Live Security Platinum is a malicious program also known as rogue security software, which will display fake security alerts in an attempt to scare you into buying this fake security product.
In addition, Live Security Platinum has also hijacked your PC,blocking your from running files,so now when your trying to open and executable file (file ending with .exe), this program will instead display this fake alerts:
Warning! Application cannot be executed. The file rdpclip.exe is infected. Please active your antivirus software.

Security Monitor: WARNING! Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software. Click Yes to download official intrusion detection system (IDS software).

Live Security Platinum Warning Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla FireFox, Outlook and other programs. Click here to remove it immediately with Live Security Platinum

Live Security Platinum Firewall Alert Live Security Platinum Firewall has blocked a program from accessing the Internet. Internet Explorer Internet Browser is infected with SVCHOST.Stealth.Key-logger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remove host

Live Security Platinum will also cause malicious browser redirects and system slowdowns so it needs to be removed from your computer as soon as possible.
This is are a few images of Live Security Platinum:

Registration codes for Live Security Platinum
As an optional step,you can use the following license key to register Live Security Platinum and stop the fake alerts.
AA39754E-715219CE
Please keep in mind that entering the above registration code will NOT remove Live Security Platinum from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.

Live Security Platinum Removal Guide

STEP 1 : Start your computer in Safe Mode with Networking

Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen.
On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.

STEP 2: Remove Live Security Platinum malicious proxy server

Live Security Platinum may add a proxy server which prevents the user from accessing the internet,follow the below instructions to remove the proxy.

Start the Internet Explorer browser and if you are using Internet Explorer 9 ,click on the gear icon (Tools for Internet Explorer 8 users) ,then select Internet Options.
Go to the tab Connections.At the bottom, click on LAN settings.
Uncheck the option Use a proxy server for your LAN. This should remove the malicious proxy server and allow you to use the internet again.

If you are a Firefox users, go to Firefox(upper left corner) → Options → Advanced tab → Network → Settings → Select No Proxy

STEP 3: Repair your Windows Registry from Live Security Platinum malicious changes.

Smart Fortress 2012 has changed your Windows registry settings so that when you try to run a executable file (ending with .exe ) , it will instead launch the infection rather than the desired program.

Download the registryfix.reg file to fix the malicious registry changes from Live Security Platinum.
REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called registryfix.reg)
Double-click on registryfix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.

STEP 4: Run RKill to terminate known malware processes associated with Live Security Platinum.

RKill is a program that will attempt to terminate all malicious processes associated with Live Security Platinum,so that we will be able to perform the next step without being interrupted by this malicious software.
Because this utility will only stop Live Security Platinum running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.

While your computer is in Safe Mode with Networking ,please download the latest official version of RKill.Please note that we will use a renamed version of RKILL so that Live Security Platinum won’t block this utility from running.
RKILL DOWNLOAD LINK (This link will automatically download RKILL renamed as iExplore.exe)
Double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Live Security Platinum.
RKill will now start working in the background, please be patient while the program looks for various malware programs and tries to terminate them.

IF you are having problems starting or running RKill, you can download any other renamed versions of RKill from here.
When Rkill has completed its task, it will generate a log. You can then proceed with the rest of the guide.

WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.

STEP 5: Remove Live Security Platinum malicious files with Malwarebytes Anti-Malware FREE

Download the latest official version of Malwarebytes Anti-Malware FREE.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
Start the Malwarebytes’ Anti-Malware installation process by double clicking on mbam-setup file.
When the installation begins, keep following the prompts in order to continue with the setup process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button. If Malwarebytes’ prompts you to reboot, please do not do so.
Malwarebytes Anti-Malware will now start and you’ll be prompted to start a trial period , please select ‘Decline‘ as we just want to use the on-demand scanner.
On the Scanner tab,select Perform full scan and then click on the Scanbutton to start scanning your computer.
Malwarebytes’ Anti-Malware will now start scanning your computer for Live Security Platinum malicious files as shown below.
When the scan is finished a message box will appear, click OK to continue.
You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selectedbutton.
Malwarebytes’ Anti-Malware will now start removing the malicious files.After completing this task it will display a message stating that it needs to reboot,please allow this request and then let your PC boot in Normal mode.

