If you are reading this article than you’re most likely trying to find out, what Live Security Platinum is and how you can get rid of this virus.
As you’ve probably realized by now,Live Security Platinum is a malicious software (rogue security software) that is displaying bogus antivirus alerts in an attempt to scare you into buying this fake security product.
Live Security Platinum is also blocking you from running programs and is causing browser redirects and slowing down your PC.
Live Security Platinum Images
Below you can see some images of Live Security Platinum.
Registration codes for Live Security Platinum
As an optional step,you can use the following license key to register Live Security Platinum and stop the fake alerts.
AA39754E-715219CE
Please keep in mind that entering the above registration code will NOT remove Live Security Platinum from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.
Live Security Platinum Removal Instructions
STEP 1 : Start your computer in Safe Mode with Networking
- Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
- Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen. - On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
STEP 2: Remove Live Security Platinum malicious proxy server
Live Security Platinum may add a proxy server which prevents the user from accessing the internet,follow the below instructions to remove the proxy.
- Start the Internet Explorer browser and if you are using Internet Explorer 9 ,click on the gear icon (Tools for Internet Explorer 8 users) ,then select Internet Options.
- Go to the tab Connections.At the bottom, click on LAN settings.
- Uncheck the option Use a proxy server for your LAN. This should remove the malicious proxy server and allow you to use the internet again.
If you are a Firefox users, go to Firefox(upper left corner) → Options → Advanced tab → Network → Settings → Select No Proxy
STEP 3: Repair your Windows Registry from Live Security Platinum malicious changes.
Smart Fortress 2012 has changed your Windows registry settings so that when you try to run a executable file (ending with .exe ) , it will instead launch the infection rather than the desired program.
- Download the registryfix.reg file to fix the malicious registry changes from Live Security Platinum.
REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called registryfix.reg) - Double-click on registryfix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.
STEP 4: Run RKill to terminate known malicious processes associated with Live Security Platinum.
RKill is a program that will attempt to terminate all malicious processes associated with Live Security Platinum,so that we will be able to perform the next step without being interrupted by this malicious software.
Because this utility will only stop Live Security Platinum running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.
- While your computer is in Safe Mode with Networking ,please download the latest official version of RKill.Please note that we will use a renamed version of RKILL so that Live Security Platinum won’t block this utility from running.
RKILL DOWNLOAD LINK (This link will automatically download RKILL renamed as iExplore.exe) - Double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Live Security Platinum.
- RKill will now start working in the background, please be patient while the program looks for various malware programs and tries to terminate them.
IF you are having problems starting or running RKill, you can download any other renamed versions of RKill from here. - When Rkill has completed its task, it will generate a log. You can then proceed with the rest of the guide.
WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.
STEP 5: Remove Live Security Platinum malicious files with Malwarebytes Anti-Malware FREE
- Download the latest official version of Malwarebytes Anti-Malware FREE.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free) - Start the Malwarebytes’ Anti-Malware installation process by double clicking on mbam-setup file.
- When the installation begins, keep following the prompts in order to continue with the setup process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button. If Malwarebytes’ prompts you to reboot, please do not do so.
- Malwarebytes Anti-Malware will now start and you’ll be prompted to start a trial period , please select ‘Decline‘ as we just want to use the on-demand scanner.
- On the Scanner tab,select Perform full scan and then click on the Scanbutton to start scanning your computer.
- Malwarebytes’ Anti-Malware will now start scanning your computer for Live Security Platinum malicious files as shown below.
- When the scan is finished a message box will appear, click OK to continue.
- You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selectedbutton.
- Malwarebytes’ Anti-Malware will now start removing the malicious files.After completing this task it will display a message stating that it needs to reboot,please allow this request and then let your PC boot in Normal mode.
STEP 6: Double check your system for any left over infections with HitmanPro
- This step can be performed in Normal Mode ,so please download the latest official version of HitmanPro.
HITMANPRO DOWNLOAD LINK(This link will open a download page in a new window from where you can download HitmanPro) - Double click on the previously downloaded fileto start the HitmanPro installation.
IF you are experiencing problems while trying to starting HitmanPro, you can use the “Force Breach” mode.To start this program in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video) - Click on Next to install HitmanPro on your system.
- The setup screen is displayed, from which you can decide whether you wish to install HitmanPro on your machine or just perform a one-time scan, select a option then click on Next to start a system scan.
- HitmanPro will start scanning your system for malicious files. Depending on the size of your hard drive, and the performance of your computer, this step will take several minutes.
- Once the scan is complete,a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click Next.
- Click Activate free license to start the free 30 days trial and remove the malicious files.
- HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
Hello,
Can you please follow this guide: http://malwaretips.com/blogs/remove-mac-os-x-virus/
Awesome!Thank you!
You rock!Thank you!!!
Thank you very much. You helped me a lot with these tips.
Best regards.
Thanks very much Stelian. Your tutorial and instructions were clear and precise. I really appreciated your assistance. No more rogue virus. Keep up the good work!
Thank you very much! It really works.
Step 6 is very important, you can kill the virus, but it will come again through the malicious pop up.
Many thanks again!
Thank you very much I tried again to download the Kaspersky Virus Removal Tool and it worked well and no threat detected. Thank you again for your help.
Thank you very much Stelian for your help
I tried to download the Kaspersky Virus Removal Tool but when I clicked the download button it did not respond.
THANK YOU!!!!!
Hello sunset,
That’s not the icon for the virus,those symbols are from the Windows User Account Control and means that the program need elevated privileges to run,so you’re ok! :)
Now,for your peace of mind please perform a scan with this two on-demand scanners:
1.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Hi,
I followed the above instructions to remove Live Security Platinum from my PC and it appeared to have worked…both Malwarebytes and HitmanPro detected and deleted items but I still had problems with my system; the PC performance was very bad and slow, the files took long time to open and sometimes the PC hanged so I restarted it again. Finally I forced to format my system and setup the windows again. Now my PC is working well but the icon of the virus appears on the right lower corner of other programs’ icons and shortcuts and I cannot remove it. See those pictures:
http://im23.gulfup.com/2012-09-04/134672622321.jpg
http://im23.gulfup.com/2012-09-04/1346726223562.jpg
Is this mean that the virus still infects my system? If so how can I remove it and how can I remove the icon of the virus from other programs’ icons?
Thank you very much.
Hello Bill
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Stelian, thank you so much for these instructions, this has got to be the absolute worst virus I have ever encountered. I can’t believe the FBI has not gone after the bastards that wrote this code. You rock!!!!
I was infected with this Live Security Platinum virus. I have gone through the steps to get rid of it, but: This virus caused my Folder Options to disappear. How do I get them back? I’ve looked in the Registry for the NoFolderOptions problem but that is not there. And in gpedit.msc the “Removes the Folder Options menu fron the Tools menu” is set to Disabled. But I still cannot see my folder options. I also cannot see my Organise, Views, System Properties, Uninstall or Change a Program, Map Network Drive, or Open Control Panel Buttons.
Perfect!
Thanks!
It is me again, apparently this virus was trying to be a smartass! I found the files in my download folder! So I will use it! I will kick his ass soon! I will get back to you if I face a problem! THX!!
HI!
I can’t ignore it, bc (and I don’t know the reason) the download box is appearing at the bottom of the page with a yellow border asking me if I want to : RUN/SAVE? I tried both and it is telling me the same thing (It isnt safe), it gives me two options either to delete it or view downlaods.
I will try the other solution you gave me, but by Norman mode, you mean Normal yeah?
Hello,
You can accept that notification and ignore the warning…
Alternatively you can follow this guide:
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Hello, Please HELP!!
I am not able to pass Step 4, when I download RKILL the system tells me that “iExplorer (2) was reported as unsafe” and it doesnt allow me to run it/save it. Please HELP!!!
Cheers. Thanks for that. Googled how to fix my problems and by far the easiest. Now back up and running to have a game of poker. haha
Sorry, Stelian, I didn’t read beyond the malware/hitman suggestion in the earlier thread as we had already applied those. Now followed your steps above and the 50 updates have been downloaded.
Thank you once more; we are now fixed and will study and implement your suggestions.
Did you follow this step:
please follow this steps:
1. Click the Start buton
2. Type “cmd” in the Search Box and then press Enter
3. Right-click “cmd.exe” and select “Run as administrator”
4. Click “Continue” on the “User Account Control” Window
5. In the command prompt type the following command
sc create BITS binpath= “c:\windows\system32\svchost.exe -k netsvcs” start= delayed-auto
6.Restart your computer and check if the problem is solved.
Thanks again for your excellent suggestions. Have not deleted the combo fix as we found that although windows update identifies the necessary updates it will not download them showing error code 8024608. The help function aks me to find the BITS service, but this does not appear to exist!? Have tried some update fixes to no avail; does this make sense?
Thanks again for taking the time to help
Great Phillip,
Unless you are having other problems, it is time to do the final steps.
