Live Security Platinum is a malicious program also known as rogue security software, which will display fake security alerts in an attempt to scare you into buying this fake security product.
In addition, Live Security Platinum has also hijacked your PC,blocking your from running files,so now when your trying to open and executable file (file ending with .exe), this program will instead display this fake alerts:
Warning!
Application cannot be executed. The file rdpclip.exe is infected. Please active your antivirus software.
Security Monitor: WARNING!
Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk.
To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
Click Yes to download official intrusion detection system (IDS software).
Live Security Platinum Warning Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla FireFox, Outlook and other programs. Click here to remove it immediately with Live Security Platinum
Live Security Platinum Firewall Alert Live Security Platinum Firewall has blocked a program from accessing the Internet. Internet Explorer Internet Browser is infected with SVCHOST.Stealth.Key-logger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remove host
Live Security Platinum will also cause malicious browser redirects and system slowdowns so it needs to be removed from your computer as soon as possible.
This is are a few images of Live Security Platinum:
![[Image: Live Security Platinum virus]](http://malwaretips.com/blogs/wp-content/uploads/2012/06/Live-Security-Platinum.png "Live Security Platinum")
![[Image: Live Security Platinum Alert]](http://malwaretips.com/blogs/wp-content/uploads/2012/06/Live-Security-Platinum-alert1.png "Live Security Platinum fake alert")
![[Image: Live Security Platinum Warning]](http://malwaretips.com/blogs/wp-content/uploads/2012/06/Live-Security-Platinum-warning1.png "Live Security Platinum fake warning")
Registration codes for Live Security Platinum
As an optional step,you can use the following license key to register Live Security Platinum and stop the fake alerts.
AA39754E-715219CE
Please keep in mind that entering the above registration code will NOT remove Live Security Platinum from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.
Live Security Platinum Removal Guide
STEP 1 : Start your computer in Safe Mode with Networking
- Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
- Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen. - On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
![[Image: Safemode.jpg]](//malwaretips.com/images/removalguide/safemode.jpg "Safe Mode with Networking screen")
![[Image: Safemode.jpg]](http://malwaretips.com/images/removalguide/safemode.jpg "Safe Mode with Networking screen")
STEP 2: Remove Live Security Platinum malicious proxy server
Live Security Platinum may add a proxy server which prevents the user from accessing the internet,follow the below instructions to remove the proxy.
- Start the Internet Explorer browser and if you are using Internet Explorer 9 ,click on the gear icon
![[Image: IE gear icon]](//malwaretips.com/images/removalguide/icongear.jpg "Gear Icon")
(Tools for Internet Explorer 8 users) ,then select Internet Options.
![[Image: Internet-options-IE.png]](//malwaretips.com/images/removalguide/ie1.png "Internet Options in IE")
- Go to the tab Connections.At the bottom, click on LAN settings.
![[Image: Remove-proxy-server2.png]](//malwaretips.com/images/removalguide/ie2.png "Connections tab in Internet Explorer")
- Uncheck the option Use a proxy server for your LAN. This should remove the malicious proxy server and allow you to use the internet again.
![[Image: Remove-proxy-server3.png]](//malwaretips.com/images/removalguide/ie3.png "Uncheck the option Use a proxy server for your LAN")
![[Image: IE gear icon]](http://malwaretips.com/images/removalguide/icongear.jpg "Gear Icon"){kind=small}
(Tools for Internet Explorer 8 users) ,then select Internet Options.![[Image: Internet-options-IE.png]](http://malwaretips.com/images/removalguide/ie1.png "Internet Options in IE")
![[Image: Remove-proxy-server2.png]](http://malwaretips.com/images/removalguide/ie2.png "Connections tab in Internet Explorer")
![[Image: Remove-proxy-server3.png]](http://malwaretips.com/images/removalguide/ie3.png "Uncheck the option Use a proxy server for your LAN")
If you are a Firefox users, go to Firefox(upper left corner) → Options → Advanced tab → Network → Settings → Select No Proxy
STEP 3: Repair your Windows Registry from Live Security Platinum malicious changes.
Smart Fortress 2012 has changed your Windows registry settings so that when you try to run a executable file (ending with .exe ) , it will instead launch the infection rather than the desired program.