STEP 6: Double check your system for any left over infections with HitmanPro

This step can be performed in Normal Mode ,so please download the latest official version of HitmanPro.
HITMANPRO DOWNLOAD LINK(This link will open a download page in a new window from where you can download HitmanPro)
Double click on the previously downloaded fileto start the HitmanPro installation.

IF you are experiencing problems while trying to starting HitmanPro, you can use the “Force Breach” mode.To start this program in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
Click on Next to install HitmanPro on your system.
The setup screen is displayed, from which you can decide whether you wish to install HitmanPro on your machine or just perform a one-time scan, select a option then click on Next to start a system scan.
HitmanPro will start scanning your system for malicious files. Depending on the size of your hard drive, and the performance of your computer, this step will take several minutes.
Once the scan is complete,a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click Next.
Click Activate free license to start the free 30 days trial and remove the malicious files.
HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.

STEP 7: Remove any left over malicious registry keys and files

Live Security Platinum has sadded some malicious registry keys to your Windows installation , to remove this malicious changes we need to run a scan with RogueKiller

Please download the latest official version of RogueKiller.
ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
After the scan has completed, press the Delete button to remove any malicious registry keys.
Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

If you are still experiencing problems while trying to remove Windows Custom Safety from your machine, please start a new thread in our Malware Removal Assistance forum.

10 Rules to Avoid Online Scams

Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.

Stop and verify before you click, log in, download, or pay.

Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).

If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.

Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.

If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.

Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.

If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.

Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.

If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.

Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.

If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.

Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.

If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.

Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.

If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).

Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.

If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.

Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.

If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.

Move quickly. Speed matters for disputes, account recovery, and limiting damage.
- Stop payments and contact: do not send more money or respond to the scammer.
- Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
- Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
- Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
- Scan your device: remove suspicious apps or extensions, then run a full malware scan.
- Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
- Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.

These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.

538 thoughts on “Remove Live Security Platinum (Uninstall Guide)”

Catalina

July 25, 2012 at 08:11

Hi
I did everything you said, step by step. It said that 13 viruses were found and deleted. It restarted my laptop in normal mode again and the virus was still there =( I tried again in safe mode. Did another full scan. 4 more viruses were found and removed and when I went back to normal mode. The nasty virus is still there!! Please help! I competed all the steps and can’t seem to get rid of it

Thanks in advance
- Stelian Pilici
  
  July 25, 2012 at 09:07
  Can you please update Malwarebytes and run a scan while in Normal mode?
  Next,please run a new scan with HitmanPro
  Last but no least:
  STEP 1 : Run a scan with Combofix
  
  Download ComboFix from one of the following locations:
  
  COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
  COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
  
  VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
  - Close any open browsers.
  - Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    ———————————————————–
    
    Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
    ———————————————————–
    
    Close any open browsers.
    
    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    
    ———————————————————–
  1. Double click on ComboFix.exe & follow the prompts.
  2. Accept the disclaimer and allow to update if it asks
  3. When finished, it shall produce a log for you.
  Notes:
  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.
  STEP 2: Run a scan with ESET Online Scanner:
  1. Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
  2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
  3. Check Yes, I accept the Terms of Use
  4. Click the Start button.
  5. Check Scan archives
  6. Push the Start button.
  7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  8. When the scan completes, push Finish
  Waiting for your reply to tell me if your laptop is ok ..
brittykitty

July 25, 2012 at 03:29

I was following your instructions to remove the Live Security Platinum from my notebook & when I got to part where I needed to restart in ‘safe mode’ by pressing f8 at the sound of the beep, I didn’t hear it & when I did press f8, windows seemed to start up in a ‘safe mode’ automatically and a screen popped up saying it was windows startup repair. i started the system restore it suggested, then panicked thinking it was a virus. I googled it and I’m not sure if it really is part of windows, or is a virus because several sites say it is a legitimate part of windows recovery security and several others say it is a virus. help me please? do i have more than just this live security platinum harming my notebook?
- Stelian Pilici
  
  July 25, 2012 at 04:25
  Hello,
  Please,run a scan with ESET Online Scanner:
  1. Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
  2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
  3. Check Yes, I accept the Terms of Use
  4. Click the Start button.
  5. Check Scan archives
  6. Push the Start button.
  7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  8. When the scan completes, push Finish
Helle DK

July 24, 2012 at 22:08

Beautiful :-) The easy-to-follow instructions killed the beast.