Delete the following folders: (If they exist)
C:\ComboFix
C:\Qoobox
You should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard
Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions.
Absolutely brilliant, many thanks! Windows Firewall and Updates now working again; it appeasr the update function has been out for some time as there is 664mb to download.
Ran the Combofix and ESET, but not the others as they were downloaded and used to remove the platinum update a couple of days ago.
I have the log and also a screen shot of the 3 ESET threats found and deleted, but not sure how to attach for you?
Hello Liam,
Can you please run a scan with Combofix and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Next,please run HitmanPro and Malwarebytes as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Hi, i’m fine with the first few steps unil it gets to using the RKill software. Downloading and opening it is no problem, but within a few seconds of it being open a message comes up saying ‘windows has encountered a critical problem and will restart automatically in one minute. Please save your work now.’ I have tried several times and it has done the same, any help would be much appreciated, thanks :)
OMG ths wasamzing it worked like a charm thank u!!!
Hey thank you so much! This took me 5+ hours but well worth it! Thank you and Visca Barça!!
Hello Phillip,
Can you please run a scan with Combofix and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Next,please run HitmanPro and Malwarebytes as seen on the guide.
Next,please follow this steps:
1. Click the Start buton
2. Type “cmd” in the Search Box and then press Enter
3. Right-click “cmd.exe” and select “Run as administrator”
4. Click “Continue” on the “User Account Control” Window
5. In the command prompt type the following command
sc create BITS binpath= “c:\windows\system32\svchost.exe -k netsvcs” start= delayed-auto
6.Restart your computer and check if the problem is solved.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Glad to see that now everything is OK! :D
Stay safe and have an awesome life!
Hi Stelian,
“Live Security Platinum” pop-ups are gone and pc is running really well now. Thank you very much for all your help.
i love you! was ready to throw my laptop in the bin. order is restored.
Hi Stelian,
Thank you very much for promptly responding to my query in such detail. I apologise for not reading through your initial instructions to the end where it says “If you are still experiencing problems… please start a new thread in the forum”. Your work-around to my issue worked without a hitch (no Windows error messages this time), though it seems your initial instructions did remove the “Live Security Platinum” virus after-all. FYI, I am almost certain I picked up this pc virus from playing “Words with Friends” (scrabble game) on Facebook. Thank you once again for ridding my pc of this virus.
Hey Thanks! Looks like it worked for me!
Can’t believe people plant stuff like this, lame…
Thanks again!
Thank you very much for the clear, step by step instructions here. My computer is working much better now. This very helpful post is greatly appreciated! THANK YOU!
Thank you so much for the advice, we have finally removed the dreaded live security platinum from my wife’s computer. She was using windows security essentials which is now back and running but not the windows firewall which has an error code 0x8007042c. Tried a number of fixes for this but to no avail; any suggestions?
Great thank you so much for the easy to follow instructions.
Worked well.
Hello Sunn,
Can you please follow the below steps:
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
[b]RogueKiller Download Link[/b] (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Hello Leanne,
Can you please follow the below steps:
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
[b]RogueKiller Download Link[/b] (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Hello Jim,
Can you please follow the below steps:
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
[b]RogueKiller Download Link[/b] (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Step 4 says “Do not reboot your computer…” but my computer is rebooting automatically because it says Windows encountered a system error. Is there a way around this please?
May have got without safe mode :)
Hi I have this live security platinum on a work computer, I have tried to follow your guide. I have placed the activation code & stopped the pop ups. But when I get safety mode screen up I cannot get arrows to work. it starts windows normally, how do I get around this? It is an important hard drive as it runs an irrigation system. :/ Have tried everything I can think of.
Step 4 says do not reboot because everything will return. Well, the PC reboots after RKill is done processing. It gives a warning saying the system will reboot and after I get the text file it reboots. How do I stop it from rebooting?
Thanks
Like so many others before me, can I say a big thank you for the easy to follow guide, and hopfuly I wont get it back.
I followed the procedures and successfully removed the Live Security Plantinum. I do not have to reformat the HD and saved by data. Thanks.
Thank you, Thank you, Thank you!!!!! Last year, my computer was infected with another virus- we were able to successfully remove it (or so we thought) and several months after the fact we woke up one morning to a computer that had restarted on its own and EVERYTHING was gone!!! All our documents, all our pictures, EVERYTHING! My husband consulted an independent IT guy he knows who remotely ran scans and did stuff to our computer only to tell us there was no hope of ever getting it back. I was devastated! I kept trying to “find” our stuff on our computer- I knew it had to be there somewhere. I kept attempting to show the hidden files and folders and kept getting the message that I didn’t have permission to make changes. I had resigned myself to the fact that I wasn’t going to get anything back. All that to say- after following the guide and removing the Live Security Platinum- the HitmanPro found a ZeroAccess Rootkit. I was able to remove it as well and last night in the middle of the night I finally had my permissions back and was able to show all hidden folders and files and lo and behold all our information was still there- just as I suspected! Thank you a million times over!!!!
THANK YOU SO MUCH…THIS HAS HELPED MANY PEOPLE TO RESTORE THEIR SYSTEMS BACK TO WORKING ORDER. GOD BLESS YOU!
Thank you sincerely for your help. It worked!
Thanks Stelian, this sorted my problem out.
I applaud the time and effort you have put in to help people in this predicament.
Kind Regards,
Steve
Hello,
Lets try another way around this
While in Normal Mode,please try to download and run Malwarebytes Chameleon:
iexplore.exe http://downloads.malwarebytes.org/file/chameleon
2.Please perform a scan with HitmanPro,RogueKiller and Unhide.exe as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
If it still doesn’t want to work, please try the above steps while in Safe Mode with Networking.
Waiting for your reply to see how everything is running…. Good luck!
spot on…problem solved….
Dear Stelian
Thank you very much for this tutorial. My laptop was infected last night and whilst it took about 2 hours to get rid of the live protection platinum using another laptop to search for help, your tutorial was fantastic and your step by step guide easy to understand for a technophobe like me! Your support is very much appreciated.
I had the same problem as william and i tried following your tutorial afterwards and it wouldnt even let me download hitman pro? it says open and save (wont let me press open) so i press save and then it asks me to open it with another programme? :S HELP!
THANKS!!!!!!!!!!! :D I’M SO HAPPY!!!!
Get a USB stick and copy on it Combofix, then transfer it to the infected computer and perform the following steps:
Please read and follow all the steps very carefully.
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
Next, please post the log back here and let me know how things are running.
My firewall doesn’t opens too. It is turned off as well
Hi Stelian,
Since I got rid of the virus with your excellent help here, my desktop icons rearrange themselves to default on left side on start-up.
I have unchecked auto arrange and align to grid. I’m using Windows 7 Home.
I thought it might be caused by adding HitmanPro or MalwareBytes so I uninstalled them but it didn’t help. I can reinstall these if necessary, of course.
How do I get my desktop icons to stay in place again?
Thank you,
Kelly
Hello Dan,
Most likely you have a file that is missing….. Can you please run a Combofix scan and post the log in here:
Get a USB stick and copy on it Combofix, then transfer it to the infected computer and perform the following steps:
Please read and follow all the steps very carefully.
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
Hello Adrian,
Most likely you have a file that is missing….. Can you please run a Combofix scan and post the log in here:
Get a USB stick and copy on it Combofix, then transfer it to the infected computer and perform the following steps:
Please read and follow all the steps very carefully.
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
What firewall are you using?Can you please try to stop it from running to see if this will fix your problem.
Hello Raihan,
Lets try to see if we can fix this :
Please read and follow all the steps very carefully.
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2 : Download and run the Complete Internet Repair utility.
1.Download Complete Internet Repair utilityto your desktop
2.Unzip all the files to their own folder on the desktop
3.Within the folder double click CIntRep
4.Select the following items,then press the GO button.
Let me know if this fixed the problem… Also please add the Combofix log to your reply.
Hello Tanya,
The cyber criminals always release new variants of this virus , making it very hard for the security vendors to provide signatures for this attack.
You should really start a thread in our Security Configuration forum as you need to build a layered security config: http://malwaretips.com/Forum-Security-Configuration-Wizard
Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions:)
Thank you so much for writing this tutorial!!!!! You truly helped me! | :)
Hi Stelian, My PC is finnaly working!!!!!
Spent 3 hrs yesterday and 9 hrs today to finally remove it!!! – What an ORDEAL!!
How can such peace of a programme get into computer protected by Kaspersky Anti-virus and a Windows Defender???
Tried various things until got to your web site. I must say Kaspersky would find several troyans, delete them, then restart, then find them again, delete them, restart, and so on, so on…
I suppose I now need to get in and un-install all those HitmanPro and Malwarebutes and RKill?? or should I keep them and register ask my money back from Kaspersky?? I am absolutely pissed off with this sort of proplem, and spent weekend at the computer!!
Please advise.
