirus software Vipre isn’t picking anything up, however Hitman Pro keeps coming up with this:
     http://tinypic.com/r/9rr50n/6
     Is there any concern? Hitman doesn’t seem to be able to remove the Ini virus.

261. Thanks so much for this! Worked like a charm!

262. Everything went perfect. THANK YOU VERY MUCH

263. Thanks for this great guide.

     It helped me to fix the computer of my girlfriend.

     greetz
     Joerg

264. TOPS, MAN! TQVM:)

265. Thank you. Excelent guide, worked perfectly

266. Thanks for your advance sir.

     I’m 18 years old korean. but I request sth to you.

     Many korean need GREAT advise… like this your text.

     but, sth korean can’t English very well… [like me. ;-(…)

     I want to translate your text and teaching poors.

     If you accept my request, plz answer my e-mail

     Thanks for your reading.

     The e-mail adress ; wjdtjsrl1@naver.com

267. Thanks a million! ComboFix worked; I believe it deleted the Live Security Platinum virus, and the ESET Online Scanner didn’t find any problems.
     I just want to know, should I turn my firewalls back on? Also, should I do any more scans? I believe ComboFix deleted the Live Security Platinum virus, but should I scan for anything else? If yes, what should I do? Please advise. Should I follow any steps of your guide? And what about Malwarebytes Anti-Malware? Should I still have that on my computer or can I delete it? It didn’t work like it was supposed to, which is why I needed your other fix, but it did stop some malware attacks when I went online to follow some of your instructions (the first time around, before I asked you directly what to do), although I think that was the Live Security Platinum working, so now that it’s gone, can I delete Malwarebytes? Should I scan with it? Also, can I delete iExplorer, HitmanPro, esetsmartinstaller, Malwarebytes Anti-Malware, registryfix, and Combo-Fix?
     And another thing. Before I asked you directly what to do, I was trying things that you mentioned to other people. I downloaded Kaspersky, but should I do anything with it? I don’t want to do things that are unnecessary, so can I just delete it?
     Your advice is gold, and the user friendly, easy to follow instructions are awesome! I am a little knowledgeable in computers, but even so, the exacting, clear, instructions that you give are really, really helpful. It makes the whole process that much harder when the solution to one’s problem is in a hard to follow guide. You know there’s an answer, but you just can’t decipher how to fix the problem, even though the solution is staring you in the face. The struggle becomes even more frustrating! Your guides and instructions are a breath of fresh air. It’s nice to know someone cares and is willing to give of his time to help people. And all for free!!!
     THANK YOU Stelion!!!!!

268. Please follow the instructions from this post and scan your computer with a bootable disk – http://malwaretips.com/blogs/how-to-use-kaspersky-rescue-disk/
     Waiting for your reply to tell me how everything works out.

269. Ok, I think I may be in serious trouble:
     – disabled firewall etc and still couldn’t access internet (same dhcp problem)
     – downloaded combofix to another pc then tried copying to infected pc with memory stick but pc not recognising the stick (tried a couple)
     – also noted some othe funny stuff like a message in bottom task bar (near clock) that says “the audio service is not running”

     I have no idea what to try next :(

270. thank you stelian!your guide was very helpful!

271. Thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

272. Can you please update Malwarebytes and run a scan while in Normal mode?
     Next,please run a new scan with HitmanPro
     Last but no least:
     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Waiting for your reply to tell me if your laptop is ok ..

273. Hi
     I did everything you said, step by step. It said that 13 viruses were found and deleted. It restarted my laptop in normal mode again and the virus was still there =( I tried again in safe mode. Did another full scan. 4 more viruses were found and removed and when I went back to normal mode. The nasty virus is still there!! Please help! I competed all the steps and can’t seem to get rid of it

     Thanks in advance

274. Hello,
     Please,run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

275. I was following your instructions to remove the Live Security Platinum from my notebook & when I got to part where I needed to restart in ‘safe mode’ by pressing f8 at the sound of the beep, I didn’t hear it & when I did press f8, windows seemed to start up in a ‘safe mode’ automatically and a screen popped up saying it was windows startup repair. i started the system restore it suggested, then panicked thinking it was a virus. I googled it and I’m not sure if it really is part of windows, or is a virus because several sites say it is a legitimate part of windows recovery security and several others say it is a virus. help me please? do i have more than just this live security platinum harming my notebook?

276. Beautiful :-) The easy-to-follow instructions killed the beast.

     Thank you very much Stelian

277. On the same machine??

278. Ok, I got rid of Live Security Platinum. Thanks so much for the detailed instructions.

     Now, by any chance do you know how to get rid of System Protector? I’ve got that too.

279. Thanks Stelian, you’re a good man and we do appreciate it!

280. Took it a step further and used Combofix as described. Still very slow to bring up internet.
     Thank you so very much for this set of instructions. Saved me hundreds of $$.

281. My office computer was attacked yesterday by live security platinum after I click on the ‘close’ button on my expired Mcaffee pop up. I used another pc to google for help, and, luckily, I came across your site and followed your advice. It worked like magic! My pc is back to life. I can connect to the network, although I still can’t connect to the network printers (it keeps showing the printers are ‘offline’). Thanks a million, Stelian; you’re an angel.

282. Please ignor my problem with the Malware, I tried again and noticed the download was being blocked. I gave the ok and I’m running a scan now.

283. Hey Buddy,

     Amazing step by step process on how to delete the virus.It’s 03.32 AM, i wanted to say a very big thank you to you before i go to bed. It took be a a few hours but i finally got rid of it by following your steps.

     Thanks Again,
     Agnel

284. Hello,
     Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     2.Please perform a scan with HitmanPro as seen on the guide.

     ---

     3.Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

285. I’m having trouble with the fix and hope you can help. I downloaded the Registryfix and double clickked on the desktop icon, but I don’t know if it did anything or not, I got no messages saying it had done anything.

     I downloaded Rkill and ran it, but the log says it found nothing.

     I clicked on the malware link, which took me to a site called Malware bytes. I clicked on the download which took me to another site called TechSpot. I clicked on the download button there and nothing happened.

     I have McAfee Total Protection and I don’t understand how this Live Security thing got through. I thought McAfee was supposed to be one of the best.

286. I am using McAfee firewall. After repeated attempts I was able to restore internet in normal mode only. Here is what I’ve done:
     Malware Chameleon, went through all steps none seemed to work. All showed green.
     Windows Registry fix – operated as described
     Rkill – operated as described
     Malwarebytes anti-malware – took a long time but seemed to work
     Hitman Pro – operated as described
     Eset – again took a long time, but seemed to work.
     McAfee full virus scan.
     It seems to be clean, but now on boot up the internet take 3 minutes to load. Is there any thing else I should try because I did all this in normal mode?

287. Excellent, this worked perfectly. This is the most thorough, exact and free malware removing solution I ever found on the internet. Thank you, it is very appreciated. You are not only competent but generous.

288. Hello,
     Can you please run a scan with Combofix:
     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

289. Can you please disable your firewall to see if this will fix your internet connection.
     Next,can you please run a scan with Combofix:
     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

290. What firewall are you using?

291. Hello,
     You most likely have a ZeroAccess rootkit infection on your computer.

     ---

     Can you please run a scan with Combofix:
     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

292. Hi. I have the Live Security Platinum virus on my computer (Dell XPS Vista Ultimate). I have read your guide and most of the comments, but I don’t think I’ve seen an answer to my troubles. Please forgive me if you’ve already addressed my problems. I got up to Step 5. Malware did not prompt me for a trial period, but went straight to the Scanner Tab and the full scan. I clicked it, but it starts, and after 1 second working, the window disappears from my desktop!? The Malware process is gone! (I tried this twice and the same thing happened again.) I tried other things you recomended, although I don’t know if I was following them right, or if I needed to do other stuff first, for example I tried the Force Breach HitMan Pro. That actually seemed to work properly, and found a bunch of threats, but there was the reboot option, which I clicked, but the program just shut off. Perhaps I’m a bit impatient, but as nothing was happening, I clicked start, restart, and my computer restarted. When it did, though, there was a weird black screen that said HitMan Pro something something. I pressed enter (not knowing what else to do), and I think it started normally. When I logged on and searched for Live Security Platinum, it’s still there.
     Any help with what I should do would be greatly appreciated. From reading the comments, you seem to really know your stuff and have helped many people (I hope to be one of them!). It seemed that they just needed to get the combo of programs in the right order. Please advise as to what to do; I will check back tomorrow.

293. Um, I think I have a problem. Prior to finding this excellent webpage, I’d gone to McAfee website for help. Downloaded “stinger” and “fixed” a few things. However my pc wasn’t fixed so i have now ended up at this site. I can only get as far as Step 1 (safe mode with networking, opened IE and uncheck the LAN setting .. which was already unchecked). However i couldn’t get an internet connection. Got a message about reconnecting DCHP? Hopped onto microsoft that to meto search for services.msc … Got a message that it doesn’t exist/isn’t installed. Can’t proceed to step 2 and now way beyond my computing limits. Help!

294. i was also infected, thanks for the help!

295. Dad managed to infected my PC protected with Mcafee with nasty Live Security Platinum virus. 24Hrs later it’s removed thanks to Stelian’s instructions. Dont be daunted – I am not a techy and I managed to do it with the instructions.

     THANK YOU Stelian for this. God bless you and the family

     Be patient and read the threads to avoid frustration. If your anti virus is Mcafee, check and ensure your Firewall can be turned on and off in settings. If you cannot manually adjust your firewall, use the Combofix app. All explained.

     My download route in summary is RKill, then Malwarebytes, HitmanPro and Combo-fix after I could not turn on my Mcafee firewall. I would recommend using IE in the safe mode though your default browser might be another. Mine is Firefox but I found IE more user friendly. As advised dont kill any of the processes and I uninstalled my Mcafee instead of disabling. Combo-fix does give an incorrect message after uninstalling (Just double check to be sure).

     Thanks once again for saving my money.

296. By the way, I cannot get to my windows fire wall settings or refresh my IP address due to “unknown error”… I’m on another computer to write this to you.