Thank you very much Stelian
Charlie

July 24, 2012 at 20:32

Ok, I got rid of Live Security Platinum. Thanks so much for the detailed instructions.

Now, by any chance do you know how to get rid of System Protector? I’ve got that too.
- Stelian Pilici
  
  July 24, 2012 at 20:35
  
  On the same machine??
Sasha

July 24, 2012 at 18:47

Thanks Stelian, you’re a good man and we do appreciate it!
Peter Paul

July 24, 2012 at 17:52

My office computer was attacked yesterday by live security platinum after I click on the ‘close’ button on my expired Mcaffee pop up. I used another pc to google for help, and, luckily, I came across your site and followed your advice. It worked like magic! My pc is back to life. I can connect to the network, although I still can’t connect to the network printers (it keeps showing the printers are ‘offline’). Thanks a million, Stelian; you’re an angel.
Charlie

July 24, 2012 at 17:38

Please ignor my problem with the Malware, I tried again and noticed the download was being blocked. I gave the ok and I’m running a scan now.
Agnel

July 24, 2012 at 17:34

Hey Buddy,

Amazing step by step process on how to delete the virus.It’s 03.32 AM, i wanted to say a very big thank you to you before i go to bed. It took be a a few hours but i finally got rid of it by following your steps.

Thanks Again,
Agnel
Charlie

July 24, 2012 at 17:15

I’m having trouble with the fix and hope you can help. I downloaded the Registryfix and double clickked on the desktop icon, but I don’t know if it did anything or not, I got no messages saying it had done anything.

I downloaded Rkill and ran it, but the log says it found nothing.

I clicked on the malware link, which took me to a site called Malware bytes. I clicked on the download which took me to another site called TechSpot. I clicked on the download button there and nothing happened.

I have McAfee Total Protection and I don’t understand how this Live Security thing got through. I thought McAfee was supposed to be one of the best.
- Stelian Pilici
  
  July 24, 2012 at 17:22
  Hello,
  Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
  1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
  2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
  3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
  4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
  5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
  6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
  7. Upon completion of the scan, if anything has been detected, click on Show Result
  8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
  9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats
  2.Please perform a scan with HitmanPro as seen on the guide.
  
  3.Run a scan with ESET Online Scanner:
  1. Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
  2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
  3. Check Yes, I accept the Terms of Use
  4. Click the Start button.
  5. Check Scan archives
  6. Push the Start button.
  7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  8. When the scan completes, push Finish
Chris

July 24, 2012 at 12:24

Excellent, this worked perfectly. This is the most thorough, exact and free malware removing solution I ever found on the internet. Thank you, it is very appreciated. You are not only competent but generous.
Magnus

July 24, 2012 at 11:57

Hi. I have the Live Security Platinum virus on my computer (Dell XPS Vista Ultimate). I have read your guide and most of the comments, but I don’t think I’ve seen an answer to my troubles. Please forgive me if you’ve already addressed my problems. I got up to Step 5. Malware did not prompt me for a trial period, but went straight to the Scanner Tab and the full scan. I clicked it, but it starts, and after 1 second working, the window disappears from my desktop!? The Malware process is gone! (I tried this twice and the same thing happened again.) I tried other things you recomended, although I don’t know if I was following them right, or if I needed to do other stuff first, for example I tried the Force Breach HitMan Pro. That actually seemed to work properly, and found a bunch of threats, but there was the reboot option, which I clicked, but the program just shut off. Perhaps I’m a bit impatient, but as nothing was happening, I clicked start, restart, and my computer restarted. When it did, though, there was a weird black screen that said HitMan Pro something something. I pressed enter (not knowing what else to do), and I think it started normally. When I logged on and searched for Live Security Platinum, it’s still there.
Any help with what I should do would be greatly appreciated. From reading the comments, you seem to really know your stuff and have helped many people (I hope to be one of them!). It seemed that they just needed to get the combo of programs in the right order. Please advise as to what to do; I will check back tomorrow.
- Stelian Pilici
  
  July 24, 2012 at 12:09
  Hello,
  Can you please run a scan with Combofix:
  STEP 1 : Run a scan with Combofix
  
  Download ComboFix from one of the following locations:
  
  COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
  COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
  
  VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
  - Close any open browsers.
  - Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    ———————————————————–
    
    Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
    ———————————————————–
    
    Close any open browsers.
    