If your having problems gettin on the net check your internet security settings I had to turn them up just to view this I think it’s due to a counter hack. Then i had to turn the settings down just to download the items. Hope I helped someone
My PC is attacked by Live Security Platinum and I think I made a mistake after the attack. I had two different accounts in my laptop and from another account I ran system restore. Everything seems to be fine but after the restore process, the internet connection is available and there is no sign of Live security platinum but I cant see my system, network and user accounts option. When I click on this options, it stand still and there is no sign of action. Can you help me on this please?
OK,lets make sure this time it’s really gone:
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Next,perform a scan with Malwarebytes and HitmanPro.
Waiting for your reply to tell me if your machine is ok ..
Annnnnd… it’s back.
Help?
All good, I got it, Thanks so much. You are and HSC lifesaver :)
Thankyou so much, bloody Java updates.. One problem, I’m running in safemode now, but MalwareBytes won’t load “Error: Won’t load in Safe Mode” or something like that, I’m running Hitman Pro now though..
thank you so much !!! you just save my life. I can do the practice test on the internet tomorrow now !!! BIG Thank
Thank you soooooo much for writing this tutorial!!!!! You truly helped me! | :)
It keeps saying Server Not Found.
BITS now shows up in Services, and Windows Update appears to respond, but still fails to download updates(progress bar moves, but still says 0KB, 0% complete the whole time), or just freezes, or explorer.exe crashes etc -_-. I tried this (http://support.microsoft.com/kb/956706) solution again, but when I try to start the BITS service I get the following error: “error 2 – The system cannot find the file specified” So close yet so far!!!!!! If it’s any help I still think you’re a friggin’ genius!
Thank You very much…..You help me:))
Hey man, I just REALLY want to express my gratitude for this awesome, helpful info! I was in panic mode when this stupid virus infected my laptop, but everything seems to be running fine ever since I followed your steps on how to remove it.
THANK YOU!!!
Stelian! You da man!
Great tutorial :)
Thankyou so much :D
Hello Martin,
Did you run the registryfix.reg file?
Lets work in NORMAL MODE to see if we can get around this :
Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
2.Please perform a scan with HitmanPro as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
WOW, that was a tough one. It’s the second time in two weeks that a hostage malware came in through a Java update.
Your guide worked wonderfully! Thank you!!
Hi, I got same prob as William that Rkill keeps booting, so trying this way. I downloaded Hit Pro, but when I got to run it onc downloaded it wont let me as it says the same as its an exe file.. Any advise
Thanks a lot, just saved my final dissertation.
Hallo Stelian,
I cannot reply on your last post here.
I did what you aked for, BITS has been created (I see it on the list of Services).
But I cannot run it, I get notification:
“Service BITS cannot be started in Local Computer. Error 2: The given file cannot be found”
I translate it from Dutch, maybe it sounds slightly differen in English.
What kind of file can it be? Maybe missing dll? As far as I know there is an dll needed and associated with all the services, isn’t it?
Updates and Firewall still do not work.
Greetings,
// Adrian
Dear Stelian,
You really save me from very deep troubles. Excellent support.
Thanks a lot !!!
Get a USB stick and copy on it Combofix, then transfer it to the infected computer and perform the following steps:
Please read and follow all the steps very carefully.
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
Hello,
Can you try this steps:
1. Click START
2. Type “cmd” in the Search Box and then press Enter
3. Right-click “cmd.exe” and select “Run as administrator”
4. Click “Continue” on the “User Account Control” Window
5. In the command prompt type the following command
sc create BITS binpath= “c:\windows\system32\svchost.exe -k netsvcs” start= delayed-auto
6.Restart your computer and check if the problem is solved.
Desktop icons are fixed(yayThanks!), but I’m having the same Update problem as Justin (error code 80246008) and also the same Windows Firewall problem. The link you provided in response to his question didn’t work; for Method 1, BITS still doesn’t show up in my services list, and Method 2 didn’t appear to change anything. I made sure to run it as Administrator, but I got the same result. I ran RougeKiller again but didnt come up with anything. Any ideas?
Stelian, You have earned your wings as an angel to many people! Thank you SO much. My computer guy said he would charge me my discounted rate of $130 to find and remove the virus and I did it myself with your instruction in just 3 and a half hours (lots of files to scan on my desktop) while using my laptop for work. I found that Malwarebytes said it could not run in safe mode but I clicked off the message and it ran. :) Also, HitmanPro said my firewall was blocking it but I clicked it again twice and it did it’s thing! Just FYI for those who may feel they are stuck like I did. Keep clicking! :) Thanks again. I’m going over to brag about you on Facebook now.
thanks for this matey!!!!!!
Hi stelian,
I’m having the same problem as claudio. I can not run Internet explorer or google chrome and when I did the first stage the LAN setting was already unchecked. How can I fix this without being able to download any software?
Cheers Wes
Can you try this steps:
1. Click START
2. Type “cmd” in the Search Box and then press Enter
3. Right-click “cmd.exe” and select “Run as administrator”
4. Click “Continue” on the “User Account Control” Window
5. In the command prompt type the following command
sc create BITS binpath= “c:\windows\system32\svchost.exe -k netsvcs” start= delayed-auto
6.Restart your computer and check if the problem is solved.
Hey thanks for this post. Helped me a lot in dealing with that evil malware.
I had the same problem as William… and nothing could be opened and no cursor when running in normal mode.
Fortunately I have access to another computer so I downloaded the portable version of “SuperAntiSpyware”, put it onto a usb drive and opened it up in safe mode on the infected laptop. The program did just enough to allow me to get working again in normal mode and run Malwarebites ( which found a further 8 infected files ).
I don’t know what other havoc it had wreaked, but the machine was still misbehaving, and I couldn’t get MS Security Essentials to switch on, so I rolled back two days and reinstalled/upgraded MS SE. Interesting couple of hours that I could have done without.
Thanks for this article which got me started on the right path to get rid of this gruesome little bug.
Hallo Stelian,
It did not work, situation is still the same.
But because of lack of time I performed only the test with OTL by Old Timer.
Do you think I should perform all the steps again ?
My general feeling is that all the help-topics I find / you post here concern “how to start BITS service up if not started” en my problem is that this “service is some how removed completely”. I read that in XP, Vista it could be installed from the downloadable file but in Win7 it is not possible, it is only installed during system installation. Somebody tried to use install package for Vista, but it did not work (I did not try).
I think the only solution is to reinstall Win7, only then such missing component can be restored.
Greetings,
// Adrian S.
Thanks so much Stelian!!!! You are awesome!! =)
Hello Jakob,
Lets try another way around this :
STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove the detected infections.
STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
1.Download any re-named version of Rkill (direct download links bellow):
RKILL DOWNLOAD LINK #1
RKILL DOWNLOAD LINK #2
RKILL DOWNLOAD LINK #3
2.Next,please perform a scan with Malwarebytes and then do a RogueKiller and Unhide.exe scan as seen on the guide
STEP 3. Run a scan with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is working.. :) Good luck!
Hello William,
Lets try another way around this :
STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove the detected infections.
STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
1.Download any re-named version of Rkill (direct download links bellow):
RKILL DOWNLOAD LINK #1
RKILL DOWNLOAD LINK #2
RKILL DOWNLOAD LINK #3
2.Next,please perform a scan with Malwarebytes and then do a RogueKiller and Unhide.exe scan as seen on the guide
STEP 3. Run a scan with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is working.. :) Good luck!
When i run rkill, right before it’s done, a dialog box comes up and says:
Windows has found a critical error and needs to log off. Please save all your work.
HELP!
Hey Most of the steps mentioned don’t work for me because I just can’t get ANY Programs to run :( I used registryfix.reg in Safe mode but I still can’t run Rkill in regular mode because the virus just blocks the application…
Also I didn’t even have any problems with Proxy Servers the only problem is ,that I can’t open anything including: Browser, registry, taskmanager, RKill NOTHING. Iam really desperate I don’t want to reboot I have many important files on my PC
PLEASE HELP ME :'(
Hello Matt,
Yes,ESET Online scanner will remove automatically all the detected threats…so they’re all gone!
Stay safe!:)
Hi Stelian,
I followed what you daid and continued to RKILL then the next steps (malwarebytes and hitmanpro), which seemed to find and remove the malicious threats. I then rebooted and did an online ESET scan as well, which found 9 more threats. I’m not sure if they were removed or just found. My computer seems to be running ok and I can’t seem to find any trace of Live Platinum left, but ideally I want to remove all threats. What should I do now?
Thank you!
Hello Stelian OMG HOW CAN I THANK YOU I am a person who writes story and after spending a hour trying to fix it I sat and cried I didn’t want to lose anything than I found this I pasted every step and it is finally working THANK YOU SO MUCH I COULD JUST HUG U *Virtal Hug* ;) I will recommend This to all of my friends (:
Hello,
Did you try to uninstall and then re-install back McAfee ?