- Download the registryfix.reg file to fix the malicious registry changes from Live Security Platinum.
REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called registryfix.reg) - Double-click on registryfix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.
![[Image: fix registry]](//malwaretips.com/blogs/wp-content/uploads/2011/12/registry.png "Remove Live Security Platinum (Uninstall Guide) 1")
![[Image: fix registry]](http://malwaretips.com/blogs/wp-content/uploads/2011/12/registry.png "Remove Live Security Platinum (Uninstall Guide) 1")
STEP 4: Run RKill to terminate known malware processes associated with Live Security Platinum.
RKill is a program that will attempt to terminate all malicious processes associated with Live Security Platinum,so that we will be able to perform the next step without being interrupted by this malicious software.
Because this utility will only stop Live Security Platinum running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.
- While your computer is in Safe Mode with Networking ,please download the latest official version of RKill.Please note that we will use a renamed version of RKILL so that Live Security Platinum won’t block this utility from running.
RKILL DOWNLOAD LINK (This link will automatically download RKILL renamed as iExplore.exe) - Double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Live Security Platinum.
![[Image: run-rkill-1.png]](//malwaretips.com/images/removalguide/rkill1.png "RKILL ICON")
- RKill will now start working in the background, please be patient while the program looks for various malware programs and tries to terminate them.
![[Image: run-rkill-2.png]](//malwaretips.com/images/removalguide/rkill2.png "RKILL Command prompt")
IF you are having problems starting or running RKill, you can download any other renamed versions of RKill from here. - When Rkill has completed its task, it will generate a log. You can then proceed with the rest of the guide.
![[Image: Live Security Platinum rkill3.jpg]](//malwaretips.com/images/removalguide/rkill3.png "RKILL LOG")
![[Image: run-rkill-1.png]](http://malwaretips.com/images/removalguide/rkill1.png "RKILL ICON")
![[Image: run-rkill-2.png]](http://malwaretips.com/images/removalguide/rkill2.png "RKILL Command prompt")
![[Image: Live Security Platinum rkill3.jpg]](http://malwaretips.com/images/removalguide/rkill3.png "RKILL LOG")
WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.
STEP 5: Remove Live Security Platinum malicious files with Malwarebytes Anti-Malware FREE
- Download the latest official version of Malwarebytes Anti-Malware FREE.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free) - Start the Malwarebytes’ Anti-Malware installation process by double clicking on mbam-setup file.
![[Image: Malwarebytes Installer]](//malwaretips.com/images/removalguide/malwarebytes-setup.png "Malwarebytes Anti-Malware Installer")
- When the installation begins, keep following the prompts in order to continue with the setup process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button. If Malwarebytes’ prompts you to reboot, please do not do so.
![[Image: Finishing Malwarebytes installation]](//malwaretips.com/images/removalguide/update-malwarebytes.png "Malwarebytes last setup screen")
- Malwarebytes Anti-Malware will now start and you’ll be prompted to start a trial period , please select ‘Decline‘ as we just want to use the on-demand scanner.
![[Image: Decline Malwarebytes trial]](//malwaretips.com/images/removalguide/mbam3.PNG "Decline trial period in Malwarebytes Anti-Malware")
- On the Scanner tab,select Perform full scan and then click on the Scanbutton to start scanning your computer.
![[Image: Starting a full system sca]](//malwaretips.com/images/removalguide/start-scan-malwarebytes.png "Perform a Full System Scan with Malwarebytes Anti-Malware")
- Malwarebytes’ Anti-Malware will now start scanning your computer for Live Security Platinum malicious files as shown below.
![[Image: Malwarebytes scanning for malicious files]](//malwaretips.com/images/removalguide/scan-malwarebytes.png "Malwarebytes Anti-Malware scanning for Live Security Platinum")
- When the scan is finished a message box will appear, click OK to continue.
![[Image: Malwarebytes scan results]](//malwaretips.com/images/removalguide/results-malwarebytes.png "Malwarebytes when the system scan has finished")
- You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selectedbutton.