297. Wow, it seems like I’m going deeper and deeper. Here’s the rundown:

     When I tried to install the HitmanPro, it showed blue screen saying that it shut down to prevented the damage. Kernal-Stack-Inpage-error. Technical Info. STOP: 0X00000077 (0XC0000015, 0XC0000015, 0X00000000, oXoF63D000)

     Wehn I restarted my computer, I got the second blue screen stating the following. A process or thread crucial to system operation has unexpectedly exited or terminated. Technical Info. STOP: 0X000000F4 (0X00000003, 0X826942C0, 0X82694434, 0X805D22AA)

     When I restarted, the HitmanPro did start but didn’t find anything. Here’s the strange thing. I was able to start in safemode with network so I thought I give your full instruction a try. I was able to go online but when I tried to go on your site, it directed me to a different site (Randomly) every time.

     When I tried to go to your step 5, I was getting this following errer message “Runtime Error ’13’: type mismatch. I also got “The trial is not available for your product version. We apologize for inconvenience” and also ‘Program_error_updating (0.0. Host not found).

     I found out that I lost the connection to the internet (Home network). I tried resetting the ethernet card, reinstalled/rejoined the network, reset the modem, WiFi and everything but I’m not able to get my connection to the network back. I’m not able to perform step 6 as the HitmanPro wants to see the internet connection first.

     By the way, I had to scan with MalwareBytes without updating as I didn’t have connection but found 89 items and deleted them. Please help me…

298. Sorry, little more information, I am running Win XP SP3. I used the code given and have tried in safe mode and normal. Still unable to access internet.

299. I cannot access the internet on my infected PC. Check the Proxy. Still not able to connect. Help!

300. Hello John,
     To solve this ,you can using Malwarebytes StartupLite or Msconfig,to remove that startup entry.

301. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove the detected infections.
     Next,run a scan with Malwarebytes and ESET Online scanner.

302. Hello,

     I have gone through the instructions and my computer seems to be working fine other then a Spler.dll error at start up. Iam running Win 7 64 bit. How can I make this error go away?

303. Hello, I have downloaded Malwarebytes Chameleon and tried to run it with the help file. The first one opened up a DOS screen and down loaded the file. When installing, I get Access Denied for a lot of files including rules.ref, config.conf, build.conf, custom.conf etc… I pressed rety and it does’t work. So I went ahead and installed it by pressing ignores for these files, I get “Failed to run MAM-Killer.exe”, “Failed to run Malwarebytes Anti-Malware” and ” Failed to disable protection driver”. Please help…

304. Hello Peter,
     Lets work in Normal Mode:
     Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     2.Please perform a scan with HitmanPro as seen on the guide.

     ---

     3.Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

305. I am not getting the “Safe Mode with Networking” when I press F8. When booting up, my computer only displays options for F2 and F10. I have an old Dell. Please help.

306. HitmanPro and Malwrebytes are only on-demand scanners (basically they are just cleaning tools which won’t protect your system).You can uninstall them or let them on your system and regularly perform system scan to check if everything is ok. :)
     Good Luck!

307. Wow I didn’t believe I was going to be able to do it!!!! But your detailed instructions made it work like a breeze. I know nothing about computers and I was about to call a computer specialist…But I carefully read your steps and chose to try…
     Just a couple of questions: Should I keep Malwarebytes and Hitman both in my computer? Are they compatible? They cannot work as an antivirus, as far as I know… Or am I wrong? So a combination of antivirus plus Hitman plus Malwarebytes…would it be ok?

308. Viva La Barca! Thank you so much for the fix! Up an running again.

309. Thanks a lot for that. Really useful.

310. I was so sceptical of this process at first and thought i should just take it in to the shop and pay for them to do it. I am not good on computers and have never tried to fix any virus myself! but your incredibly detailed and directional guide made it easy for me to do and now my computer is clear! Thanks so much for the guide, it really helped me out and i will suggest this website to other with computer problems.

311. Hello Amanda,
     You most likely have a ZeroAccess rootkit infection on your computer.

     ---

     Can you please run a scan with Combofix:
     STEP 1 : Run a scan with Combofix

     Download ComboFix from one of the following locations:

     COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
     COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

     VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     • Close any open browsers.
     • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
       ———————————————————–
       • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
       • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
         ———————————————————–
       • Close any open browsers.
       • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
       • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
       • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

       ———————————————————–

      

     1. Double click on ComboFix.exe & follow the prompts.
     2. Accept the disclaimer and allow to update if it asks
     3. When finished, it shall produce a log for you.

     Notes:

     1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
     2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
     3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

     ---

     STEP 2: Run a scan with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

312. Okay, so I followed all your steps and it seems to have cleared my computer of everything but a desktop.ini virus and a win64 virus. I have run all over the internet trying to figure out how to fix those and nothing seems to have helped. Do you have any added advice? Any ideas of what I can do?

     Not sure if I can post pictures, but if I can here is a picture of the scan results:
     http://tinypic.com/r/15rlfkz/6

313. Thank you for this guide, it was great.

     After I have completed everything I still get a .dll error. It is asking for spler.dll. What can I do to stop this error?

     Thanks,

314. Hello,
     Please uninstall McAfee then run a scan with Combofix :

     Can you please run a scan with Combofix:
     Download ComboFix from one of these locations:

     Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     Link 1
     Link 2

     * IMPORTANT !!! Save ComboFix to your Desktop

     • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
       See HERE for help
     • Double click on Combo-Fix & follow the prompts.
     • As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

     **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

     
     Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

     
     Click on Yes, to continue scanning for malware.

     When finished, ComboFix will produce a log.

     Note:
     1. Do not mouseclick combofix’s window while it’s running. That may cause it to stall!
     2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

     After this step has been completed , you can reinstall McAfee.
     Then report back if your issue is fixed or not!

315. Thanks for you help.

316. Mwahahahaaaa! ComboFix did the trick. It replaced the file with an original, and removed those two viruses, plus two more. I ran another scan of HitmanPro, and it found no threats. My internet speed is back to normal, as well.

     Thank you so much, Stelian. You really know your shi_. -Josh

317. Thanks alot! The procedure worked perfectly for me.

318. Very helpful and easy to follow. Needed to update malware database prior to scan to complete removal. You should consider adding button for people to make small donation to maintain your solution.

319. I have went through all the steps and have control over my computer again. However I cannot get my mcafee’s firewall to activate and when I run a mcafee’s scan it is coming up with 2 trojans that it says it cannot delete. I am now running Kaspersky that I saw in one of your replies but figured I would go ahead and post in the meantime in case you knew of a solution to my Mcafee’s issue.

320. Hello,
     Check your startup items with Malwarebytes StartupLite to remove any unnacesary files from starting with Windows.
     Next,please defragment your computer – http://windows.microsoft.com/en-us/windows7/improve-performance-by-defragmenting-your-hard-disk
     Also please run a scan with ESET Online Scanner,just to make sure you don’t have any left over infections.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     ---

     If it is still slow than you’ll need to run a File System Check and Disk Check… To do this , download Windows Repair All In One and install this utility.
     Then go to Step 2 (Check File System) and click on “DO IT”, after this step is done, go to Step 3 (System File Check) and again click on DO IT.
     NEXT,go to the last Startup Repairs tab and click the Start button (bottom right)
     Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.

     1. Click Unselect All
     2. Put a checkmark in the following items:
        • Repair Hosts File
        • Repair Temp Files
        • Remove Policies Set By Infections

        Note: Leave everything else unchecked

     3. Put a checkmark in Restart System When Finished
     4. Now click the Start button (bottom right)

321. Hello,
     Please download and run the registry fix from the guide.Alternatively you can use the license key from the guide and stop this behavior.

322. Hello Sara,
     Did you run a scan with HitmanPro?
     Also please update Malwarebytes and run another scan.
     Next,please follow the below steps:
     1.Run a scan with Kaspersky Virus Removal Tool
     Click here to download the Kaspersky Virus Removal Tool.

     1. Save it to your desktop.
     2. Double click the setup file to run it.
     3. Follow the onscreen prompts until it is installed
     4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
        • System Memory
        • Hidden startup objects
        • Disk boot sectors
        • Local Disk (C:)
        • Also any other drives (Removable that you may have)
     5. Then click on Actions on the left hand side
     6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
     7. Click on Automatic Scan
     8. Now click the Start Scanning button, to run the scan
     9. After the scan is complete, click the reports button (‘Paper icon’, next to the ‘cog’ icon) on the right hand side
     10. Click Detected threats on the left
     11. Now click the Save button, and save it as kaslog.txt to your Desktop
     12. Please copy and paste the contents of kaslog.txt in your next reply.

     ---

     2.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

323. Hello Josh,
     It seems like you have a ZerroAccess rootkit on your computer……
     Can you please run Combofix:
     Download ComboFix from one of these locations:

     Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

     Link 1
     Link 2

     * IMPORTANT !!! Save ComboFix to your Desktop

     • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
       See HERE for help
     • Double click on Combo-Fix & follow the prompts.
     • As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

     **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

     
     Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

     
     Click on Yes, to continue scanning for malware.

     When finished, ComboFix will produce a log.

     Note:
     1. Do not mouseclick combofix’s window while it’s running. That may cause it to stall!
     2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

     Waiting for your reply to tell me how things are running.

324. Hello,
     Yes,you can delete and uninstall all the tools used in this guide. Stay safe!

325. Hello Grace,
     Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     2.Next,please perform a scan with HitmanPro as seen on the guide.

326. Thank you very much!!!! your step by step guide worked and now my laptop is ok. Thanks thanks thanks!!!!!

327. Hi Stelian,

     I have tried to follow the process. However, right after being in the safe mode, my keyboard was locked and I’m not able to write anything….I’ve checked many things (unplug, plug the cable,…..made sure everything is unchecked in the configuration,….used another keyboard…). Do you have any suggestions on how I can fix this problem to be able to continue and remove the Live Security Platinum.

     Many thanks for your help!

328. Thank you so very much! Your guide saved my computer, and my money. I thought I was going to have to take it in, or kill it. Then I found your website and everything went by in ease. I have full control over my computer (or so I believe) but find the Live Security Platinum “video” I downloaded unaware it wasn’t what was labeled, is still listed in my notifications (though it’s not active). Is this dangerous? If so, how can I remove it? Malwarebytes says there were no malicious malware detected on the second scan which took place after the reboot in normal mode.

     Also, I was wondering if it could spread to any other computers on my network if they were accessing the network at the time of my computers infection and uninstallation process? I was unaware this was so until today.