Hello,
It’s good to see that you’ve manage to get rid of this virus. :)
You can use this software to run a scan with them once a week if you like.As far as your real time protection goes,I advise to install a security product to protect your computer.Below you can find some quick suggestions:
Free – Avast 7 Free version or COMODO Internet Security
Paid : Norton Internet Security 2012,Avast Internet Security 7,G-DATA Internet Security 2012 or ESET Smart Security 5.
Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard
Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions:)
Thanks Stelian! Looks like it did the trick since the Live Security Platinum box isn’t popping up in my regular mode anymore…
I was able to access the internet in Safe Mode with networking however it kept redirecting me to different sites. So I downloaded the programs you mentioned from another computer and put it on a USB to transfer it to the affectted computer. I was then unable to run Hitman Pro using the Force Breach mode in the regular mode so I tried running it in the Safe Mode, which it worked and I followed the rest of your steps there after.
Here’s my Eset Scan results: C:\Users\Lucas\AppData\Local\Temp\jar_cache1130105515261397219.tmp Java/TrojanDownloader.Agent.NEA trojan cleaned by deleting – quarantined
C:\Users\Lucas\AppData\Local\Temp\jar_cache2929406719678060418.tmp Java/Exploit.CVE-2012-0507.AN trojan deleted – quarantined
C:\Users\Lucas\AppData\Local\Temp\jar_cache565304576539688280.tmp multiple threats deleted – quarantined
C:\Users\Lucas\AppData\Local\Temp\jar_cache8792167532769200996.tmp Java/TrojanDownloader.Agent.NEB trojan cleaned by deleting – quarantined
C:\Users\Lucas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\48801dd-2dfebb0b a variant of Win32/Injector.UEZ trojan cleaned by deleting – quarantined
C:\Users\Lucas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2050fca1-7c6dfbdd multiple threats deleted – quarantined
C:\Users\Lucas\AppData\Roaming\ncrsl.dll a variant of Win32/Medfos.BL trojan cleaned by deleting (after the next restart) – quarantined
Just to be on the safe side, how often should these scanners be run? Daily/weekly/monthly?
Should I install an anti virus program to prevent these from happening in he future? If so, is there one that you would recommend? I’ve read that AVG and Avast seems to be the popular ones..
Any advice you could provide would be much appreciated!
N
hi i did all the steps but for some reason my windows defender and mcafee firewall is turned off and i cant turn it on. and i ran a scan with spyware and it says that i have 31 threats but i have to pay im already paying for mcafee. when i scan with hitman only cookies come up and when i scan with malware anti it comes up clean idk what to do can you help please
Thank you so, so much for this wonderful, easy-to-follow guide.
Though some people have mentioned the virus returning, my laptop seems
fine for now, after about 2 hours of battling with this malicious virus.
I was crying in front of my laptop before I decided to borrow my mom’s
to find a way to solve this issue, as my own wouldn’t let me open any site
because “the site may cause harm to [my] computer”, according to the virus.
All my important documents and projects from school are in my laptop,
and, since I use it to write down notes from classes instead of an actual
notebook, so are the notes I took down over the whole year of IB.
And – though not as important – the thousands of videos and pictures I have
been collecting, too…. I don’t know how I could have overcome this problem
without your useful post; I couldn’t find one that was as easy or as assuring
as this one! Really, thank you very much, I think it is wonderful work you’re
doing, saving crucial data – and tears – of so many people. Your guide was
very easy to follow, and your comments – though none of them apply to
myself, for now – are so kind and informative as well.
Thank you, and God bless you ♥
Exact what I did
Hello,
Can you please try to follow the steps from this guide to see if it will fix the Windows Update issue: http://support.microsoft.com/kb/956706
Hello Nancy,
Yes,Security Shield is similar to this rogue so you need to remove it as soon as possible… Please follow the below steps:
STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove the detected infections.
STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
1.Download any re-named version of Rkill (direct download links bellow):
RKILL DOWNLOAD LINK #1
RKILL DOWNLOAD LINK #2
RKILL DOWNLOAD LINK #3
2.Next,please perform a scan with Malwarebytes and then do a RogueKiller and Unhide.exe scan as seen on the guide
STEP 3. Run a scan with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is working.. :) Good luck!
Hello Adrian,
Can you please try to follow this steps to see if we can fix the Windows Update issues > http://malwaretips.com/Thread-West-Yorkshire-Police-Virus?pid=64946#pid64946
Can you please try to run RKILL and then try to merge the registryfix…
Please download this version of RKILL – http://download.bleepingcomputer.com/grinler/rkill.scr
Next,follow the steps in the guide.
Waiting for your reply to tell me who everything works!:)
Hi Stelian.
Thanks for the guide. However, I can’t seem to get past the 3rd step. When I try to download the registry fix it says: “Not all data was successfully written to the registry. Some keys are open by the system or other processes.” I then tried to do my own registry fix from one of your comments and got a message saying it couldn’t be imported and that there is “an error accessing the registry.” Please help!
Hallo Stelian,
I hope that you had a good weekend.
Mine was great but my Win7 still does not work well.
I followed your instructions again. Problem with icons on my desktop has been solved, it is a great news, I like to have my own order…
But Firewall is still not ok (actually I do not know, I get the message that the recommended settings are not used and I cannot use them). Here I get an 0x8007042c error. Probably it is not turned on.
About the updates , Win detects the 7 new updates, but I cannot install them , I get an 80246008 error.
BITS is still not present in the Local Services list.
I tried to solve that following this istruction:
http://support.microsoft.com/kb/971058
I tried to solve it self (typing all the commands in cmd line) but many were not accepted, like those concerning starting/stopping BITS.
Is there a different application working similarily to “Windows Repair (All In One) ” ?
Greetings,
// Adrian Stefanik
Hi Stelian,
Help please! I went to safe mode with networking and used malwarebytes. It found and removed several items but the the live security platinum is still there in regular mode. I re ran malwarebytes again in safe mode but nothing was found this time. I tried going onto the Internet to download other software you’ve mentioned but it keeps redirecting me and now security shield came up which I think is a similar thing to live security platinum? Help please!!!!
N
Hello,
In most cases those tools aren’t need it… the people who are experiencing problems and actually need to run this tools , have other infections on their machine apart from this rogue software:)
Hello,
If you internet connections is working then you can skip this step!:)
Good luck!
Hi Stelian
i did the safe mode step but i do not know how to get on the second one
]
STEP 2: Remove Live Security Platinum malicious proxy server
Live Security Platinum may add a proxy server which prevents the user from accessing the internet,follow the below instructions to remove the proxy.
Start the Internet Explorer browser and if you are using Internet Explorer 9 ,click on the gear icon [Image: IE gear icon] (Tools for Internet Explorer 8 users) ,then select Internet Options.
plz help me I beg u asap
thanks heaps
cheers
dany
thanks your information. wish best for you.
THE BEST.
Thank you SO MUCH!!!
Thank you soooooooo much! Even though it took hours, my computer is once again perfect! You rock!!!
Thank you soooo much! i just finished doing as instructed and everything seems to be ok. Thank God there are people like you out there to help those who need it, if I had lost my computer, I would of lost alot of college work! THANK YOU!
Another satisfied customer of this great work. Going to email/post this great repository of free tools.
Just a suggestion-there is a ton of great info on optional stuff in the comments section; why not add a 7th step of optional steps if the first 6 aren’t successful about using ComboFix, RogueKiller, Avast, Emisoft, ESET Online scanner, etc.
What I did was download everything in “normal” mode, then I rebooted to “Safe Mode with Networking” (although the “networking” part was basically moot….), then I ran everything in the order listed.
Also, I just noticed my AVG isn’t scanning or updating anymore after getting this virus. It just doesn’t do anything. Upon checking the scan logs I see the message as follows:
“Whole computer scan”;”7/28/2012, 4:02 AM”;”The scan log is corrupted (scan has not finished properly)”
I had the same problems as the person above. I used the Rogue Killer and Windows Repair AIO as you said, which did fix the Windows Updates, but still getting errors when trying to install those updates. Also, Windows Firewall still isn’t working. When trying to turn it on I get a window pop up and it says, “Windows Firewall can’t change some of the settings. Error code 0x8007042c” When trying to install the Windows Updates the error code is 80246008.
Thanks for all the help, the tutorial on removing that Live Security Platinum was awesome! I was trying to figure it out all night until I stumbled across this page.
Hello Adrian,
Lets try to fix this.
First run a scan with RogueKiller:
ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
Next,you’ll need to run a File System Check and Disk Check.
To do this , download Windows Repair All In One and install this utility.
Then go to Step 2 (Check File System) and click on “DO IT”, after this step is done, go to Step 3 (System File Check) and again click on “DO IT”.
NEXT,go to the last Startup Repairs tab and click the Start button (bottom right)
Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
Note: Leave everything else unchecked
Let me know everything goes…:D
Hello,
Lets try to fix this.
First run a scan with RogueKiller:
ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
Next,you’ll need to run a File System Check and Disk Check.
To do this , download Windows Repair All In One and install this utility.