    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    
    ———————————————————–
  1. Double click on ComboFix.exe & follow the prompts.
  2. Accept the disclaimer and allow to update if it asks
  3. When finished, it shall produce a log for you.
  Notes:
  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.
  STEP 2: Run a scan with ESET Online Scanner:
  1. Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
  2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
  3. Check Yes, I accept the Terms of Use
  4. Click the Start button.
  5. Check Scan archives
  6. Push the Start button.
  7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  8. When the scan completes, push Finish
  - Magnus
    
    July 25, 2012 at 12:22
    
    Thanks a million! ComboFix worked; I believe it deleted the Live Security Platinum virus, and the ESET Online Scanner didn’t find any problems.
    I just want to know, should I turn my firewalls back on? Also, should I do any more scans? I believe ComboFix deleted the Live Security Platinum virus, but should I scan for anything else? If yes, what should I do? Please advise. Should I follow any steps of your guide? And what about Malwarebytes Anti-Malware? Should I still have that on my computer or can I delete it? It didn’t work like it was supposed to, which is why I needed your other fix, but it did stop some malware attacks when I went online to follow some of your instructions (the first time around, before I asked you directly what to do), although I think that was the Live Security Platinum working, so now that it’s gone, can I delete Malwarebytes? Should I scan with it? Also, can I delete iExplorer, HitmanPro, esetsmartinstaller, Malwarebytes Anti-Malware, registryfix, and Combo-Fix?
    And another thing. Before I asked you directly what to do, I was trying things that you mentioned to other people. I downloaded Kaspersky, but should I do anything with it? I don’t want to do things that are unnecessary, so can I just delete it?
    Your advice is gold, and the user friendly, easy to follow instructions are awesome! I am a little knowledgeable in computers, but even so, the exacting, clear, instructions that you give are really, really helpful. It makes the whole process that much harder when the solution to one’s problem is in a hard to follow guide. You know there’s an answer, but you just can’t decipher how to fix the problem, even though the solution is staring you in the face. The struggle becomes even more frustrating! Your guides and instructions are a breath of fresh air. It’s nice to know someone cares and is willing to give of his time to help people. And all for free!!!
    THANK YOU Stelion!!!!!
Vale

July 24, 2012 at 10:15

i was also infected, thanks for the help!
James

July 23, 2012 at 21:00

I cannot access the internet on my infected PC. Check the Proxy. Still not able to connect. Help!
- James
  
  July 23, 2012 at 21:27
  
  Sorry, little more information, I am running Win XP SP3. I used the code given and have tried in safe mode and normal. Still unable to access internet.
  - Stelian Pilici
    
    July 24, 2012 at 12:05
    
    What firewall are you using?
  - James
    
    July 24, 2012 at 15:07
    
    I am using McAfee firewall. After repeated attempts I was able to restore internet in normal mode only. Here is what I’ve done:
    Malware Chameleon, went through all steps none seemed to work. All showed green.
    Windows Registry fix – operated as described
    Rkill – operated as described
    Malwarebytes anti-malware – took a long time but seemed to work
    Hitman Pro – operated as described
    Eset – again took a long time, but seemed to work.
    McAfee full virus scan.
    It seems to be clean, but now on boot up the internet take 3 minutes to load. Is there any thing else I should try because I did all this in normal mode?
  - James
    
    July 24, 2012 at 18:42
    
    Took it a step further and used Combofix as described. Still very slow to bring up internet.
    Thank you so very much for this set of instructions. Saved me hundreds of $$.
John

July 23, 2012 at 19:51

Hello,

I have gone through the instructions and my computer seems to be working fine other then a Spler.dll error at start up. Iam running Win 7 64 bit. How can I make this error go away?
- Stelian Pilici
  
  July 23, 2012 at 20:07
  
  Hello John,
  To solve this ,you can using Malwarebytes StartupLite or Msconfig,to remove that startup entry.
  - Bandele
    
    July 24, 2012 at 00:08
    
    Dad managed to infected my PC protected with Mcafee with nasty Live Security Platinum virus. 24Hrs later it’s removed thanks to Stelian’s instructions. Dont be daunted – I am not a techy and I managed to do it with the instructions.
    