     Sorry to take up your time, but it is much appreciated. Do you maybe have the answer to my questions?

     I’ll check back often.

     -Sara

329. Stelian,
     thanks for this thorough solution for removing LPS malware. Like others, my PC got infected after performing a Java update. Your instructions helped to remove the infection, but more importantly, to understand how it operates. This will help me respond more intelligently the next time my system is infected (and there will undoubtedly be a next time.)

     The last time my system was infected by something very like this, my IT organization made me rebuild my disk from scratch after disinfecting my data files. It cost me a week of lost productivity and the loss of some software because I no longer had license keys for some video editing apps. Your solution saved time and those licenses.

     Thanks again!

330. Hi,

     Thanks so much for your tips on how to get rid of the trojan. As i’m only 12 it has been a good experience of how to get rid of viruses. Me and my family can finaly do work and I can get back on Skype and Minecraft.

     Thanks again,
     Simeon Elliott

331. What a great help! Thank you!
     I have just one question,
     Can I delete the “mbam-setup-1.62.0.1300” and the ‘registryfix’ files ?
     Or it gonna have to stay in my Computer ?
     Thanks a lot !

332. Hey, Stelian.

     Thanks for your guide. I’ve been following the instructions, and I’ve been making great progress.. until the part with HitmanPro. I’m bothered by something:

     I’ve scanned using HitmanPro three times. The first time I scanned and removed, I found about 7 Trojans/Malware, and when I was prompted to restart, my computer blue-screened/crashed. The second time I scanned, I only found two Trojans. I removed, and didn’t blue-screen when I followed the restart prompt. The third time I scanned, I found the same two Trojans.

     Every time I’ve scanned, these two Trojans have been present. One is named services.exe, found in C:\Windows\system32. HitmanPro states it must replace this file with the original version to maintain stability. However, every time I’ve done the removal process, at the end, it says “Delete Failed”, and the Trojan maintains its presence on my machine.

     The other Trojan is named Desktop.ini, found in C:\Windows\assembly\GAC_32\. Every time I’ve done the removal process, at the end, it says “Delete on reboot”, yet every reboot, it comes back the next time I scan.

     This bothers me. I could really use your help on this one.

     Please and thank you! -Josh

333. Thank you very very much :) you are the best!!! you saved my pc at work! i have soooo much stuff in it. THANK YOU THANK YOU ……you are the man :)

334. Somehow, thank you just does not seem to be enough. I am humbled by your kindness

335. Thank you Mr. Pilici, it worked.

     I’m puzzled that the Live Security Platinum virus was able to change the registry entry in [HKEY_CLASSES_ROOT\exefile\shell\open\command] and the other HKCR entries to disable running .EXE files.

     I use my Win XP SP3 system as a normal user without Admin privileges. Would you have an idea how the virus got access to the Registry?

336. I ran a system restore and things are now working but it is a tad slow. Is there anything I need to do now? Thanks!

337. Thanks for this guide Stelian! Unfortunately after running everything, when I’m in normal mode, nothing will open. I’ve run everything in Safe Mode and removed everything the various programs gave me, but nothing works in Normal Mode. I mainly cannot access any of my internet platforms (Firefox, Chrome or IE). Is there something else I can try? Also when my computer starts in Normal Mode it says that MalWare Bytes cannot run the cleanup file. Help please? Thank you!

338. Yes,you can use the above tools as they are only on-demand scanners (basically they are just cleaning tools which won’t protect your system)
     Good Luck!

339. If I overlooked the answer to this in the guide I apologize.

     Can I use this guide (downloads included) if my computer is currently running Microsoft Security Essentials? Will it conflict with any of the programs you suggest in the removal guide?

340. Thanks – I seem to be all sorted. I am officially a FC Barcelona fanatic!. Top man, keep up the good work.

     Chris

341. thanks a lot, your simple way rescued my notebook.

342. thank you, thank you, thank you. really good instructions, easy to follow, and saved me big time. Appreciate your good work.

343. Thanks for the guide. It really help a lot.

344. Thank you very much!!! It was of great help…

345. Did you check for any proxy server (see step 2 on the guide)?
     Can you try to disable your antivirus and firewall while doing the ESET scan and see if this will fix the problem…

346. Your generosity in providing this information and providing your time is amazing. See, there are some “good guys” still around.

     I went through the steps successfully. Found it interesting that every scan, the last one being eset, found virus’

     A heart felt thank you.

     Flash

347. Excellent. Keep doing what you do which is being one of the good guys.

348. Thanks for the help, the computer starting running normally again on normal mode without me using combofix. However, if the computer starts acting up again I will use it and get back to you. Thanks again for the help.

349. Thank you SO much for your easy instructions! You are totally awesome! Sending you many blessings!!!

350. Hey Stelian,progress has been made,my pc is on normal mode now without any sight of Live Security Platinum.However, the ESET scanner could not be updated and states “cannot get update.Is proxy configured?”,any solutions to this? Thanks !

351. Thanks – really clear tips and no pushing products. Great advice!

352. Hello,
     Lets try do this another way.Please follow the below steps while your computer is in Normal Mode:
     1.Run a scan with Malwarebytes Anti-Malware in Chameleon Mode:

     1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
     2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
     3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
     4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
     5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
     6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
     7. Upon completion of the scan, if anything has been detected, click on Show Result
     8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
     9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

     ---

     2.Next,please perform a scan with HitmanPro as seen on the guide.

     ---

     3. Run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

     Waiting for your reply to tell me how everything is working.. :) Good luck!

353. Hey Stelian,thanks a lot for creating this guide. But my Malwarebytes’ Anti-Malware did not manage to complete its full scan (I’ve tried four times and usually the scan only runs 20 minutes+) and my laptop shuts itself off. And also when I’m running IExplore/RKill it does not terminate any processes. Any input from you(or any other user) would be greatly appreciated.Thanks a lot!

354. Lets try one more thing and than if it doesn’t work, your can reset your computer.
     Please follow this guide and run a scan with Combofix.
     Let me know if that fixed the problem or not.

355. Thanks a bunch for your help! The Live Platinum Security virus would not allow me to connect to the internet at all, even after trying all the internet connection tips. I finally resorted to using the fake registration code, and that allowed me to gain access to the internet once again. I am now running all the software to get rid of the virus for good! Thanks again!

356. THAX n GBU

357. Thank you Thank you, Stelian! Will go read the articles now!

358. Thanks! It worked :)

359. Thank you very much for your helpful information in removing this virus.I am really greatful to you. Best wishes for you.

360. Thank for the help, but the computer is still very slow and unresponsive, to the point where it says Windows is not responding. What should I do? Should I factory restart my laptop?

361. Thanks so much!!!!

362. Hello Joe,
     Yes,I think that if you reinstall Windows on Pararels you should be fine..This type of products work like a sandbox so basically if you do a reinstall you should be ok!

     Something that your wife needs to read: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. Stay safe!:D

363. Hello,
     Lets try to fix this and have a new FC Barcelona fan:D
     First run a scan with RogueKiller:

     1. Please download the latest official version of RogueKiller.
        ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
     2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
        
     3. After the scan has completed, press the Delete button to remove any malicious registry keys.
        
     4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
        

     Next,you’ll need to run a File System Check and Disk Check… To do this , download Windows Repair All In One and install this utility.
     Then go to Step 2 (Check File System) and click on “DO IT”, after this step is done, go to Step 3 (System File Check) and again click on DO IT.
     NEXT,go to the last Startup Repairs tab and click the Start button (bottom right)
     Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.

     1. Click Unselect All
     2. Put a checkmark in the following items:
        • Repair Hosts File
        • Remove Temp Files
        • Repair Windows Updates
        • Repair Windows Firewall
        • Remove Policies Set By Infections

        Note: Leave everything else unchecked

     3. Put a checkmark in Restart System When Finished
     4. Now click the Start button (bottom right)

     Let me know everything goes…:D

364. I share an iMac (OSX 10.6.8) with my wife. We installed Parallels 7 desktop to run Windows 7 on the Mac so she could access a work related site that requires a PC. The other day she was checking e-mail on the Mac side (aol.com) and found an official looking e-mail from USPS saying that a package she was supposed to have sent was undeliverable. She never sent such a package. She clicked a link to get more info about the package, and it downloaded Live Security Platinum. Not knowing what that was she tried to open it, and it opened Windows and displayed the Live Security Platinum Warnings and error messages. The correct thing to do would have been to send the USPS e-mail to Spam.

     Since my wife only uses Windows 7 to get on one web site , and she has no other data files saved on the PC side, is it possible to re-install Parallels, Windows and Explorer to remove the Live Security Platinum? What do you think?

     Thanks,
     Joe

365. Yeah!! The solution worked great..!! Thanks for the help!!
     Don’t even realize when was the virus get into my pc..

366. Hello,

     I ran both scans and they both found nothing :).

     Thank you very much for your help!

     Steven

367. I have no idea why you can’t turn your McAfee Firewall on,however a re-install should fix this.However I do advise you to remove McAfee and install another security product because McAfee is not that great..
     Quick tips;
     Free – Avast 7 Free version or COMODO Internet Security
     Paid : Norton Internet Security 2012 or Avast Internet Security 7
     Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard

     Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions:)

368. Thank you so much!! You are my savior :)

369. Further help please!

     Firstly as with all the comments, thanks for you advice. Top man.
     I have cleared the Live Security Platinum malware using your initial steps, followed by both Kaspersky Virus Removal Tool and then ESET Online Scanner utility. Like one of the other threads everything is working fine but my windows firewall is corrupted as is my windows update. I get the error message “update your firewall settings” then when I click on “use recommended settings” I get the error message “windows cannot change some of your settings. Error code 0x8007042c”. On the Windows update page this was also corrupted. Following your advice I installed and ran through all the steps of tweaking.com – windows repair (all in one) but the Firewall error perists. The windows update now allows checking for updates but throws an error when I try to download and install new updates. Please help. It would be a great shame after clearing things so well to have to re-install the operating system (Win 7 profession 64-bit). Fix this am I become a Barcelona fan!

370. Thanks for the effort. Your instruction helps me by fixed my problems. Thanks!

371. Thank you Thank you, Stelian!!!

     I successfully removed Live Security Platinum, however the Firewall on my McAfee Security Center is off. I can’t turn it on anymore, every time I turned it on, it went off again. Is it because of the Hitman Pro or Malwarebytes’ Anti-Malware? Thank you for your heavenly help again!