Then go to Step 2 (Check File System) and click on “DO IT”, after this step is done, go to Step 3 (System File Check) and again click on “DO IT”.
NEXT,go to the last Startup Repairs tab and click the Start button (bottom right)
Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
Note: Leave everything else unchecked
Let me know everything goes…:D
Thank you for posting this process. However, I need to tell you that rebooting in “Safe Mode with Networking” does not work on a cellular modem. I had to run Windows in normal mode to accomplish all this.
You are an absolute legend and should be knighted, THANK YOU :)
Thank you Stelian, you saved my day, all my work was in the PC and I thought it was all over :(
It is now completely fixed, God bless you.
Thank you very much for this helpfull information. Merci bien.
This worked beautifully!!!! One big problem, however. Since using this process, Windows update no longer works. When I go to the update center in Control Panel, I get a red X and a prompt to check for updates. When I click on said prompt I get a dialogue stating that “the update service is not running, you may need to restart”. Obviously that doesn’t work, so another forum suggests using SERVICES.MSC to find and modify the services named “Background Intelligent Transfer Service” and “Windows Update”. Neither of these services appear on the list. I’ve checked multiple forums and found mostly similar suggestions, none of which seem to work. Another much smaller but mildly annoying issue is that my desktop icons will now left-align at every restart. I’m not sure if that’s related or not. If you think my current symptoms could be related to the programs used to axe Live Security Platinum, please let me know if you can think of any solutions. It would really make my day(again)!
thank you so much i cant thank you anougth, your my hero :) thanks huni xxxxxxxx
Hi, thank you for your tips, I entered the serial you gave me and installed avg antivirus that god rid of the shitty Live security platinum shitty virus
OK, I discovered that I cannot update my Windows because the BITS service is not running (Background Intelligent Trasfer Service). I cannot run it , because it is missing (does not appear in the Local Services list).
I could not find the answer yet how to fix that…
// Adrian Stefanik
Hallo Stelian,
I followed your advice and have tried some other things, but still I cannot turn on my firewall (Win 7 Home Premium). Moreover, I cannot install any updates (I get notification that “Windows Update service is not active, restart your computer”). When I look into the msconfig I see that all the services are turned on as well. “Tweaking.com – Windows Repair” did not solve the problems. My desktop icons still won’t stay at the given positions…
Do you have any more ideas what could help?
Best regards,
// Adrian Stefanik
Uninstall that crappy antivirus,then run Combofix.After Combofix has finished its job , go to avast.com and download and install Avast Antivius 7 Free….. ;)
Next,reply back on how things are running.
Hello,
Lets try to fix this problem:
1.Download Complete Internet Repair utilityto your desktop
2.Unzip all the files to their own folder on the desktop
3.Within the folder double click CIntRep
4.Select the following items,then press the GO button.
Hello,
Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
2.Please perform a scan with HitmanPro as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
My computer’s internet browser still doesn’t connects with internet?
Thanks for the tips… I am a PhD student with all my life on my laptop and only a month away from defense!!! I can’t lose my laptop now!
I am stuck at step 4, as I seem not to be able to run RKill. I tried all the renamed versions as well, but when I double click on it, nothing happens… Help me please :(
Hi, I have downloaded the Combo fix as per your instruction. I don’t have any firewall running, but I have Ad Aware Antivirus with Antispyware, I have unchecked everything I could from the window start up menu and I’ve also turned off the real time protection, but I cannot turn off the green shield button and Combo fix is detecting it as real time scanner still active. What shall I do please, how do I turn it off?
Thanks for your help.
Hello,
If you have a USB disk then download and copy the Combofix utility on it and then copy/paste on the infected computer.. then run it as you see in the below instructions:
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Waiting for your reply to tell if you have a working internet connection or not… :P
Hello,
This is the best comment by far!!! :)) Thank you!
Stay safe Martin!
Thank you so much Stelian! Your step-by-step guide was very helpful God bless you.
Another problem I’m facing now is, after the removal of the Live Security Platinum, my Internet explorer and Firefox browsers are unable to connect to the internet, and it has also disabled my windows firewall and will not allow me to switch it on.
Please help me!!
Stelian, I would make love to you all night and day, if I was that way inclined. I thought my laptop was finished. I sat in the corner and wept for its possessed soul. By a remarkable stroke of luck I found this guide, followed it step-by-step and Voila! The malware has vanished. I couldn’t be happier. Send me your address so I can send you some cake and my worn underwear. You’ll need to, er… send me your credit card details first.
Yes thank you very much for the activation key. it allowed me to send one of the nastiest ignorant hatefull messages i have ever written in my lifetime that i can surely hope reaches the software developer whoever gave us this key thank you very much you are a beautiful soul and should feel great about yourself.
Thank you so much! Your step by step instructions saved my computer.
Thank you so much. I thought that I was going to have to buy a new computer or a Mac.
Thank you so much. You just saved my life :D
Thank you so much for the information you have provided, my work computer was down with this virus, i thought i lost all my financial records and everything on QuickBooks, i couldnt even run payroll, and my computer wouldnt boot into normal mode. This fixed everything, thank you again for saving me lots of time, frustation, and money.
THANK YOU!
Can you please use the activation code: AA39754E-715219CE and then try again to merge this file.
Waiting for your reply to tell me if it worked or not.
Can you please run a scan with Combofix:
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
i cannot thank you enough! this tutorial saved my life!
The same big thanks, I had thought to check “self advertised” program and without Your help I had to stay on my second operating system Linux Ubuntu or re-install operating system, over 90 $ for not essential help, I had in the background the soft Kaspersky software, I had made mistake within installation, thanks of the very good document and help …
The Live Security Platinum is still responding in my computer. Can you please give me some more advice.
Help! When I try to run Registry Editor, I get an error that says, “Cannot import C:\……registryfix.reg: Not all data was successfully written to the registry. Some keys are open by the system or other processes.” What do I do?
thanks for the phenomenal help
can’t really tell you how much I appreciated this blog nor how much it has helped me!
Thank you so much for this tutorial!!!
I was completely stuck and these instructions are very clear and easy to follow.
You’re a life saver, thank you!
Thank you so much for posting all this information, Stelian. My Daughter’s computer was infested with this horrible virus and I managed to fix it following your very clear instructions. I am very, very grateful.
Thanks again!
Allie
I had the virus and this guide helped me through everything, thank you so much, but I do have a question. It seems that the original source of the virus was installed 3 months prior to it doing anything, so it was just laying dormant until I came across some weird looking files and attempted to delete them; that’s when the virus unleashed. I’ve gotten viruses like this one before in other PC’s, but is that normal, for a virus to just lay dormant? :O That’s never happened to me before; usually as soon as I get it, it attacks.
Hello,
You can add that license key before booting in Safe Mode with Networking…even so this is just an optional step so all I can say it’s good luck following the instructions!:D
Stay safe!
THANK YOU SOOOO MUCH!! Worked great!
I love you. No really. I do. What a PITA this was today when all the sudden my very existence was brought to a screeching halt with this stupid virus. Thank you SO much for the easy to follow, step by step instructions as I am a blonde and if you didn’t, I would be crying to my IT team at work begging them to fix it and would have probably gotten talked into having to make them ALL dinner. I think I know how I got it :0( meh. Last week I downloaded a “free tv” toolbar that was awesome for the one freaking show I watched. Word to wize, Don’t be a cheap fool.
THANK YOU SO MUCH for this. You’re an angel ………………
Written for people like me who know nothing about Computers – it helped me clear away this flipping awful thing.
Hi Stelian,
I guess it’s my turn now to be infected with this ‘virus’ (?).
Your instructions are very clear and I will follow them very shortly… But, please can you clarify when the registration code for Live Security Platinum is to entered? Before I shut the computer down to start it in Safe Mode or after I’ve booted the pc up to safe mode with networking?
Thank you.
Chris
Hello,
Hello,
Can you please run a scan with Combofix:
Download ComboFix from one of these locations:
Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
Link 1
Link 2
* IMPORTANT !!! Save ComboFix to your Desktop
See HERE for help
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, ComboFix will produce a log.
Note:
1. Do not mouseclick combofix’s window while it’s running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
Then report back if your issue is fixed or not!
Hello,
Can you please run a scan with Combofix:
Download ComboFix from one of these locations:
Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
Link 1
Link 2
* IMPORTANT !!! Save ComboFix to your Desktop
See HERE for help
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, ComboFix will produce a log.
Note:
1. Do not mouseclick combofix’s window while it’s running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
Then report back if your issue is fixed or not!
No,you don’t need to add anything in that box…Just uncheck that option,than follow the guide.
Good luck!
Thanks!!! You’ve saved me!
Hello,
Is this your personal computer or from work?
You can perform a scan with the following utilities
1.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Thanks for the tutorial, it was a great help! I’ve finally got rid of this awful virus. Good job!!!
New Zealand
Hi, It is great tutorial and thank you so much.. I have done the HitmanPro but could not get the Activate free license on the screen to remove the malicious files.
hi. thanks for d clear guide. i do not know how on earth been effected by this live security platinum software! zzz..