    THANK YOU Stelian for this. God bless you and the family
    
    Be patient and read the threads to avoid frustration. If your anti virus is Mcafee, check and ensure your Firewall can be turned on and off in settings. If you cannot manually adjust your firewall, use the Combofix app. All explained.
    
    My download route in summary is RKill, then Malwarebytes, HitmanPro and Combo-fix after I could not turn on my Mcafee firewall. I would recommend using IE in the safe mode though your default browser might be another. Mine is Firefox but I found IE more user friendly. As advised dont kill any of the processes and I uninstalled my Mcafee instead of disabling. Combo-fix does give an incorrect message after uninstalling (Just double check to be sure).
    
    Thanks once again for saving my money.
Peter

July 23, 2012 at 19:00

I am not getting the “Safe Mode with Networking” when I press F8. When booting up, my computer only displays options for F2 and F10. I have an old Dell. Please help.
- Stelian Pilici
  
  July 23, 2012 at 19:02
  Hello Peter,
  Lets work in Normal Mode:
  Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
  1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
  2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
  3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
  4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
  5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
  6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
  7. Upon completion of the scan, if anything has been detected, click on Show Result
  8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
  9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats
  2.Please perform a scan with HitmanPro as seen on the guide.
  
  3.Run a scan with ESET Online Scanner:
  1. Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
  2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
  3. Check Yes, I accept the Terms of Use
  4. Click the Start button.
  5. Check Scan archives
  6. Push the Start button.
  7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  8. When the scan completes, push Finish
  - Peter
    
    July 23, 2012 at 19:51
    
    Hello, I have downloaded Malwarebytes Chameleon and tried to run it with the help file. The first one opened up a DOS screen and down loaded the file. When installing, I get Access Denied for a lot of files including rules.ref, config.conf, build.conf, custom.conf etc… I pressed rety and it does’t work. So I went ahead and installed it by pressing ignores for these files, I get “Failed to run MAM-Killer.exe”, “Failed to run Malwarebytes Anti-Malware” and ” Failed to disable protection driver”. Please help…
  - Stelian Pilici
    
    July 23, 2012 at 20:06
    
    While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
    1.Here are the direct download links for HitmanPro,
    – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
    – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
    2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
    Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
    3. Let HitmanPro scan and remove the detected infections.
    Next,run a scan with Malwarebytes and ESET Online scanner.
  - Peter
    
    July 23, 2012 at 22:57
    
    Wow, it seems like I’m going deeper and deeper. Here’s the rundown:
    
    When I tried to install the HitmanPro, it showed blue screen saying that it shut down to prevented the damage. Kernal-Stack-Inpage-error. Technical Info. STOP: 0X00000077 (0XC0000015, 0XC0000015, 0X00000000, oXoF63D000)
    
    Wehn I restarted my computer, I got the second blue screen stating the following. A process or thread crucial to system operation has unexpectedly exited or terminated. Technical Info. STOP: 0X000000F4 (0X00000003, 0X826942C0, 0X82694434, 0X805D22AA)
    
    When I restarted, the HitmanPro did start but didn’t find anything. Here’s the strange thing. I was able to start in safemode with network so I thought I give your full instruction a try. I was able to go online but when I tried to go on your site, it directed me to a different site (Randomly) every time.
    
    When I tried to go to your step 5, I was getting this following errer message “Runtime Error ’13’: type mismatch. I also got “The trial is not available for your product version. We apologize for inconvenience” and also ‘Program_error_updating (0.0. Host not found).
    
    I found out that I lost the connection to the internet (Home network). I tried resetting the ethernet card, reinstalled/rejoined the network, reset the modem, WiFi and everything but I’m not able to get my connection to the network back. I’m not able to perform step 6 as the HitmanPro wants to see the internet connection first.
    
    By the way, I had to scan with MalwareBytes without updating as I didn’t have connection but found 89 items and deleted them. Please help me…
  - Peter
    
    July 23, 2012 at 22:59
    
    By the way, I cannot get to my windows fire wall settings or refresh my IP address due to “unknown error”… I’m on another computer to write this to you.
  - Stelian Pilici
    
    July 24, 2012 at 12:05
    Hello,
    You most likely have a ZeroAccess rootkit infection on your computer.
    
    Can you please run a scan with Combofix:
    STEP 1 : Run a scan with Combofix
    
    Download ComboFix from one of the following locations:
    
    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
    
    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
    
    Close any open browsers.
    
    Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    ———————————————————–
    
    Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
    ———————————————————–
    
    Close any open browsers.
    
    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    
    ———————————————————–
    
    Double click on ComboFix.exe & follow the prompts.
    
    Accept the disclaimer and allow to update if it asks
    
    When finished, it shall produce a log for you.
    
    Notes:
    
    Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    
    Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    
    If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.
    
    STEP 2: Run a scan with ESET Online Scanner:
    
    Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    
    Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    
    Check Yes, I accept the Terms of Use
    
    Click the Start button.
    
    Check Scan archives
    
    Push the Start button.
    
    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    
    When the scan completes, push Finish
Mercedes

July 23, 2012 at 18:56

Wow I didn’t believe I was going to be able to do it!!!! But your detailed instructions made it work like a breeze. I know nothing about computers and I was about to call a computer specialist…But I carefully read your steps and chose to try…
Just a couple of questions: Should I keep Malwarebytes and Hitman both in my computer? Are they compatible? They cannot work as an antivirus, as far as I know… Or am I wrong? So a combination of antivirus plus Hitman plus Malwarebytes…would it be ok?
- Stelian Pilici
  
  July 23, 2012 at 18:59
  
  HitmanPro and Malwrebytes are only on-demand scanners (basically they are just cleaning tools which won’t protect your system).You can uninstall them or let them on your system and regularly perform system scan to check if everything is ok. :)
  Good Luck!
Jarrett Gold

July 23, 2012 at 15:48

Viva La Barca! Thank you so much for the fix! Up an running again.
Ol

July 23, 2012 at 13:45

Thanks a lot for that. Really useful.
Daisy

July 23, 2012 at 08:33

I was so sceptical of this process at first and thought i should just take it in to the shop and pay for them to do it. I am not good on computers and have never tried to fix any virus myself! but your incredibly detailed and directional guide made it easy for me to do and now my computer is clear! Thanks so much for the guide, it really helped me out and i will suggest this website to other with computer problems.
Amanda A

July 23, 2012 at 07:55

Okay, so I followed all your steps and it seems to have cleared my computer of everything but a desktop.ini virus and a win64 virus. I have run all over the internet trying to figure out how to fix those and nothing seems to have helped. Do you have any added advice? Any ideas of what I can do?

Not sure if I can post pictures, but if I can here is a picture of the scan results:
http://tinypic.com/r/15rlfkz/6
- Stelian Pilici
  
  July 23, 2012 at 08:03
  Hello Amanda,
  You most likely have a ZeroAccess rootkit infection on your computer.
  
  Can you please run a scan with Combofix:
  STEP 1 : Run a scan with Combofix
  
  Download ComboFix from one of the following locations:
  
  COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
  COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
  
  VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
  - Close any open browsers.
  - Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    ———————————————————–
    
    Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
    ———————————————————–
    
    Close any open browsers.
    
    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
    Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
    If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    
    ———————————————————–
  1. Double click on ComboFix.exe & follow the prompts.
  2. Accept the disclaimer and allow to update if it asks
  3. When finished, it shall produce a log for you.
  Notes:
  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.
  STEP 2: Run a scan with ESET Online Scanner:
  1. Download ESET Online Scanner utility.
    ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
  2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
  3. Check Yes, I accept the Terms of Use
  4. Click the Start button.
  5. Check Scan archives
  6. Push the Start button.
  7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  8. When the scan completes, push Finish
  - Amanda A
    
    July 25, 2012 at 23:09
    
    Okay! All that seems to have helped, and my antivirus software Vipre isn’t picking anything up, however Hitman Pro keeps coming up with this:
    http://tinypic.com/r/9rr50n/6
    Is there any concern? Hitman doesn’t seem to be able to remove the Ini virus.
  - Stelian Pilici
    
    July 26, 2012 at 04:06
    
    Did you run Combofix as I’ve ask you to do??
  - Amanda A
    
    July 26, 2012 at 08:26
    
    Yes, I ran combo fix, allowed it to scan and restart and then I also used the ESET right after that. When I was finished with the two steps you gave me, ESET rebooted my computer and when it loaded into Windows Hitman Pro was still displaying that same message.
  - Stelian Pilici
    
    July 28, 2012 at 05:43
    
    Please start a thread in our Malware Removal Assistance forum.