372. Hello,
     Lets try do this another way.Please follow the below steps…

     STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove the detected infections.

     STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
     1.Download any re-named version of Rkill (direct download links bellow):
     RKILL DOWNLOAD LINK #1
     RKILL DOWNLOAD LINK #2
     RKILL DOWNLOAD LINK #3
     2.Next,please perform a scan with Malwarebytes and then do a RogueKiller and Unhide.exe scan as seen on the guide

     ---

     STEP 3. Run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

     Waiting for your reply to tell me how everything is working.. :) Good luck!

373. Hello,
     Please do a ESET Online Scan,and next do a scan with RogueKiller as seen below:

     1. Please download the latest official version of RogueKiller.
        ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
     2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
        
     3. After the scan has completed, press the Delete button to remove any malicious registry keys.
        
     4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
        

     If you are still experiencing problems while trying to remove this rogue from your machine, please start a new thread in our Malware Removal Assistance forum.
     Good luck!

374. Ok,now I understand..You see that Java sign in Windows…Because you have Java installed… :)….
     Go to Add or Remove Programs and uninstall Java…and you’re done – http://www.java.com/en/download/uninstall.jsp
     Stay safe!

375. Yes,Remove Temp Files….made a typo :)….

376. No you’re fine to just continue.. just rerun the Malaware Bytes software again, it’s because you chose incorrectly during the installation, but no worries all is good.

377. Thank you for all the time and effort in putting this together. I have followed the instructions after having this physically show up on my Start menu and pop up when browsing starting two days ago (who knows how long it’s been around). We have 4 users on our home computer and my daughter used hers before we notified her not to, it just showed up today in her user account.
     I didn’t need to use the registration code, although a few things popped up initially the other day…I was able to start in Safe Mode, LAN wasn’t checked, used Registryfix, Rkill, and Malwarebytes (already on my computer but had to update) with moderate success. Live Security Platinum still showed up in my start menu so I ran Kaspersky checking the five boxes you listed for others (including my huge removable drive). Finally, LSP is wiped out of my start menu but I still have three flashing suspicious icons (7966335.exe-two of these same item and Java Auto Updater) “is requesting permission to…” The Java program is one that had corrupted files/virus. I plan on running the Eset Online Scanner next unless you have another suggestion.

378. Thanks, but the Java thing is not on the Firefox toolbar; it’s on the Windows toolbar (though perhaps it’s not called a toolbar). Maybe it’s perfectly innocuous and I’m being unnecessarily suspicious. I did take your advice and reset Firefox to its default settings, though. Certainly can’t hurt.

379. I’m going to use the windows repair right now, but I don’t see “Repair Temp Files” I only see “Remove Temp Files” is that the option I’m suppose to chose?

380. just tried it on mine and got the same error. however, i just clicked ok and it still ran fine while in safe mode. hope this helps

381. I ended up going back to safe mode and using HitManPro. It found A LOT of items and removed them. I then used malwarebytes Anti-malware and it found 21 more. Went back to HitMan, it found more and then back to malwarebytes, it didn’t find any, went back to Hitman, it didn’t find any….I can now use my computer!! Thanks so much!! there are free advice places that have a section where you can donate to help out you wonderful people. Do you have one???

382. Hello
     When I went to add the rkill it gives me a message that says the iexplore.exe has stopped working and the only option is “close program”. I have tried downloading other versions of the rkill but they continue to give me that same message. I left it be while typing this and in the notepad that pops up it said that it terminated the process downloads\explorer.exe is that what is suppose to happen to continue on to the next step with the malwarebytes?

383. Thanks sooo much for your help and the money you just saved me. Do you know of any good, FREE anti-virus software I can install until im able to but the Norton i seen advertised recently?

384. I got that message too. Then the program updated and i was able to continue.

385. Hello,
     Just reset Firefox to its default settings: http://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems and everything should be ok.

386. I ran the ESET scan, and it deleted eight threats, all connected with Netscape Navigator (which is installed on my computer, though I haven’t used it in a long time). Still don’t know how to get rid of this Java thing on my toolbar. Thanks, again, for all your help.

387. Yes,you can try to run a scan in Normal mode,if it doesn’t work than reply and I’ll help you. :)
     Good luck!

388. I got to the point of installing Malwarebytes a Anti-Malware and right after clicking finish, I got an error message staying I couldn’t run the program in SAFE MODE. At this point, is it safe for me to reboot in normal mode to continue the removal process?

389. As a quick answer :
     Free – Avast 7 Free version or COMODO Internet Security
     Paid : Norton Internet Security 2012 or Avast Internet Security 7
     Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard

     Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions:)

390. thanks for the respond, the think is that when i delete the virus, i did it manually by right click the delete botton and then empty the trash; i check this page afterwards, and i am worry that what i did was not enough, still i dont see any problems any more; what i want to know if the only thing i still need to do is to make more scans with other softwares, or if there is the certainty that there is nothing else around, and that my deleting it manually is not enough, i delete a carpet with three archives, and then i delete all the icons; i will make more scans anyway, but i would like to know what else can the virus do, beacause i have access to internet, and i can click on executables now, is there any other treat that virus do? or if it is possible that it reinsurrect again some how?

391. …btw..my computer is a little slower but there is no redirecting or messages from live security platinum…so unless theres something else i could do to get my internet back to speed im a-ok!!!

392. ok. just finished an eset scan.

     Scan Log
     Version of virus signature database: 7309 (20120718)
     Date: 7/18/2012 Time: 9:04:08 AM
     Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
     Operating memory » C:\Program Files\UltraVNC\WinVNC.exe » ZIP » – archive damaged
     googledesktopsetup.exe » PECompact v2.xx – is OK
     C:\WINDOWS\Temp\avg-4d0cf54e-7a81-4f59-8160-c52061d3f159.tmp » INNO » – archive damaged
     Number of scanned objects: 584806
     Number of threats found: 0
     Time of completion: 10:17:52 AM Total scanning time: 4424 sec (01:13:44)

     Notes:
     [4] Object cannot be opened. It may be in use by another application or operating system.

     ‘no objects found’!!! THANK YOU!!! you are a lifesaver…i will definitely look you up if i ever run into another virus :) you’re amazing Stelian ;D

393. Thank you very much for putting this together. It was easy to follow and appears to have worked well. Going forward, will the Malwarebytes Anti-Malware be enough to protect my computer? What’s the recommended method to prevent something similar going forward?
     -Nat

394. Hello Mark,
     You can perform a scan with the following utilities for your peace of mind:

     1.Run a scan with Kaspersky Virus Removal Tool
     Click here to download the Kaspersky Virus Removal Tool.

     1. Save it to your desktop.
     2. Double click the setup file to run it.
     3. Follow the onscreen prompts until it is installed
     4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
        • System Memory
        • Hidden startup objects
        • Disk boot sectors
        • Local Disk (C:)
        • Also any other drives (Removable that you may have)
     5. Then click on Actions on the left hand side
     6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
     7. Click on Automatic Scan
     8. Now click the Start Scanning button, to run the scan
     9. After the scan is complete, click the reports button (‘Paper icon’, next to the ‘cog’ icon) on the right hand side
     10. Click Detected threats on the left
     11. Now click the Save button, and save it as kaslog.txt to your Desktop
     12. Please copy and paste the contents of kaslog.txt in your next reply.

     ---

     2.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Stay safe!

395. Thanks for the help and advice.
     -started in safe mode removing the Live Security Platinum references from registry per another’s suggestions
     -came back with malwarebytes scanned and removed some more
     -next reboot found malwarbytes was picking up some items still
     -used Rkill I believe from the links above and returned nothing
     -Hitman Pro was a life saver…however, it took two attempts and a “force to delete instead of quarantine” to take.
     -thought I was complete…decided to run ESET scanner and now have found 2 infected files variant of Win32/Injector.TYT trojan JS/Redirector.NIQ trojan”…which makes sense as while testing I had just clicked on a few google search results pages that bounced me to some obviously incorrect pages.

     I likely missed a step or followed the instructions from multiple sources that overlapped with yours, but I’m worried every time I add a new scanner I find new stuff. Regardless, thank you and I’ll keep following the thread for any new advice. Good luck everyone and keep at it.

396. Yes,it should be gone.How is your computer behaving?Are you seeing any other alerts from Live Security Platinum?
     Also download, save and run the ESET ‘Win32/Sirefef’ stand-alone malware removal tool and follow the prompts as directed to check for any sirefef ifnection.
     ESET Sirefef Remover Download Link

397. ok. so malwarebytes doesnt come up with anything but everytime i run an eset scan this is what pops up and i manually delete it every time:

     Operating memory » \GLOBAL??\2b090f37\WINDOWS\$NtUninstallKB9278$\722014007\Desktop.ini a variant of Win32/Sirefef.EZ trojan

     how to get rid of this for good? live security platinum isnt listed in the programs in the control panel so can i assume it isnt on the computer anymore?

398. 11 minutes into the scan and no objects detected!!! hopefully it stays that way :) thanks for all your help…ill let you know how it turns out…you are AMAZING!!! and your help is priceless :) THANK YOU!!!!

399. MajorGeeks is a good site which is hosting a Malwarebytes download mirror…so it’s ok to download from them :)
     Here is the direct download link for Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam-download-exe.php

400. Good…now i have a new problem. I went to download malwarebytes and it hit download now on the free version. it took me to a site called majorgeeks.com and tried to have me do a scan….I went back to the link you provided got to the malwarebytes page, hit the left ctrl key and hit download now. the majorgeeks site opened in a new tab. am i supposed to go through majorgeeks? or is this just the virus redirecting me?

401. THANK YOU! THANK YOU! THANK YOU!You are the best!! You saved me 100$…. ***** you geek Squad!
     Thank you MalwareTips.coM!