Thanx!!! This virus at least let me get to this site and you helped me a lot!!!! Runing Eset Nod now and it looks clean as always!
I don’t even know how the hell I got this security platinum virus … but thanks to you I’m all out of it! You’re awesome!
My friend Stelian Pilici:
Thank you for the information! Great tutorial! Simple and easy!
You save my daughter´s computer.
Jackson – Brazil
i have a problem about the LAN setting.what should i fill in the address box??? should i put the same as you did like XXX.XXX.XX..
tq
Hi, thanks for the tutorial. Everything seems fine now, however there is still something stopping my firewalls from being on. i click it in and it turns off again staright away. I use mcafee. and my windows one brings up a error code. Any ideas?
Hello,
I have followed your steps and the virus are now gone but my internet dont work in normal mode only in safemode. I really need help because my job is all in the internet. I’m writing to you from safemode right now.
Regards,
thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Hello,
Most likely you;ve got some sort of plugin on Firefox which is causing that..
Please perform the below steps:
1.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
2.Reset Firefox to its default settings by using this guide: http://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems
Hi Sir – Just wanted to say thanks for the tutorial! Quick question – a day or so after I got my internet back my google results began to get hijacked to random ads for something I was searching for but not a normal google results page. Everything else on my cpu seems to work correctly except for this. What would you recommend for this? I have since downloaded Chrome and love it but this applies to Firefox browser, which is what I was using when I was infected. I won’t use it anymore but want to make sure I can get rid of it.
thank you vvvvvvvvvvvvvvvvvvvvvvvvvvvvveryyyyyyyyyyyyyyyyyyy muuch
Great advices thank you! but why is scan cloud getting so late to load, it’s been 2 hours now
I clicked on a tv guide online link to the death of Sage stallone, when i went into safemode that showed me all the web pages i have previously opened, and only that one page was different than the normal web pages i usually open with no problem, so be careful what you click online!
This tutorial is a life saver!! I was freaking out when Live Security Platinum plagued my computer, but this effective and easy guide completely got rid of the malware and saved my computer. A HUGE thank you!!
Hello,
Lets try to do another check-up,just to make sure everything is really gone;
STEP 3. Run a scan with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is working.. :) Good luck!
Thanks so much for this information to take care of this virus! I have gotten this same virus twice do you think I didn’t get rid of it the first time and why do you think I got it again?
Was stuck at the no internet stage for awhile, luckily I found this site before it got cut off. Now I have a fighting chance. Thank you so much!
Thank you So much for this tutorial! I was in sheer panic before I found this wonderful site!
Everything Seems to be fine again (Fingers tightly crossed)
Thankyou again Malwaretips.com
At a first look this could be related to a hardware problem,but that’s just an opinion.Question: IF you use Internet Explorer or Firefox ,your computer won’t shut down?
You can delete/remove any tools that you have used in the malware removal process.
Did you follow the guide?Did you scan with Malwarebytes and HitmanPro?
How to I get rid of that “live security platinum virus” that has invaded my laptop when my microsoft security essentials software was up to date? HELP
No,there is no need to scan with ESET if you are already using their product:).
Stay safe!
Hey, great tutorial, helped me to remove this. Just one question, I have Eset Smart Security 5 Antivirus, I ran scan and it shows that everything is clean and OK, so my question is, should I run scan of Eset Online Scanner ?
Hi,
I scan my laptop with Hitamanpro, I found some threats like below.C\WINDOWS\SYSTEM32\DRIVERS\
contains characteristics of an identified security risk.
When I use google crome after some time my laptop automatically shutdown. please help me
What I can do for Rkreport and ESET REPORT file save on desktop. Can I deleate them?
When I can remove or delete any programme in sysem my PC automatically shutdown.
YOU DESERVE A MEDAL!MY HERO!!! THANK YOU FROM THE BOTTOM OF MY HEART!!
Hi,
Thanks for your help, great site, easy to follow “how to do” :)
Daniel – Denmark
Hello,
Please follow the below steps…
STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove all the detected threats.
STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
1.Download any re-named version of Rkill (direct download links bellow):
RKILL DOWNLOAD LINK #1
RKILL DOWNLOAD LINK #2
RKILL DOWNLOAD LINK #3
2.Next,please perform a scan with Malwarebytes as seen on the guide.
STEP 3. Run a scan with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is working.. :) Good luck!
Hello,
First of all, thank you for providing this info. I tried to get my computer to go into “Safe Mode with Networking.” I tap F8 and I get to the right screen. I select the correct option but then it will not put me into Safe Mode with Networking. What can I do?
Chris
I would recommend that you use Google Chrome as your default browser because it has a lot more in-built security than Internet Explorer…
HitmanPro has a free trial however in your case it seems that it has encountered a problem…. Please scan again with HitmanPro and if it finds any threats write the path on the infected file and then post them here…we will manually remove them. :)
Regarding the mouse not working, open the Device Manager (Instructions :http://windows.microsoft.com/en-us/windows-vista/Open-Device-Manager) and check the mouse tab Mice and other pointing devices…. What do you see? Try to update the driver and scan for hardware changes….. Also try to unplug and then plug back in your mouse… :)
Hi,
Now I think my laptop working good.
When I start internet explorer, there is notice now update ur internet explorer . so I update my interent exporer or download google crome?
My laptop mouse also not working properly.
And wt about Hitaman pro, it still not free.
Thanks
I’ll contact the HitmanPro developers and let them know about the missing activation button…..
In the mean time please run a scan with RogueKiller.
ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
NEXT,
Download Windows Repair by Tweaking.com to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com
Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
Note: Leave everything else unchecked
Next,reset Internet Explorer settings:
Let me know how everything is running.As a personal opinion , you should really switch your browser to Google Chrome or Mozilla Firefox as Internet Explorer is a very targeted browser by the cyber criminals.
Hi,
Thanks for help me. I run Hitmanpro, but its after scan there is no facility for free licence activation.
After scan with Malwarebytes no threats there.
Now My laptop working in Normal mode, but some time my internet exporer stop automatically. This is problem of threats.
And should i remove Hitaman pro?
Ok….Did you run the HitmanPro and Malwarebytes scans?
How is your compute running in Normal Mode?Any problems?
HI,
My laptop working on safe mode.
This is my ESET SCAN THREATS
C:\Archivos de programa\BringMeSports_1c\bar\1.bin\1cdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application Win32/Adware.Yontoo.B application
ETC…..
C:\WINDOWS\system32\drivers\5ef0cac4b951a0ef.sys a variant of Win32/Rootkit.Kryptik.MN trojan
Now I start my computer in Normal mode.
Please reply me as soon as possible.
Thanks
I can do all the things but I can not download rkill. And hitaman pro also not free. Please reply me now what I do. Now my computer is good but some time internet explorer stop automatically. I already removed Live security platinum, so why this happened?
Thanks very much , I am a quadriplegic and i spend 3 days to find a solution , you was the best and you communicate with all, answering our questions. thanks a lot.
Well,it’s just another check up..if your computer is ok..then you can skip it…
now is ok, but the ESET running very slow and cutting is it important to do this step?
HitmanPro should have remove the malware so RKILL isn’t need it anymore….however please run a scan with Malwarebytes just to see if that got all the malicious files.
Next,run a scan with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Hi hello, many thanks hitman pro worked fine but cannot run rkill, i get an installation failed and a dos screen flashes briefly, seem to have remove the malware though?, thanks again
Ok, now I understand… Please go in Safe Mode again and run the HitmanPro scan and then the RogueKiller…
Next, boot back in Normal Mode and Run the ESET Online scan.
yes i did run Malwarebytes scan and i did all previouse steps in safe mode but when i switch to the normal mode i couldnt do anything.
Did you run the Malwarebytes scan?
Can you run the ESET Online Scan?
i cannot run Hitmanpro in ForceBreach this is the problem
Please run HitmanPro in ForceBreach mode as seen in my previous reply,and remove any malicious files detected.
NEXT,download any re-named version of Rkill (direct download links bellow):
RKILL DOWNLOAD LINK #1
RKILL DOWNLOAD LINK #2
RKILL DOWNLOAD LINK #3
2.Next,please perform a scan with Malwarebytes as seen on the guide.
After you have completed this scan, please run a RogueKiller and ESET Scan.
thanks for your replay, i tried to download RogueKiller but i couldnt
[Windows cannot access the specified file, You may not have permissions to access tjhe items]
please help
Hello meme,
Please run a scan with RogueKiller.
ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
NEXT,download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (>> For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (>> For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove all the detected threats.
NEXT, run a s can with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is working.. :) Good luck!
Hi,
First thank you for your effort, i did all but i couldnt terminate the whole processes to start hitmanpro, please help me.
thanks very much
I did it as your tutorial. Thanks so much! God bless you! :D
Hello John!
Hello,
STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove the detected threats.