![[Image: Infections found by Malwarebytes]](//malwaretips.com/images/removalguide/detection-malwarebytes.png "Removing the infections found by Malwarebytes")
- Malwarebytes’ Anti-Malware will now start removing the malicious files.After completing this task it will display a message stating that it needs to reboot,please allow this request and then let your PC boot in Normal mode.
![[Image: Malwarebytes Installer]](http://malwaretips.com/images/removalguide/malwarebytes-setup.png "Malwarebytes Anti-Malware Installer")
![[Image: Finishing Malwarebytes installation]](http://malwaretips.com/images/removalguide/update-malwarebytes.png "Malwarebytes last setup screen")
![[Image: Decline Malwarebytes trial]](http://malwaretips.com/images/removalguide/mbam3.PNG "Decline trial period in Malwarebytes Anti-Malware")
![[Image: Starting a full system sca]](http://malwaretips.com/images/removalguide/start-scan-malwarebytes.png "Perform a Full System Scan with Malwarebytes Anti-Malware")
![[Image: Malwarebytes scanning for malicious files]](http://malwaretips.com/images/removalguide/scan-malwarebytes.png "Malwarebytes Anti-Malware scanning for Live Security Platinum")
![[Image: Malwarebytes scan results]](http://malwaretips.com/images/removalguide/results-malwarebytes.png "Malwarebytes when the system scan has finished")
![[Image: Infections found by Malwarebytes]](http://malwaretips.com/images/removalguide/detection-malwarebytes.png "Removing the infections found by Malwarebytes")
STEP 6: Double check your system for any left over infections with HitmanPro
- This step can be performed in Normal Mode ,so please download the latest official version of HitmanPro.
HITMANPRO DOWNLOAD LINK(This link will open a download page in a new window from where you can download HitmanPro) - Double click on the previously downloaded fileto start the HitmanPro installation.
![[Image: hitmanpro-icon.png]](//malwaretips.com/images/removalguide/hpro1.png "HitmanPro Installer")
IF you are experiencing problems while trying to starting HitmanPro, you can use the “Force Breach” mode.To start this program in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video) - Click on Next to install HitmanPro on your system.
![[Image: installing-hitmanpro.png]](//malwaretips.com/images/removalguide/hpro2.png "HitmanPro installation process")
- The setup screen is displayed, from which you can decide whether you wish to install HitmanPro on your machine or just perform a one-time scan, select a option then click on Next to start a system scan.
![[Image: hitmanpro-setup-options.png]](//malwaretips.com/images/removalguide/hpro3.png "HitmanPro setup options")
- HitmanPro will start scanning your system for malicious files. Depending on the size of your hard drive, and the performance of your computer, this step will take several minutes.
![[Image: hitmanpro-scanning.png]](//malwaretips.com/images/removalguide/hpro4.png "HitmanPro scanning for Live Security Platinum")
- Once the scan is complete,a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click Next.
![[Image: hitmanpro-scan-results.png]](//malwaretips.com/images/removalguide/hpro5.png "HitmanPro Live Security Platinum scan results")
- Click Activate free license to start the free 30 days trial and remove the malicious files.
![[Image: hitmanpro-activation.png]](//malwaretips.com/images/removalguide/hpro6.png "Activate HitmanPro free license to remove detected infections")
- HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
![[Image: hitmanpro-icon.png]](http://malwaretips.com/images/removalguide/hpro1.png "HitmanPro Installer")
![[Image: installing-hitmanpro.png]](http://malwaretips.com/images/removalguide/hpro2.png "HitmanPro installation process")
![[Image: hitmanpro-setup-options.png]](http://malwaretips.com/images/removalguide/hpro3.png "HitmanPro setup options")
![[Image: hitmanpro-scanning.png]](http://malwaretips.com/images/removalguide/hpro4.png "HitmanPro scanning for Live Security Platinum")
![[Image: hitmanpro-scan-results.png]](http://malwaretips.com/images/removalguide/hpro5.png "HitmanPro Live Security Platinum scan results")
![[Image: hitmanpro-activation.png]](http://malwaretips.com/images/removalguide/hpro6.png "Activate HitmanPro free license to remove detected infections")
STEP 7: Remove any left over malicious registry keys and files
Live Security Platinum has sadded some malicious registry keys to your Windows installation , to remove this malicious changes we need to run a scan with RogueKiller
- Please download the latest official version of RogueKiller.
ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer) - Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
- After the scan has completed, press the Delete button to remove any malicious registry keys.
- Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
If I enter the code registration code would I still be able to delete it once I do all the steps?
Hello Angel,
Yes,even after you’ve enter the activation code ,you will still need to remove this infection!….
Hi Stelian. You helped me get rid of the Live Security Platinum Virus about 2 and a half weeks ago. As I was looking through my files on my computer, I found a folder in Local Disc (C:) called ‘Qoobox’, which has in it a ComboFix quarantine log and a Quarantine folder that has .vir files. Can I delete them? Isn’t that the virus files?
Also, can I delete Malwarebytes from my computer? Can I remove HitmanPro, iExplorer, registryfix, ESET, and Kaspersky setup?
Hello Magnus,
You computer is safe,Qoobox is just the quarantine folder of Combofix…… so you can delete it.
Please uninstall Combofix:
Delete the following folders: (If they exist)
C:\ComboFix
C:\Qoobox
Next,you can uninstall all the files that we’ve used in the Malware Removal Process… Stay safe!
Thankyou so much for your how to on this little bug. I got this virus just after accepting a conformation of adobe flash update. I disregarded any concerns because three of my other office computers all had an update for adobe.
Again many thanks for your effort in providing a very easy walk through :)
I’ve come across a problem at step 4. I use the Rkill, which you say I shouldn’t reboot once it’s done, but the program will restart my computer without any choice. Is there a way to stop this?
Hello Matt,
Can you please follow the below steps:
strong>STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
[b]RogueKiller Download Link[/b] (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Hi – I tried all 12 files of Malware Chameleon and while a MS-DOS command window opened in each, it indicated that a protective driver was missing and it needed a reboot to install that. Once a reboot occured (I tried both safe and normal modes), 2 error messages popped up related to a path not being found after which nothing happened. Can you please help?
Hello Aasheesh Chhiber,
Can you please run a scan with Combofix and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Next,please run HitmanPro and Malwarebytes as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Thank you so much! Your steps worked perfectly!
Hi Stelian,
I have tried the RKill but it didn’t work so I proceeded to ran the combofix and it seems successfully deleted “something” (I am not sure) so I paste the combofix log as follows:
c:\programdata\Windows
c:\programdata\Windows\ccdxmmde.dat
c:\programdata\Windows\drss.dat
c:\programdata\Windows\xessmsxe.dat
c:\users\dinah yunitawati\AppData\Roaming\Ceufo
c:\users\dinah yunitawati\AppData\Roaming\Ceufo\uroc.gaw
c:\users\dinah yunitawati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\dinah yunitawati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\users\dinah yunitawati\AppData\Roaming\mscre.dll
c:\users\dinah yunitawati\Desktop\Live Security Platinum.lnk
c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@
c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U0000001.@
c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000000.@
c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\800000cb.@
F:\install.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from – c:\32788r22fwjfw\HarddiskVolumeShadowCopy3_!Windows!System32!services.exe
However, when I tried to run the Malwarebytes, I didn’t get any Internet connections and I tried Complete Internet Repair utility and still I can’t connect to the internet. any other ways to fix my laptop? Appreciated much.Thanks.
PS: a bit background info for you, hope it’s helping you to analyze my problem :P : My OS is Win 7 Premium, Laptop Dell Inspiron 13R; I can’t enter BIOS and Safe Mode by pressing F8, the latter only worked through msconfig when I don’t connect to the internet.
While in Normal Mode, can you connect to the Internet?
Also what type of internet connection do you have?
You pretty much saved the day.
Hello,
Thank you so much for the instructions!
I have one minor problem though.
After Step 5 (Running Malwarebytes Anti-Malware) and restarting my lap top I can’t access internet. This is strange, since my network setting say that I am connected. McAffee says that I don’t have any problems also.
Could you please help?
Thanks.
Hello,
Lets try to see if we can fix this :
Get a USB stick and copy on it Combofix, then transfer it to the infected computer and perform the following steps:
Please read and follow all the steps very carefully.
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
Please add the log that Combofix will produce in your next reply.