402. Yes,ESET and Malwarebytes should remove this infection without any problems…Just to the scans and then report back.

403. You can try to uninstall and then re-install back Firefox.
     As far as the slow down did you check your startup items?If no,then you can use Malwarebytes StartupLite to remove any unnacesary files from starting with Windows.
     Next,please defragment your computer – http://windows.microsoft.com/en-us/windows7/improve-performance-by-defragmenting-your-hard-disk
     Also please run a scan with ESET Online Scanner,just to make sure you don’t have any left over infections.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     ---

     If it is still slow than you’ll need to run a File System Check and Disk Check… To do this , download Windows Repair All In One and install this utility.
     Then go to Step 2 (Check File System) and click on “DO IT”, after this step is done, go to Step 3 (System File Check) and again click on DO IT.
     NEXT,go to the last Startup Repairs tab and click the Start button (bottom right)
     Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.

     1. Click Unselect All
     2. Put a checkmark in the following items:
        • Repair Hosts File
        • Repair Temp Files
        • Remove Policies Set By Infections

        Note: Leave everything else unchecked

     3. Put a checkmark in Restart System When Finished
     4. Now click the Start button (bottom right)

404. well this is a work computer…could that be the problem? is there a way to remove the malware without using hitman pro or using a different program? i have eset antivirus and eset sysinspector on this computer already…will either of those do the job?

405. Hello, I followed all the steps and it worked great! However, since I got the virus off my laptop Firefox takes forever to respond and the computer seems slow any suggestion?

406. If this is your personal computer then it’s not normal….HitmanPro is free to use for scanning and removal for home users…..
     This is an activation code for Live Security Platinum: AA39754E-715219CE , this will NOT remove this rogue software,however it should stop those annoying alerts.
     Now,can you please run the HitmanPro Force Breach Mode again just stop the malicious process.
     Next, please start a scan with Malwarebyte Anti-Malware as seen on the guide and remove any detected infections.
     Next,run a ESET Online scan (you have the instructions in my previous reply) to remove any other malicious files.
     Then please re-scan with HitmanPro and if it will find any malicious files then write the path and then we will manually remove them.

407. Ok. I got HitmanPro to run, but at the end of the scan, there was no ‘activate free license’ option. …is that normal?

408. Phenomenal. Thanks.

409. Hello Dank,
     Did you run a scan with Malwarebytes and HitmanPro?
     As a additional step ,you can perform a check with ESET Online Scanner:

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     Stay safe!

410. hello, here is my story, i was checking a blog, and then suddenly the virus installed on the computer, sending his messages constantly, and not letting me open any executable files, not even the notepad; since i coulnt log on the internet to check your advice, i was very desesperate and i didnt know what to do; then suddenly out of curiosity, i decided to restart the computer in secure mode, then i feel relaxed again beacause the messages stopped and it let me open other executables; so what i did afterwards was to right click the icon of the virus on the desktop, and when i found the adress, i went to the carpet and delete it, and then i throw the trash, after that i delete the icon of the desktop; then i restart the computer in normal mode, and run the mcafee to make a complete revision of the computer, and it didnt found anything. My question is, is the problem really solved? or do i need to check something else?

411. This is an activation code for Live Security Platinum: AA39754E-715219CE , this will NOT remove this rogue software,however it should stop those annoying alerts until you will use the removal tools.Does your internet connection work now?
     Also you can download Malwarebytes and perform a scan now?

412. Hello Michelle,
     Yes, try another RKILL version… If it doesn’t kill the process in 10 minutes then it’s most likely stuck.

     If it still doesn’t work,please try the below steps:
     STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove the detected infections.

     STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
     1.Download any re-named version of Rkill (direct download links bellow):
     RKILL DOWNLOAD LINK #1
     RKILL DOWNLOAD LINK #2
     RKILL DOWNLOAD LINK #3
     2.Next,please perform a scan with Malwarebytes as seen on the guide.

     ---

     STEP 3. Run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

     Waiting for your reply to tell me how everything is working.. :) Good luck!

413. Hello,
     Hello,
     Lets try do this another way.Please follow the below steps:

     STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove the detected infections.

     STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
     1.Download any re-named version of Rkill (direct download links bellow):
     RKILL DOWNLOAD LINK #1
     RKILL DOWNLOAD LINK #2
     RKILL DOWNLOAD LINK #3
     2.Next,please perform a scan with Malwarebytes as seen on the guide.

     ---

     STEP 3. Run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

     Waiting for your reply to tell me how everything is working.. :) Good luck!

414. Thank you!!! These steps worked great for removing the virus from my computer, and using the License Key to stop the fake alerts was very satisfying for some reason.

415. Thank you for taking the time to post this! It worked out great and I really appreciate your instructions. Go FC Barcelona

416. How long should it take for RKILL to scan and create a log? I have been waiting about 10 minutes, every once in a while I see an hourglass by the pointer.
     Should I try another RKILL?

417. Stelian,
     I tried to use your advice to remove the platinum malware virus but I cannot even access the I tenet on my computer anymore so I can go all the way to step 6 where it tries to access the Internet and I can’t go any further to finish the process, please help, my IT department can’t figure it out either!!??
     Any help would be appreciated??!!

     Heather

418. Hi :) i have this virus and every time i try to install RKill or one of its renamed counterparts i get an error field stating that the installation failed because ‘it was already being used in another process’..could it be because i think this computer is infected with live security platinum as well as security shield? (at the same time!)…please help!!

419. Thanks. The printer icon is the only thing I use on the toolbar (if that’s even what you call it). I don’t know how to get rid of the other stuff and have never felt particularly motivated to find out. I am using Firefox. I just started the ESET scan; I imagine it will take a long time, as Kapersky took all night.

420. What browser are you using and why on earth do you need a toolbar?:)
     Please run a ESET scan as seen on my previous reply.

421. Hello Lauren,
     You can also run an ESET scan if you have the time:

     Run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

422. Based on that report, I am now concerned about the Java icon that appeared on my toolbar at some point during the virus attack and keeps saying it needs to be updated. How do I get rid of this?

     Thanks again, Stelian.

423. Kaspersky did catch something the others did not. Here’s the report:

     : Deleted (events: 1)
     7/16/2012 9:20:17 PM Deleted Trojan program Trojan.Win32.Inject.eift C:\Documents and Settings\Lauren\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\25877b37-15c52381 High

424. Worked great! Thanks for your help!

425. Thanks for this!! Actually, I was fixing this on a remote machine and couldn’t start any programs or boot into safe mode (because I was remote). Putting in the activation code allowed me to run the regedit fix and delete the virus all without safe mode, am currently scanning to remove anything else.

426. It’s really a wonderful easy step by step removal of harmful marlware. I was shocked to see that my computer was affected. After reading your article, I got the confidence to do it myself and followed your 6 steps and everything went fine. Now my computer is without any malware. I really thank you for this wonderful article.

     I love you Mr. Stelian Pilici!

427. Hello,
     Lets try do this another way.Please follow the below steps:

     STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove the detected infections.

     STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
     1.Download any re-named version of Rkill (direct download links bellow):
     RKILL DOWNLOAD LINK #1
     RKILL DOWNLOAD LINK #2
     RKILL DOWNLOAD LINK #3
     2.Next,please perform a scan with Malwarebytes as seen on the guide.

     ---

     STEP 3. Run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

     Waiting for your reply to tell me how everything is working.. :) Good luck!

428. Hello Debbie,
     This cyber criminals are usually from China,Russia or another eastern European countries,and at some point they get caught however it takes along time for this to happen because different organizations across the globe from need to work together.As you imagine this process is not very quick and all the investigations take some time so from here comes the need for a International cyber crime police divison.
     Another problem is that users aren’t even aware that they have been the victim of cyber criminals and they don’t report it.
     Here is some very interesting video which you can watch:
     http://www.youtube.com/watch?v=cf3zxHuSM2Y
     http://www.youtube.com/watch?v=WQgeUHlTThc
     Just today,there are reports that 3 cyber criminals where convicted to 8 years of prison for install keyloggers on some computers: http://nakedsecurity.sophos.com/2012/07/16/seattle-cybercrime-trio-sentenced-for-3m-hacking-spree-via-wifi-and-malware/

429. Stelian

     Thank you. Thank you. Thank you. Everything worked perfectly. My computer actually feels like it is running faster now!!

     Sanjay

430. Hello Stelian:
     I posted earlier thanking you – but now have a question. How do these people
     continue on the web collecting unsuspecting users credit card information and using it without eventually getting caught? You would think that the credit card police would be able to track them down. Do you have any insight into this? – Thanks (more just wanting to vent my frustration – not only about going through the fix – which you made easy – but going through the initial panic when your computer/programs/data won’t run)

431. You ROCK!!!! All of the virus seems to be gone from my computer – I had this or a similar virus approximately 1 year ago and we wound up cleaning off the hard drive and starting over. Thank you, thank you, thank you.

432. Stelian, you are a saint! I initially thought this virus had totalled my computer (since nothing would open), but thanks to you and your six easy steps, everything seems to be back to normal. I am running the Kaspersky scan just to be extra-sure, but all seems to be going well. Thanks so much!

433. Thanks so much! The instructions were amazing for someone who is not at all computer savvy. I was able to delete the malware myself and am very grateful.

     Lavinia

434. I am trying to remove the virus for the 2nd time– thought I had it last night ( followed instructions) only to find it was in place when I started the computer this morning.
     I don’t remember getting a “re-start” message after the latest scan with malwarebytes.. but apparrently 7 files were removed
     Now the computer seems to be hung up at removing a trojan — while on the 2nd sweep, with Hitman

     also for your info.. there was no Proxy checked on the LAN settings
     any suggestions?

435. Thanks a lot for this step by step guide. Really helpful!

436. Dear Stelian
     Thanks this virus/trojan got into my computer too. Could still use the internet but antivirus and makware remover wouldnt work, and couldnt remove the pirate program either
     The people doing these things are malicious arent they?
     Managed without too much effort by following yr instructions…..
     You laid it out very simply, you should also do something paid….. for sale, great style, that you have.
     However my 75 yo Mum would be challenged, probably to follow this if she had to, probably why my brother set her up with linux LOL
     Thanks again very very very much !

437. Hello Steven,
     If you want to perform another check,then I recommend that you do a scan with the following tools:

     1.Run a scan with Kaspersky Virus Removal Tool
     Click here to download the Kaspersky Virus Removal Tool.