Step 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
1.Download any re-named version of Rkill (direct download links bellow):
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
http://download.bleepingcomputer.com/grinler/rkill.scr
2.Next,please follow the guide starting with the Malwarebytes scan.
Let me know , how everything goes.
hi, i cannot access the internet in safe mode, can i follow your instructions in normal mode, regards john
Do you have any other browsers installed?
Did you try to use the license key on the post?
Lets try this trick:
Hold down the WINDOWS key and press the R key,this should brind up the Run box…. In it, please type the below content…
iexplore.exe http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
Let the program run,until a log its produced (5 – 10 minutes max)
Next, hold down the WINDOWS key and press the R key,this should brind up the Run box…. In it, please type the below content…
iexplore.exe http://www.malwarebytes.org/mbam-download-exe.php
Update and Run a full system scan with Malwarebytes as seen on the above guide.
Let me know how everything goes…
Hello, I tried following the above instructions but can’t start internet explore in safe mode or normal mode to be able to make the recommend downloads, looks like its disabled IE all together regardless of the mode I run in. How do i get to the next steps without being able to download the recommend softwares?
Help… Claudio
Yes,that’s right…If you removed the detected infections by HitmanPro then Live Platinum Security should be gone. :)
I think he’s asking if he deletes hitman pro will the Live Security Platinum come back? In which case I would think the answer is no, unless you do again what you did to let it on in the first place
Please read carefully the advice from my previous reply and scan with the recommended software as you need to remove this infection as soon as possible!
It worked like a charm!! Thanks, Stelian, you’re a rockstar!!
Nevermind the previous comment, I realized I was reading the wrong comment. I am going to try the hitman pro option and go from there.
Thank you for all your help.
Hi Stellan,
I read the link you sent me to about malware and have come to the conclusion my computer was infected by the Live Security Platinum malware from the way I closed a pop-up. The information was helpful, however I am still unclear as to how to remove this from my computer?
I removed Norton Antivirus from my computer because it was slowing my laptop down, but if I re-install Norton, will Norton get rid of Live Security Plus?
If you say that you didn’t run any file than you’re most likely the victim of a drive-by or exploit.
Here are some other common points of infections: http://malwaretips.com/blogs/from-where-did-my-pc-got-infected/
Anyway I strongly recommend that you check-up your PC security configuration in our Security Configuration Wizard forum because a decent antivirus should have prevent this infection.
It would be beneficial also to read this article: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ … :)
Stay safe!
I want to know how the heck does one infected with this? I haven’t downloaded or installed anything. Isn’t some kind of user interaction necessary?
Hello,
STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove the detected threats.
Step 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
1.Download any re-named version of Rkill (direct download links bellow):
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
http://download.bleepingcomputer.com/grinler/rkill.scr
2.Next,please follow the guide starting with the Malwarebytes scan.
Let me know , how everything goes.
Hi,
I have made it successfully to the “RKill” step, however, everytime I attempt to download Rkill, the black screen pops up saying “preparing rkill” then it just disappears. The rkill log never comes up. I have tried the other options to download rkill, but it doesn’t seem to work. Please help!
Got hit with this pesky virus but thanks to your tutorial was able to follow your advice and thankfully all seems to be working properly again.
Much appreciate your help. Thank you.
You are actually a life saver! Live security removed , thank you so so much!
Thank you. You are wonderful people.
So grateful. Platinum virus removed. Would have been lost without your efforts.
Your efforts are appreciated.
My computer is behaving fairly normal really i mean its a little slower then usual, but i havent had anymore popups from live security platinium, im on internet explorer that was where all the problems we’re they started when i was using google.
Looks good!How is your computer behaving?On which browser do you have problems?
HitmanPro is a legit software….If you want to remove it , just go to the Add/Remove Programs in Windows… :_)
Stay safe!
If I delete the hitmanpro will the thing come back?
Hi
Heres the results from the ESET scan you asked me to run sorry there seems to be a fair few:
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting – quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting – quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting – quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting – quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting – quarantined
C:\Users\clare\AppData\Local\Temp\YontooSetup-S.exe probably a variant of Win32/Adware.SLITAT application cleaned by deleting – quarantined
C:\Users\clare\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application cleaned by deleting – quarantined
C:\Users\clare\AppData\Local\Temp\is1754315082\ezLooker-S-Setup_Suite1.exe probably a variant of Win32/Adware.DFJFHGU application cleaned by deleting – quarantined
C:\Users\clare\AppData\Local\Temp\is1754315082\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting – quarantined
C:\Users\clare\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7becc332-36586cd0 a variant of Win32/Injector.TNC trojan cleaned by deleting – quarantined
Thanks
Clare
Hi,
Thank you so much. The original instructions above were all I needed to seemingly remove Live Security Platinum from my desktop (except I didn’t install the hitman pro. Running Malwarebytes again in regular mode, then Symantec. Lucky that this didn’t seem to include a rootkit… had a nasty one last fall….. worse infection ever!
Its most likely ,just a left over icon :)
Anyway please run a scan with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Hello,
Please re-run a scan with Malwarebytes.
Next,please run a scan with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Thank you so much for your guide! It worked well… the first time. I had removed it this past Wednesday evening using your guide, except I didn’t run Hitmanpro. I ran symantec instead. Then it happened again Friday morning and ran through your guide again, using hitmanpro this time. But all of a sudden my programs shut down just now. It came back AGAIN. I’m glad there’s a way to get rid of it… but is there a way to keep it away for GOOD? I don’t even know where I’m picking this up from. Hope to hear back from you soon, thanks!
Hi
Thank you so much for all your help i carried out your instructions and it seems to have worked, but i was wondering if you could help with something all the scans seemed to have worked but on my taskbar it still has live security platinium 3.5.7 listed as an option to add to my taskbar, is this just an icon or is it still installed on my computer?? Help would be much appreciated.
Thanks Clare
Don’t need to re-install windows.. Just follow the steps from this guide: http://support.microsoft.com/kb/2530126
BTW did you run the ESET Online Scan?
Goodmornig Stelian,
Thank you for your hint, I followed the instructions, but those two problems are not solved. I still cannot switch on my Firewall and the icons on the desktop do not want to stay on their places…
Firewall is a bigger issue I think.
I cannot just switch on the Firewall in Window 7, what I see is only:
“Use recommended settings” – translated from Dutch, I have Dutch Windows. I can say “Use those recommended” and I see “Windows Firewall cannot change all the changes” , error 0x8007042c.
You helped me a lot so you do not have to help me on this , in worst case I will reinstall my Windows, but maybe you can learn something on my example (that would be kind of reward for your engagement).
Best regards,
// Adrian S.
YOU ARE A GENIUS. Thank you so freakin’ much! I didn’t have problems removing it thanks to this tutorial! :D
Thanks for your help! With this article’s advice & one other free anti virus program, hopefully I have ridden my computer. It sucks that someone would create a program to do so much harm & frustration
Download Windows Repair by Tweaking.com to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com
Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
Note: Leave everything else unchecked
Hello,
Please run a scan with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
I’ll talk with the HitmanPro developers to see how we can fix this….
Until then please perform a scan with ESET Online Scanner.
Please run a scan with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Yes,all the software is free to use for removal… :)
Good luck!
Thanks much. I’m not a techie by any means. Your instructions are simple and easy to follow. Just finished and everything seems to be good – posted a link on Facebook for others to find you, just in case.
Stelian, please know that your fixes worked. I ran both downloads and full system scans. Malwarebytes uncovered 10 threats and HitmanPro 48 tracking cookies. Wife’s laptop back to normal and a smile back on both our faces. Thanks!!!
I have got to the penultimate step but there is no option to ‘activate a free trial’! Gutted, took me almost two hours to get to this stage. Is there a workaround?
I cannot get RKill to install. I get an Installation Failed message and the log does not indicate that a single process was killed. I downloaded alternately named versions fo RKill but that did not work. What’s next?
–Andy
That’s me once again…
I am having now problems with Windows 7.
After I restarted the system all my icons move to one side of the screen (I have made the groups). It is irritating me.
But the second is – I cannot turn on my Firewall!! This is really bad…
I get an error: 0x80070424…
I will search tomorrow, I will try to fix those two. But I think there is more , my system is not revovered completely… Very bad.
I wish you a nive evening.
Bye!
// Adrian Stefanik
Hallo Stelian,
Thanks a lot!!! It seems to be removed, but I see that Live Security Platinum application is still present on my disc, in C:\ProgramData\B7E8…..367
ProgramData is hidden folder, i had to change an folder option to see it.
I am going to remove it now (whole folder B7E8…..367 ).
Removed…. I am restarting my PC now….
Two strange thing as far… My Windows Security Essentials does not work (says that it is not an installed service when I try to scan, I cannot change the settings ) and in Start menu when I type a word Live, the Live Security Platinum is found with it’s location ::\ProgramData\B7E8…..367 , bus folder B7E8…..367 does not exist anymore!