STEP 2 : Download and run the Complete Internet Repair utility.
1.Download Complete Internet Repair utilityto your desktop
2.Unzip all the files to their own folder on the desktop
3.Within the folder double click CIntRep
4.Select the following items,then press the GO button.
Let me know if this fixed the problem…
Thank you very much!
You saved my computer.
Should I still run Hitman Pro? I couldn’t since I was disconnected from the internet.
Thank you again!
Great!
Now, please follow the below steps:
Step 1: Run a scan with RogueKiller
[b]RogueKiller Download Link[/b] (This link will automatically download RogueKiller on your computer)
The report has been created on the desktop.In your next reply please post:
[b]All RKreport.txt [/b] text files located on your desktop.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is working…
It seems like that everything is working perfectly,
Thank you!
Wow. You are a life saver. I can’t believe I was able to follow someone instructions and actually perform all the steps without complications (as what usually happens because either it is a step by step video on youtube or elsewhere which goes too quickly and you constantly have to pause, or they miss a step in written instructions and things don’t work out). I should send you some money because I would have had to taken my laptop somewhere to get it fixed.
Hello Pranav,
I’m happy that you manage to remove this infection…AND you DON’T need to send me any money… Just stay safe and have an awesome life… :D
Hi Stelian,
Thanks for the great tutorial. I’m bookmarking this site in case something like this happens in the future. I was able to get through all the steps and get rid of the malware. But, when I opened back up in Regular mode and downloaded Hitman Pro I see that at some point (probably when we had another virus) my husband has already used a 30 day trial of Hitman Pro. So, while it did let me do a scan (and found several Trojan, Virus, etc. files that no other program has found) I cannot remove them since I can’t activate a free trial (and don’t really want to spend $20 on it since I’m not currently working. Is there another program I can run that may have better luck finding these files (Malwarebytes isn’t finding them, neither is AVG or Avira Anti-Vir). Thanks in advance for your help!
Shelly
Hello Shelly,
Can you please run a scan with Combofix and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Thanks Bro… :)
I followed your guide exactly how it was written, even your further replies to other people’s posts. I can run Eset and hitman pro when I am in safemode, when I am in normal mode it says I am not connected to the internet. However, I can access the internet via IE but not Mozilla. I set the proxy settings exactly how you said to do them. In safe mode Mozilla runs perfectly fine, the issue is when I get into normal mode when things start to mess up.
Thank you for this guide, any and all further help would be appreciated.
Hello John,
Please read and follow all the steps very carefully.
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
Next, please post the log back here and let me know how things are running.
I have the same problem. I only got connection with docp, when i put in the ip adress manually, the computer dont got connection.
Please run a Combofix scan and post the log here!…
Good luck!
Hi Stelian. I tried following the instructions but I can’t get past the rkill.exe stage. When rkill.exe runs, I get a dialogue box saying the computer has to restart. I have no choice in this matter and the computer restarts in a minute or so. There is clearly a problem with services.exe because it gets terminated in the rkill log, and AVG keeps telling me it’s a trojan about every hour. AVG does not give the choice to remove it. Only to ignore it.
So how do I fix services.exe, and how do I run rkill.exe without it automatically rebooting the computer?
Hello,
Please read and follow all the steps very carefully.
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
2.Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
3.Please perform a scan with HitmanPro as seen on the guide.
4.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
I downloaded ComboFix onto the desktop, renaming it Combo-Fix. When I run it, it extracts a lot of files and then closes. I get no further prompts or anything. I’m just back at the desktop like nothing happened. There is no new program in my start menu or anything. What should I do?
Can you please run Malwarebytes Chameleon and then do the Combofix scan….You have the instructions in my previous post.
All right, I have everything working again. I had to restart my computer and Combo Fix decided to work that time. I had to be patient and give it some time to work. Whatever infected me really slowed things down. Combo Fix patched up services.exe which was great. MalwareBytes found some things, and HitmanPro found a lot of trackers and stuff embedded into Firefox. My internet was taking forever to load websites and I suppose that was the cure. ESET also found a few items. All of this headache from Live Security Platinum.