     1. Save it to your desktop.
     2. Double click the setup file to run it.
     3. Follow the onscreen prompts until it is installed
     4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
        • System Memory
        • Hidden startup objects
        • Disk boot sectors
        • Local Disk (C:)
        • Also any other drives (Removable that you may have)
     5. Then click on Actions on the left hand side
     6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
     7. Click on Automatic Scan
     8. Now click the Start Scanning button, to run the scan
     9. After the scan is complete, click the reports button (‘Paper icon’, next to the ‘cog’ icon) on the right hand side
     10. Click Detected threats on the left
     11. Now click the Save button, and save it as kaslog.txt to your Desktop
     12. Please copy and paste the contents of kaslog.txt in your next reply.

     ---

     2.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

     Stay safe!

438. Hello,

     I went through all the steps as instructed. Is there any way for me to check if all malware is gone? Also i had some files on my computer that i sent via e-mail after it was infected (didn’t want to lose them) is there any chance they are infected? As you can see i’m not very knowledgable about this stuff :). Any help is appreciated.

     Steven

439. Thank you very much, this has been highly helpful. God bless you :)

440. thank you for the sharing.

441. Great article…helped me save a lot of time.

     Thanks,
     Ram

442. Thank you very much for your easy guide in removing the Life Security Platinum virus…was able to do it just by following it step by step. God bless you.

443. Hello,
     Please follow this steps:
     Download Windows Repair by Tweaking.com to your desktop.  Use the direct download link for the Portable version of Windows Repair by Tweaking.com

     1. Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com – Windows Repair folder to your desktop.
     2. Now open this folder and double-click Repair_Windows.exe.
     3. Click the Start Repairs tab on the far right.
     4. Click the Start button (bottom right)
        Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
     5. Click Unselect All
     6. Put a checkmark in the following items:
        • Repair Windows Firewall
        • Repair Hosts File
        • Repair Temp Files
        • Remove Policies Set By Infections
        • Set Windows Services To Default Startup

        Note: Leave everything else unchecked

     7. Put a checkmark in Restart System When Finished
     8. Now click the Start button (bottom right)

444. I’m having a problem with my Windows Firewall. I followed the directions to get rid of the virus, and it looks like it’s gone. I double checked with a scan from ESET and again with HitmanPro to make sure and nothing came up. I’ve tried to reactivate the firewall manually but I keep getting the error code 0x80070424. I looked it up on the Microsoft site and it said I might have malware. Again, I scanned with HitmanPro and nothing came up. I tried a recommended solution telling me to update, but Windows Updater won’t work either. It says the service is not running. So I restarted like it said, and tried again, but the same message is appearing. Any suggestions?

445. Thanks for all the help bro. Very helpful step by step guide. If I ever have another problem I’m just going to visit here instead of calling my useless security provider that il paying yearly for who suppose to prevent this stuff from happening in the first place. Lol

446. Hello,
     I’ll report this problem to the HitmanPro developers.please run a scan with ESET Online Scanner and then re-install HitmanPro and try again to do a scan scan.If there are stil malicious files found ,write the path down and we will remove them manually.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     If you are still experiencing problems , start a thread in our Malware Removal Support forum : http://malwaretips.com/Forum-Malware-Removal-Assistance

447. The Security Shield rogue has been around for a long time….here is the removal guide: http://malwaretips.com/blogs/security-shield-2012-removal-instructions/
     Stay safe!

448. Hi I was able to remove this virus using.both programs. Now I have a new virus. It’s called security shield. It looks exactly like live security platinum. How do I remove this and why didn’t those previsoly installed programs prevent this. Lol. Same proccess? You should make a post about this

449. Thank you for sharing.

     I just got hit with this darn thing today and figured I would Google it, not thinking I would find something that would be as descriptive and helpful.

     Thank you

450. I followed all of your instructions and everything worked until after I ran HitmanPro. When I ran it, 17 threats were found but when I tried to remove them, I didn’t get the link to activate the free 30 day trial. I am unable to run the program without paying for it. Am I doing something wrong?

451. Nods to Stelian, it looks daunting on the page, but it worked like a breeze

     Thanks buddy;)

452. Thank you so much for these “easy to follow” instructions on how to remove this fake program! I was terrified when I booted my computer and was unable to remove it the normal way…you SAVED my computer!!

453. Hello,
     Lets try do this another way.Please follow the below steps…

     STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove the detected infections.

     STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
     1.Download any re-named version of Rkill (direct download links bellow):
     RKILL DOWNLOAD LINK #1
     RKILL DOWNLOAD LINK #2
     RKILL DOWNLOAD LINK #3
     2.Next,please perform a scan with Malwarebytes as seen on the guide.

     ---

     STEP 3. Run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

     Waiting for your reply to tell me how everything is working.. :) Good luck!

454. I somehow got his lovely virus and when I try to open windows with safe mode and networking I get the error message ” the program can’t start because SHELL32.dll iis missimg from your computer. Try reinstalling the program to fix this problem” and then it just says safe mode and nothing else a black background help me please!!!

455. Yes,you still need an antivirus because the tools from this guide are only used for scanning.
     However I would like to suggest that you change your antivirus from Microsoft Security Essentials to Avast 7 Antivirus FREE as it’s a way better option :)
     Stay safe!

456. Thanks for the assistance.
     I had MS Security Essentials and it is no longer running. Do I still need it with these other programs?

457. Hello Kevin,
     Here is how you can create your own registryfix.reg :

     1.Create and run your registryfix.reg

     A.Copy all the text in bold below and paste to Notepad/Text Document

     Windows Registry Editor Version 5.00

     [-HKEY_CLASSES_ROOT\.exe\shell]

     [-HKEY_CLASSES_ROOT\.exe\DefaultIcon]

     [HKEY_CLASSES_ROOT\.exe]
     @=”exefile”

     [HKEY_CLASSES_ROOT\exefile]
     “Content Type”=-

     [HKEY_CLASSES_ROOT\exefile\shell\open\command]
     @=”\”%1\” %*”
     “IsolatedCommand”=-

     [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
     “IsolatedCommand”=-

     [HKEY_CLASSES_ROOT\.bat]
     @=”batfile”

     [HKEY_CLASSES_ROOT\batfile\shell\open\command]
     @=”\”%1\” %*”

     [-HKEY_CURRENT_USER\SOFTWARE\Classes\.exe]

     [-HKEY_CURRENT_USER\Software\Classes\exefile]

     [-HKEY_CLASSES_ROOT\secfile]

     [-HKEY_CURRENT_USER\Software\Classes\secfile]

     [-HKEY_CLASSES_ROOT\pezfile]

     [-HKEY_CURRENT_USER\Software\Classes\pezfile]

     [-HKEY_CLASSES_ROOT\sezfile]

     [-HKEY_CURRENT_USER\Software\Classes\sezfile]

     [-HKEY_CLASSES_ROOT\ah]

     [-HKEY_CURRENT_USER\Software\Classes\ah]

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
     @=”firefox.exe”

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
     @=”firefox.exe”

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
     @=”iexplore.exe”

     B.THIS IS VERY IMPORTANT! Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)

     C. Double-click on fix.reg file to run it. Click “Yes” for Registry Editor prompt window. Then click OK.

     NEXT,follow the guide to remove the malicious file from your computer.
     Good luck!

458. Thanks, worked perfectly!

459. hi. i cant get past step 3. when i try to dowload the registryfix.reg file it says my security settings wont let me download the file. What should i do?

460. Hello,
     Please follow the below steps…

     STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove all the detected threats.

     STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
     1.Download any re-named version of Rkill (direct download links bellow):
     RKILL DOWNLOAD LINK #1
     RKILL DOWNLOAD LINK #2
     RKILL DOWNLOAD LINK #3
     2.Next,please perform a scan with Malwarebytes as seen on the guide.

     ---

     STEP 3. Run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

     Waiting for your reply to tell me how everything is working.. :) Good luck!

461. I can’t really tell you without running some checkups…You can try to reset to its default settings ( http://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems) or uninstall and then re-install Firefox…. This should fix it. :D

462. Thanks for your help! I almost bought the software the virus told me I needed because I could not do a restore or go online or anything. I do have a question though:

     How come I could not download any of the fixes with firefox (even after I disabled the proxy server), but internet explorer let me download them all without any problems?

463. Stelian,

     Thank you so much for your willingness to share your knowledge and save alot of people alot of money! Your generousity is most appreciated and may God bless you, your business, and your effort! You exemplify being “your brothers’ keeper”!

     God Bless You and thank you, again!

464. Thank you so much for this. I was worried I wasnt going to be able to use my laptop again, and would have to buy a new one. Thank God for people like you!

465. So, I downloaded the Rkill and run it. However, it finished way too fast and terminate nothing when the log appeared. I tried to download different versions of Rkill, but they gave me the same result. Help please!

466. Yes,now dont need to go into Safe Mode,just go ahead and no everything in Normal Mode…. Good luck!

467. If you remove all the detected infection by HitmanPro and Malwarebytes , you should be OK.However if you want to perform another check, you can use ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

468. This Guide is a gem! Thanks Stelian!

469. Thank you so much for taking the time to post all this! I was so scared to get the LSP virus, and it took a lot of convincing to follow the steps here (and not accidentally download another virus) but if I had read the comments I would have known better. And this really cleared things up quickly and easily. Can’t thank you enough!

470. I just can’t express my HUGE thanks to you!Tried so musch useless things to get rid ot that crap when I finally found this through my mobile,because LSP didn’t allow me to use any browser.I followed the guide and it did the job,but the only thing that was not like in the guide was to get clean in Normal Mode,I wasn’t able to connect to LAN in SM with Networking .. some error appeared all the time. Is that gonna have any influence and may I be still infected in some way,although Malware Bytes and HitmanPro says there are no threats?

471. May God richly bless you for helping others…thx

472. Also I tried the key code it worked and I can acres the net without having to do step 2. Can I go to step 3 and so forth without my computer on safe mode?

473. I can’t get to that reboot menu. I hold and even tried clicking f8 but nothing happens. I have a Windows Vista home premium dell studio 15 laptop ?

474. I can’t believe how easy your step by step instructions were to follow for “this computer dummy”. I am eternally grateful that there are still great people out there like you willing to help the “little people” who need it without charging an arm and a leg! A MILLION THANKS TO YOU :)

475. thank you so much for your clear and useful guide.
     this virus has annoying my little bro. three days…(and he annoyed me as well)
     i checked in yahoo and the suggestion i tried isn’t work, then i turn into yours, and it works!

     although the step is a bit complicated for me (girl) , but i finally kill the virus, thanks!