Greetings and thanks again!
// Adrian Stefanik
So kind of you to so promptly respond–kudos! Not familiar with Malwarebytes or HitmanPro. Are these sites with (hopefully) free software downloads to proceed?
Let the Norton Full System scan complete….The heuristic engine might detect the malicious files….
Next,run a scan with Malwarebytes and HitmanPro as seen on the guide. :)
This Live Security malware…..I am running Norton Internet Security full system scan right now. Will that do anything to remove this malware or must i do your above fix procedure (like I’m paying Symantec for…what?)
If HitmanPro will detect any infections, make sure that they aren’t false possitive or compromised critical system files before removing them!:)
As far as the left over icon..yo can just go ahead and delete it.
Hallo Stelian,
As far it is going good, I am now performing the scan with HitmanPro.
The scan with Malwarebytes Anti-Malware FREE went good but after that I could still see the Live Security Platinium application icon in Start menu.
I will try to remove all manually if it will not disappear after the action of Hitman.
Greetings
// Adrian Stefanik
Hi Stelian,
I am just following your procedure on my second laptop that has been just infected. And I am praying in the same time…
I’ll let you know if it works…
Who makes such shit-stupid-software? Stupid Live Security Platinum… I have never experienced any infection like that before.
Greetings,
// Adrian Stefanik
I have just added a serial key… Use that so the rogue antivirus won’t bother you :) _ then follow the guide.
Serial Key: AA39754E-715219CE
If it doesn’t work… reply back and we’ll go from there!
Hi, Thanks for your help. I also cant connect to internet in safe mode. I tried normal mode as you instructed to download Hitman but the malware takes over before i can get onto my browser.
Any ideas please, thanks doug
ps the people who come up with this stuff need putting away.
thanks!
Thanks Stelian!Got this virus from an email attachment, your guide saved my PC.
Thank you! It worked perfectly for me!
Hello,
You most likely had a Zero Access rootkit on your system,which infected one of your Windows drivers……
Do you have the Windows XP CD?If yes, then perform a System Repair a seen on this video : http://www.youtube.com/watch?v=KNOQ0sCYY8s
My Dell has been infected with Live Security Platinum, bringing in its train (apparently) Symantec Proxy Email Virus. I followed all the steps above without problems, and threats or traces were removed at each point. After the Emsisoft scan finished, I rebooted, but now am unable to get past the Welcome page. When I click my user icon, the Windows XP just closes down. I have tried opening in Safe Mode, with the same result. Can you advise? I have not yet been able to check whether the viruses have gone or not – and maybe I have a new one, now!
I’ll comment to the HitmanPro developers for analysis… In the mean time , you can perform a scan with Emsisoft Anti-Malware…
Perform a system scan with Emsisoft Anti-Malware:
Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.
Thanks for that, it all worked except at the very end it didnt come up with the activate free licsense option on hit man pro.
1.Run the below registry fix!
A.Copy all the text in bold below and paste to Notepad/Text Document
B.THIS IS VERY IMPORTANT! Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)
C. Double-click on fix.reg file to run it. Click “Yes” for Registry Editor prompt window. Then click OK.
NEXT,
1.Download any re-named version of Rkill (direct download links bellow):
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
http://download.bleepingcomputer.com/grinler/rkill.scr
2.Next,please perform a scan with Malwarebytes as seen on the guide.
3. : Perform a system scan with Emsisoft Anti-Malware as seen on my previous reply!
Thank you, but it still comes up with “your current security settings will not allow you to perform this function” every time I try download HitManPro. It will not let me watch the tutorial on YouTube at all. :( What else can I do?!?!?!?!
Please follow the below instructions:
STEP 1 : While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove all the detected threats.
STEP 2: Download/Run Rkill and then run a scan with Malwarebytes.
1.Download any re-named version of Rkill (direct download links bellow):
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
http://download.bleepingcomputer.com/grinler/rkill.scr
2.Next,please perform a scan with Malwarebytes as seen on the guide.
STEP3 : Perform a system scan with Emsisoft Anti-Malware:
Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.
PLEASE HELP!!!! I am a technologically challenged teacher and have attempted to do all the things you have suggested but nothing will download and it refuses to allow me on the internet in “safe mode with netoworking”. It keeps telling me my current security settings won’t allow me to download the programmes you’ve suggested! I am at my wits end! I desperately need to do work and can not get rid of this malware!!!! :( :(
OPTION 1 : While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove all the detected threats.
VERY IMPORTANT!: When HitmanPro will detect the infections, make sure that they aren’t false possitive or compromised critical system files before removing them!I’m saying this because usually when you can’t connect to the internet while in Safe Mode with Networking could mean that you have other infections besides this Smart HDD Rogue.
4.Run Rkill and then a scan with Malwarebytes.
OPTION 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes.
1.Download any re-named version of Rkill (direct download links bellow):
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
http://download.bleepingcomputer.com/grinler/rkill.scr
2.Next,please perform a scan with Malwarebytes as seen on the guide and then a scan with HitmanPro.
Let me know , how everything goes!
I have attempted to follow your instructions but the virus keeps blocking all attempts to open any of the downloads to fix the problem
Is there something else I can try?
Thank you so much! That dumb virus was really annoying me, and this helped alot!
Stay safe!:D
thank you so much it’s worked
OPTION 1 : While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove all the detected threats.
VERY IMPORTANT!: When HitmanPro will detect the infections, make sure that they aren’t false possitive or compromised critical system files before removing them!I’m saying this because usually when you can’t connect to the internet while in Safe Mode with Networking could mean that you have other infections besides this Smart HDD Rogue.
4.Run Rkill and then a scan with Malwarebytes.
OPTION 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes.
1.Download any re-named version of Rkill (direct download links bellow):
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
http://download.bleepingcomputer.com/grinler/rkill.scr
2.Next,please perform a scan with Malwarebytes as seen on the guide and then a scan with HitmanPro.
Let me know , how everything goes!
i can not connect to the internet while in network safe mode…. plz help me
much easier. Trash your computer with windows and buy a new one with linux, mac osx or something better. You would do a favor to the rest of the world.
so far seems to have worked perfectly – thanks so much for making this fix publicly available and best of all free
Hello,
Try this :
Option 1 : Try to download a different named Rkill (direct download links bellow):
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
http://download.bleepingcomputer.com/grinler/rkill.scr
And then follow the guide starting with the Malwarebytes scan.
If that doesn’t work please try to do this:
Option 2: Download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. If it start ,let it scan and remove all the detected threats , then perform a scan with Malwarebytes.
If you are still experiencing problems , start a thread in our Malware Removal Support forum : http://malwaretips.com/Forum-Help-my-PC-is-infected
It worked for me thank you..
Worked a treat!
Thanks.
Hi i followed as shown above and when i run the renamed verion of rkill it says “C:/Users/xxxx/AppData/Local/Temp/RarSFX0 folder is not accessible Please Help.
Thank you!Worked perfectly :party:
Hello,
Did you run RKILL before starting the scan?
Give the Malwarebytes scan some time to complete (around 1-2 hours) if the problem persist , stop this scan and then start a HitmanPro scan.
After you’ve removed all the detected threats by HitmanPro , please re-scan with Malwarebytes.
I’ll wait for your reply , and help you if need it.
Good luck:)
im having slight problems doing the remove live security platinum. its seemed to have stopped on 14,22s and crashed or frozen. its not responding and the mouse seems to manover very slowley?
thanks
Jase
It doesn’t hurt to do it…. Malwarebytes and HitmanPro should have completely remove this rogue antivirus, however if you want to do another check , then you can go ahead and go a scan with Emsisoft.
Stay safe!
Hi, Thanks for the easy to follow guide, really useful.
Is it best practice to do the Emsisoft scan following the normal procedure anyway?
G
YOU THE MAN!
+1 :D
Stay safe!
Hello Joel,
Please re-scan your computer with Malwarebytes and HitmanPro.
Next , perform a system scan with Emsisoft Anti-Malware:
Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.
If you are still experiencing problems , start a thread in our Malware Removal Support forum : http://malwaretips.com/Forum-Malware-Removal-Assistance
Great tutorial!! Just followed the directions and that crap is gone from my comp. Screw you geek squad (150 bucks my ass)!!! Thanks!
I followed the above instructions to remove Live Security Platinum from my wife’s home PC last night, and it appeared to have worked…both Malwarebytes and HitmanPro detected and deleted items. This morning my wife was using using Firefox and logged into her Google account and whenever she would perform a search and click on a link it would redirect her to a different site, but when she logged out of Google it wouldn’t do that. She just called to inform me that Live Security Platinum appeared again on the PC. The only two sites she was on was Facebook and Google. I am at a loss and I don’t understand how Live Security Platinum can still be on the system after following all of the instructions above. I would greatly appreciate any suggestions or advice you may have as to what I can do to repair this problem.
I feel a bit of a muppet about how I let this get onto my system. Thanks for your help.