I browse and open tabs constantly and sometimes don’t take the time to read every pop-up because usually it’s the same stuff like Adobe updates or Java updates or other junk I don’t want to deal with at the moment. I think Live Security Platinum disguised itself as an Adobe update because I had a bad feeling about accidentally clicking on that one.
Anyway, thanks for your sevice to me and everyone else on here! It seems to be impossible to dig up info on services.exe that was written in the last year or so.
Hi again,
Many thanx… everything went well and my security is back on.
You are the modern day Tim Berners-Lee of computer repair :)
I extend my sincerest thanks and gratitude.
Regards,
Steve
Hi
I am reading this on another PC as I cant manage anything from mine.
I will print this and try at my infected PC.
I am not able to back-up or copy any of my data or photos in normal mode or safe mode.
Can I start the process before backing-up or is this risky?
Kind regards
Kobus
Hello Kobus,
If you can’t back-up your files than you can just go on with the instructions…You should be ok…
You can follow this steps:
Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
2.Please perform a scan with HitmanPro as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Hi Stelian,
Thanks very much for creating an excellent tutorial that allowed me to successfully remove the Live Security Platinum malware/virus off my laptop.
With great appreciation
Hal
Thank you very much. ขอบคุณครับ
Thank you very much. You’ve saved my computer and my life :-)
Hi Stelian,
Firstly, thanks for this great advice on the removal of this nasty.
Since using the removal advice though, I can’t seem to turn on my Security in the Security Center… Any ideas would be well appreciated.
Cheers again
Hello Steve,
Lets try to fix this.
First run a scan with RogueKiller:
ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
Next, download Windows Repair All In One and install this utility.
Go to the Startup Repairs tab and click the Start button (bottom right)
Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
Note: Leave everything else unchecked
Let me know everything goes…:D
Hi Stelian, thank you again for taking the time to offer me advice on how to sort out my security issues… However when I tried to run rogue killer and the windows repair all in one my sysyem is advicing that I dont install ” rogue killer and window aio repair is not commonly downloaded and could harm your computer “… What do you advise I do?
Thanks again,
Steve
All the tools that I recommend are safe to use… Just ignore that warning and download and run those files. :)
Hey, the removal process went perfectly however, now my computer has really slowed down and I cant figure out how to remove the rkill from my system. I’ve already tried the steps suggested to another comment about the speed of their machine but, those haven’t helped from what I can tell. Any more advice is greatly appreciated!
Hello,
Can you please run a scan with Combofix and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me if your machine is ok ..
i tried to work in normal mode to go through the chameleon steps but in normal mode i cant use the internet, so i tried to do it in safe mode.. once i tried using the chameleon link a box popped up with files. one had a yellow question mark and the other had the black DOS next to it. i clicked on that one and it said i would have to execute files in order for it to install properly. I clicked execute and it left me with one file, the mbam chameleon. now i dont know what to do..
Hello Peter,
Lets try to see if we can fix this.Can you please run a scan with Combofix.
Please read and follow all the steps very carefully.
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2 : Download and run the Complete Internet Repair utility.
1.Download Complete Internet Repair utilityto your desktop
2.Unzip all the files to their own folder on the desktop
3.Within the folder double click CIntRep
4.Select the following items,then press the GO button.
Let me know if this fixed the problem…
After I run RKill and after it completes my computer automatically shuts down. Is there a way to stop this? My computer tells me it’s going to shut down in 1 minute and there isn’t a cancel button.. Can you help me with this?
Hello Allison,
Lets work in NORMAL MODE to see if we can get around this :
Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
2.Please perform a scan with HitmanPro as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Hello Stelian, I have been trying to overcome this nasty virus for 3 days now and i’ve been able to get it to stop running in normal mode thanks to your advice. But now when I enter normal mode my computer is very slow (also when starting up) and I can maybe use the internet for maybe 5 minutes before it randomly stops responding along with the desktop, making normal mode unusable. I have used almost every scanner available and have been able to remove some of the viruses. I then ran full scans afterwards and have not been able to detect anymore viruses, but i’m not sure what to do next as I cannot use normal mode since my whole desktop will stop responding. I need you’re advice!
Hello,
Hello TJ,
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
Please post the log in your reply and details on how your computer is running.