476. Awesome tip, thank you so much for the help!

477. 1.Create and run your registryfix.reg

     A.Copy all the text in bold below and paste to Notepad/Text Document

     Windows Registry Editor Version 5.00

     [-HKEY_CLASSES_ROOT\.exe\shell]

     [-HKEY_CLASSES_ROOT\.exe\DefaultIcon]

     [HKEY_CLASSES_ROOT\.exe]
     @=”exefile”

     [HKEY_CLASSES_ROOT\exefile]
     “Content Type”=-

     [HKEY_CLASSES_ROOT\exefile\shell\open\command]
     @=”\”%1\” %*”
     “IsolatedCommand”=-

     [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
     “IsolatedCommand”=-

     [HKEY_CLASSES_ROOT\.bat]
     @=”batfile”

     [HKEY_CLASSES_ROOT\batfile\shell\open\command]
     @=”\”%1\” %*”

     [-HKEY_CURRENT_USER\SOFTWARE\Classes\.exe]

     [-HKEY_CURRENT_USER\Software\Classes\exefile]

     [-HKEY_CLASSES_ROOT\secfile]

     [-HKEY_CURRENT_USER\Software\Classes\secfile]

     [-HKEY_CLASSES_ROOT\pezfile]

     [-HKEY_CURRENT_USER\Software\Classes\pezfile]

     [-HKEY_CLASSES_ROOT\sezfile]

     [-HKEY_CURRENT_USER\Software\Classes\sezfile]

     [-HKEY_CLASSES_ROOT\ah]

     [-HKEY_CURRENT_USER\Software\Classes\ah]

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
     @=”firefox.exe”

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
     @=”firefox.exe”

     [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
     @=”iexplore.exe”

     B.THIS IS VERY IMPORTANT! Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)

     C. Double-click on fix.reg file to run it. Click “Yes” for Registry Editor prompt window. Then click OK.

     NEXT,

     1.Download any re-named version of Rkill (direct download links bellow):
     http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
     http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
     http://download.bleepingcomputer.com/grinler/rkill.scr

     2.Next,follow the guide starting with the Malwarebytes scan as seen on the guide.

478. have the virus, vcan not use registryfix.reg no where to be found when imputted on internet. Other websites come up! Did something change?

479. You’ve most likely chosen to scan your computer at start up with HitmanPro …that’s why you see that icon in the system tray!:)
     I would suggest that you replace Sophos Antivirus with Avast 7 FREE because is so much better when it comes to preventing malware.

480. Stelian, Thank you so much! I followed your recommendations step by step, and even ran ESET Online Scanner, and my computer is working again. Live Security Platinum is a nasty bug to get rid of! I do have one question: I noticed that my desktop icons for both Malwarebytes and HitmanPro have the blue and gold shield in the bottom right hand corner. Is this normal or am I somehow still infected? I have Sophos Antivirus and nothing is showing up in any scans.

481. Dear Stelian,

     I realy appriciate your guide. I have followed the guide, and had successfuly removed the Lifesecurity Viras. Thanks god, you are my life saver !

     I could not express my deep thanks to your great work and great help. The guid is very pricise and in detail, easy to understand, easy to follow up.

     Only one suggestion: for many dowload, you have a buton there, but I could not push that button, because I am on different files, I do need to copy the actual web address, so it is better to put the web address there for people to copy.

     Thanks in millions.

     Best regards,
     Thomas Song from Quebec, Canada

482. Many many thanks!!!!

483. Thanks Stelian. Worked like a charm. :)

484. Stelian,

     You are a lifesaver…..I contracted a strong case of the LSP and followed your instructions to the letter…THANK YOU VERY MUCH….What part of the world are you in….if you were in San Diego I would highly recommend you.

485. Hello,
     Go to the Add or Remove Programs section on Windows and remove this programs (Apart from that Babylon Search –removal guide here– I have never heard of them but they are need it).
     Next,lets make some further check-ups:
     1.Run a scan with Kaspersky Virus Removal Tool
     Click here to download the Kaspersky Virus Removal Tool.

     1. Save it to your desktop.
     2. Double click the setup file to run it.
     3. Follow the onscreen prompts until it is installed
     4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
        • System Memory
        • Hidden startup objects
        • Disk boot sectors
        • Local Disk (C:)
        • Also any other drives (Removable that you may have)
     5. Then click on Actions on the left hand side
     6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
     7. Click on Automatic Scan
     8. Now click the Start Scanning button, to run the scan
     9. After the scan is complete, click the reports button (‘Paper icon’, next to the ‘cog’ icon) on the right hand side
     10. Click Detected threats on the left
     11. Now click the Save button, and save it as kaslog.txt to your Desktop
     12. Please copy and paste the contents of kaslog.txt in your next reply.

     ---

     2.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

486. Thank you Stelian for the guide, I followed all the steps one of which included downloading the other versions of RKill link which I woefully did. The program was called JDownloader Manager or smth like this which tended to open some Babylon Search when I would start IE. :( I seem to have uninstalled both babylon and downloader manager and ran hitman but I keep getting prompts if I trust ActiveMail Com Server every time I try to open IE :( please help

487. YES, of course you need to remove this infection…Just follow the guide… :)

488. Got everything working and cleaned. Thanks to all who helped out.

     One piece of advice, when using Tweaking.com – Windows Repair (all-in-one) file, be careful when using ComboFix, which is one of the recommended Malware programs unless you know what you are doing. Could cause problems.

     It took a lot of work and time, but computer is running smoothly. Happy camper (still don’t like malware and virus programmers with a passion though). :)

     Thanks again!

489. THAT’S WHAT I’M ASKING, DO YOU THINK I SHOULD ???

490. Thank you so much! Lengthy process but it did the trick.. what an annoying piece of crap that was!

491. Thank a lot! Everything is working!

492. Good to hear that you manage to avoid this …. Never pay for a product that requests money for removal.. :D

493. Hello,
     Did you follow the guide?Did you scan with the recommended software?

494. WHEN THIS VIRUS FIRST POPPED UP ON MY SCREEN, I QUICKLY TURNED MY LAPTOP OFF, RESTARTED IT, THEN WENT TO CONTROL PANEL AND UNINSTALLED IT BUT IT STILL THERE AND IN MY START MENU BUT IT’S GONE FROM MY TASKBAR…….IT NEVER POPPED UP ON MY SCREEN AGAIN ( FAKE ALERTS ), AND I’M ABLE TO GET ON THE INTERNET……..WHAT SHOULD I DO ????

495. My father called me over early this morning, Apparently to him i am computer god tech support.
     I saw this virus and had never encountered it, and malware bytes didnt pick it up right away, so I grabbed my laptop and found this. In less than 20 min his computer was like new. And I’m still the computer god. But he did get quite a yelling from me. He was trying to convince me to “buy the software because it will protect his computer” And explaining it was a virus was harder than getting rid of it. Thanks again.

496. Thank God for you! I’m literally about to cry with tears of joy – that’s how happy I am for you saving my laptop. You’ll never know how appreciative I am for your tutorial. THANK YOU THANK YOU THANK YOU!!!

497. The best and easy to follow help on the web.
     Thanks Stelian.

     Steve

498. Hello,
     If you want you can perform a double check with ESET Online Scanner.

     1.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

499. Thank you! Finally got it! Started removal process within minutes of infection……must have been a “drive by”. Had to use HitMan because Malwarebytes did not find anything. Ran several Rkill versions……said computer had been redirected, but never shut down any processes.

500. Thank you so much! Worked like a charm!

501. 1.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     2.Download Windows Repair by Tweaking.com to your desktop.  Use the direct download link for the Portable version of Windows Repair by Tweaking.com

     1. Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com – Windows Repair folder to your desktop.
     2. Now open this folder and double-click Repair_Windows.exe.
     3. Click the Start Repairs tab on the far right.
     4. Click the Start button (bottom right)
        Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
     5. Click Unselect All
     6. Put a checkmark in the following items:
        • Repair Windows Firewall
        • Repair Hosts File
        • Repair Temp Files
        • Remove Policies Set By Infections
        • Set Windows Services To Default Startup

        Note: Leave everything else unchecked

     7. Put a checkmark in Restart System When Finished
     8. Now click the Start button (bottom right)

     3.How is your computer behaving now?
     ‘
     PS. Microsoft Security Essential is good antivirus however Avast 7 Free is so much better :)

502. Thanks for the easy instructions you left for removing the Live Security Platinum. Got most of the bugs out of my system.

     However, I am still having problems with my Microsoft Security Essentials now. I uninstalled the program and re-installed it. Worked initially, but after starting it up again, MSE is having problems with updating and installing any new virus/malware definitions.

     Any advice? Please let me know. Thanks.

503. Thanks Stelian. Your well put together and easy to follow advice has worked a charm. If you ever happen to visit Ireland, let me know and I will repay you with many pints of creamy Guinness. :) Thanks again.

     Tommy, Ireland.

504. Stelian,
     I just wanted to let you know how much I appreciate you and your talents. You didn’t have to post this user friendly tutorial, but you did. ( And we “Non Computer Savoy” Folk thank you) I’m happy that your blog is the first thing that showed up when I performed a Google search. Thanks Again!

505. Thanks so much for the step-by-step directions and the visuals (screenshots). I use my computer nonstop for my job as a teacher, and I hate how much time I waste dealing with issues like this, but I’m so glad there are folks out there like you who are willing to share their knowledge with the rest of us who aren’t quite a tech-savvy.

506. Thanks! This helped

507. My family and I just wanted to say Thank You for helping us. Your guide is easy to follow and removed things that aren’t supposed to be on our PC.
     Thank You
     Family

508. Thank you so much. My 62 year old father got this Virus and it really threw him into a panic as he uses his machine for research, current events and communication all the time. My initial attempts failed to remove this cleverly disguised virus and I found these instructions. Very easy to follow and based on the comments (as recently as today!) I am confident all will be well and I will be able get this machine back to my mom and dad…A couple of years I had to slay the Virtumonde virus for my Dad!

509. Thanks so much for these easy to follow instructions. I was so upset when I realized I had this virus and can’t tell you how relieved I am that I was able to remove myself. I so appreciate you putting this information out there for us.

510. Stelian,

     All these processes worked tremendously. You are a gentleman and a computer scholar. Thanks for the help, and thanks for delivering it in a way that a “know-nothing” like me could understand.
     You da man. :)

511. Thank you for sharing your knowledge and expertise.

     People like you make up for the scumbags that create these viruses.

     These instructions worked perfectly for me.

     Thanks a million.

     G

512. Hello,
     Ok,try to do this…
     STEP 1 : While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. If it start ,let it scan and remove all the detected threats.

     STEP 2: Download/Run Rkill and then run a scan with Malwarebytes.
     1.Download a different named Rkill (direct download links bellow):
     http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
     http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
     http://download.bleepingcomputer.com/grinler/rkill.scr
     2.And then follow the guide starting with the Malwarebytes scan.

     STEP3 : Perform a system scan with Emsisoft Anti-Malware:

     1. Please download the latest official version of Emsisoft Emergency Kit : http://www.emsisoft.de/en/software/eek/
     2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip
        
     3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
        
     4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.

        

        

     5. After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.

        

     6. Select “Smart scan” and click-on the below “SCAN” button.

        

     7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

        

     8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
        Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
        
     9. Emsisoft Emergency Kit will now start removing the malicious files.
        If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.

     If you are still experiencing problems , start a thread in our Malware Removal Support forum : http://malwaretips.com/Forum-Malware-Removal-Assistance

513. Even when in Firefox I turned on no proxy the Internet is super slow and doesn’t work, please I beg you help

514. Please perform a scan with Emsisoft Anti-Malware :

     1. Download the latest official version of Emsisoft Emergency Kit
     2. After the download process will has comleted, you’ll need to unpack EmsisoftEmergencyKit.zip
        
     3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
        
     4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.

        

        

     5. After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.

        

     6. Select “Smart scan” and click-on the below “SCAN” button.

        

     7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

        

     8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
        Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
        
     9. Emsisoft Emergency Kit will now start removing the malicious files.

515. Oops, I forgot to include steps for removing the file pointed to by the shortcut. Here are the complete steps:

     1. Click on the Windows icon at the lower left corner of the desktop to bring up the Start Menu.
     2. Locate Live Security Platinum entry. In my case, it was a folder. In your case, it may be a file. Or it may not be there, in which case you may not have the executable on your computer.
     3. Whether it is a file or folder, right-click on it. Do NOT left-click it!
     4. In the pop-up menu, select Properties.
     5. Go to the location shown in the Target box by using Windows Explorer. Let’s call this location A. Be very careful to not execute (e.g. left-click or doubleclick) any file at that location.
     a. If it is a folder, open it.
     b. Right-click on the file.
     c. Select Properties in the popup menu. Go to the location shown in the Target box. Don’t left-click or doubleclick on any file found at that location.
     e. At the location, you may see many files. Delete only the one pointed to by the Target box.
     6. Go back to the location A (found via the first Target box in Step 5 above) and delete everything that you see there. In my case, it was just one folder, so it was very simple for me to remove it. This will cause Live Security Platinum entry to be removed from the Windows Start menu.
     7. Go to the Recycle Bin and delete permanently.

516. Thanks for the help in removing the infection. However, there was one more thing that was not removed by Malwarebytes and Hitman Pro. After you run both programs, you should check to see if Live Security Platinum is in the Windows Start menu. In my case, it was still there, with the shortcut pointing to a file identified by Windows as an executable. I, of course, was very careful to not cause that file to execute. To check for that file and to remove it, I did the following:

     1. Click on the Windows icon at the lower left corner of the desktop to bring up the Start Menu.
     2. Locate Live Security Platinum entry. In my case, it was a folder. In your case, it may be a file. Or it may not be there, in which case you may not have the executable on your computer.
     3. Whether it is a file or folder, right-click on it. Do NOT left-click it!
     4. In the pop-up menu, select Properties.
     5. Go to the location shown in the Target box by using Windows Explorer. Be very careful not to doubleclick on anything at that location.
     6. Delete everything located at the Target location. In my case, it was just one folder, so it was very simple for me to remove it.
     7. Go to the Recycle Bin and delete permanently.

517. I just want to add to my above post : – When I first saw the Live Security platinum – I went to control panel and un installed it. Then I started Avira Antivir scan to check if any infections were there. My comp seemed working fine. But after sometime – it was acting crazy. So I started the process described by you.

518. Hi Stelian

     I was trying to use the above steps you mentioned – today morning when I found my laptop(windows Vista) was infected.

     But I found the following issues – can u please suggest me something

     1} First when I tried to use reg fix it did open – the error message was -> cannot import C:\Users\2nd User\Desktop\registryfix.reg: Not all data was successfully written to the registry. Some keys are open by registry or other processes.

     2} I proceeded to Rkil anyway – And it completed.

     3} MalwareBytes – When I tried to run this in safe mode – Full system scan – my system started to power off after 15 mins or so. (This power off is now happening at other times as well – like when I am just using the PC for editing a excel file or any other usage) Coming back to Malware bytes – I tried to do a Quick scan – and it found 12 infected files – so I selected remove all – And it immediately asked me to restart. After restarting I ran MWB again – this time there were 11 infections instead of 12.

     I read the scan log and manually deleted about 7 of the files.
     The remaining four infected files – 3 registry entries and 1 trojan – I tried to delete – but they did not delete. And the MWB was also not able to delete them.

     4} Then I came back to normal mode and ran hitman pro. It found 1 infected file and four cookies. It removed them ( I think it did) . Then I ran hit man pro. This time no infections were detected. I am just finished the second scan.

     Can you please advise me. I am pasting below the scan log of malware bytes

     Scan type: Quick scan
     Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
     Scan options disabled: P2P
     Objects scanned: 158625
     Time elapsed: 5 minute(s), 29 second(s)

     Memory Processes Detected: 0
     (No malicious items detected)

     Memory Modules Detected: 0
     (No malicious items detected)

     Registry Keys Detected: 2
     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
     HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> No action taken.

     Registry Values Detected: 1
     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> Delete on reboot.

     Registry Data Items Detected: 0
     (No malicious items detected)

     Folders Detected: 0
     (No malicious items detected)

     Files Detected: 1
     C:\WINDOWS\System32\grpconv.exe (Trojan.Agent.Gen) -> Delete on reboot.

519. OMG thank you smart computer person! i totaly developed some white hairs when my computer freaked on me. But now it works rock on nerd rock on.

520. many thanks!

521. HUGE THANKS!!!

522. Thank yoU!You are awesome!
     Everything worked great!!You saved my computer!

523. Hello,
     1.Did you install HitmanPro on your computer or you’ve just selected to perform a one time scan???
     Please uninstall HitmanPro and then download and install the build according to your operating system:
     Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit) < < x86 - http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit) << x64 2.Also please run again a scan with Malwarebytes Anti-Malware. 3.Lets try to remove the infection with another software:

     1. Download the latest official version of Emsisoft Emergency Kit
     2. After the download process will has comleted, you’ll need to unpack EmsisoftEmergencyKit.zip
        
     3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
        
     4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.

        

        

     5. After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.

        

     6. Select “Smart scan” and click-on the below “SCAN” button.

        

     7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

        

     8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
        Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
        
     9. Emsisoft Emergency Kit will now start removing the malicious files.
        If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.

     NEXT,install again HitmanPro and perform another scan,this time however write down the path of the infection so that we may remove them manually!
     I’ll wait for your reply and help you remove them!:)

524. wow im finally clean someohow (and i think it wa sfrom java update) had 2 trojans severe that went to 4 then 5 then 15 (all Sirefef trojans) !!!!..got rid ogf them al hitmanpro didnthelp much bu tthat kaspersky disk 10 did

     Then I had a Blachole trojan severe and finally a Java exploit severe

     Im finally cleannnnnnnnnnn !!!!!!!!!!!!!

     few days ago I coudlhave cliamed I wa sclean but couldnt be sure today i am sure

     THank you Thank You :)

     Gary

525. Looks like things worked well. Hitman did find things that MWB did not, however it did not have a 30 day trial. Only options were to purchase or cancel.

526. Stelian

     You deserve a medal for this advise.
     Not being that great with systems i was fearing teh worst as this fake security software seemed to have taken route on my new lappy – so much for Trend Micro secrurity !

     The process worked realyy well and after about 3 hours of nail biting acyivity my lappy seems to be happy and working fine again.

     The malware only found 2 problems but Hitman Pro discovered all sorts – I am truly considering buying it now thanks to your advsie. (please note this is not a sales note – I am a genuine user who is pleased to have found this blog).

527. You should be commended for your procedure in removing this malware. It worked just as described and my pc is mine again. Thanks for saving me $$$!

528. Stay safe Lorenzo!

529. Hello Stelian,
     the instruction to remove this malware were very useful for me and now my pc is working again!

     Thank you very much!!!

     Sincerely,

     Lorenzo

530. Olá FELIPE! Fique seguro!

531. Thank you. You saved my wife’s computer and mine also.
     ///
     Muito Obrigado. Você salvou o computador da minha mulher e a mina também.

532. Hi Stelian

     Inever gave it my credit card details but hitmanpro found a few things but one it kept..anyways I had a lot of trouble and a system restore helped a bit or so i thought but it kept on coming back…i used a fix vista disk that i happened to have from a different computer

     In total ran lot of scans and about 20 hours later I think im clean

     Thanks for your help aagin:)

     Gary

533. Excellent guide! This and sOme other threats where removed!!

534. Regarding the ‘Ukash’ message, It’s a scam and you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus!!
     Here is a common removal guide for this virus : http://malwaretips.com/blogs/remove-metropolitan-police/

     Again , contact your credit card company and dispute the charge stating that the program is a scam and a computer virus!!

535. Stay safe!!:D

536. Hi Stelian, Your procedure worked perfectly! Thank You!

537. Thank you …I was installing an adobe update then java update (from a website) and all hell broke loose…I got a message i had child porn and zoo somehting or other on my compyter and that the police had locked my computer and I had topay £100 to ukash

     I think its all fixed now thanks to you :) I do appreciate it

     Cheers GAry ps obv no porn on my computer

538. Thanks alot bud, the HitmanPro trial scan at the end was much needed on mine, found 12 infection that MWB didnt find! :)

     Thanks alot!