Live Security Platinum is a computer infection from the Rogue.WinWebSec family. This program is categorized as a rogue anti-spyware program because it displays false scan results, fake security alerts, and hijacks your computer so that you are unable to run applications on your computer. This program is typically installed through hacked web sites that exploit vulnerabilities on your computer or via fake online anti-malware scanners that state you are infected. Once the infection is installed, it will create a random folder and a randomly named executable in c:\Documents and Settings\All Users\Application Data\, in XP, or C:\ProgramData, in Windows Vista and Windows 7. Live Security Platinum will then be configured to start automatically when you login to your computer.
Once the program is running it will pretend to scan your computer for infections and when finished state that there are numerous infected files on your computer. If you then attempt to clean your computer using Live Security Platinum it will display an alert stating that you first need to purchase the program before doing so. As the files in the scan results either do not exist or are not infected, you should ignore the scan results and not purchase the program.
To protect itself, Live Security Platinum will also terminate any programs you attempt to run. It does this so that you cannot run your anti-virus programs or use specialized tools that may assist you in removing the program. When you attempt to run a program it will instead display an alert that states the program is infected. The message that you will see when it terminates a program is:
Application cannot be executed. The file notepad.exe is infected.
Please activate your antivirus software.
This infection will also hijack Internet Explorer so that you cannot visit most sites. When you attempt to visit a site it will instead display a security alert that contains the following text:
Warning! The site you are trying to visit may harm your computer!
Your security setting level puts your computer at risk!
When you see this message you can safely click on the Ignore warnings and visit that site in the current state (not recommended) link so that you can visit the site you are trying to go to.
While started, Live Security Platinum will also display fake security alerts and warnings from your Windows taskbar. These alerts are designed to scare you into thinking that your computer is severely infected so that you will then purchase the program. Some of these messages include:
Live Security Platinum Warning
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss.
Click here to block unathorised <sic> modification by removing threats. (Recommended)
Live Security Platinum Firewall Alert
Live Security Platinum Firewall has blocked a program from accessing the internet.
Internet Explorer Internet Browser is infected with SVCHOST.Stealth.Keylogger. This worm is trying to send your credit card details using Internet Explorer Internet Browser to connect to remove host.
Live Security Platinum Warning
Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Click here to remove it immediately with Live Security Platinum.
Just like the fake scan results, these security alerts are all false and should be ignored.
As you can see, this rogue was created for the sole purpose of scaring you into thinking that your computer has a myriad of security issues and that your personal information is at risk so that you will then purchase it. It goes without saying that you should definitely not purchase Live Security Platinum, and if you already have, please contact your credit card company and dispute the charges stating that the program is a scam and a computer virus. To remove Live Security Platinum and other related malware, please use the free removal guide below.
Self Help Guide
- Print out these instructions as we will need to reboot your computer and you may not have access to your web browser for part of this process.
- As this infection can start before your normal Windows desktop appears, we first need to reboot your computer into Safe Mode with Networking. To
do this, turn your computer off and then back on and when you
see anything on the screen, immediately start tapping the F8 key on your
keyboard. Eventually you will be brought to a menu similar to the one below:
Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. If you are having trouble entering safe mode, then please use the following tutorial: How to start Windows in Safe Mode
Windows will now boot into safe mode with networking and prompt you to login as a user.
- Please login as the user that is infected with
Live Security Platinum
. When your Windows desktop appears, right-click on the Internet Explorer, or your other browser of choice, and select Run As or Run as Administrator. If Windows prompts you for the Administrator password, please enter it and then Internet Explorer should launch. Now go to the follow page:
When you get to the above page, click on the Download Renamed Version button and save the file to your C:\ drive.
Please note: If you are unable to login as Administrator, then you will need to download the file onto a USB flash drive or CDROM from a clean computer. Then in a later step we will copy them to the infected computer. Then proceed to Step 5.
- Once FixExec has been downloaded to your computer or is stored on a flash drive/CDROM, log off from the Administrator account, but stay in Safe Mode.
- You should now be at the Safe Mode logon prompt again. This time logon as your normal, but now infected, user.
- If you were not able to logon as Administrator and download the files, please copy the FixExec.com file that you stored on your USB flash drive and store them on your Windows desktop.
At this point, whether you downloaded them as Administrator or used a flash drive to copy them over, you should have the FixExec.com file located in your C:\ folder.
Live Security Platinum
is running, just minimize it and any other programs so that you can see your desktop. Navigate to the C:\ folder and double-click on the FixExec.com program. Allow the program to run and when its done,
Live Security Platinum should no longer be running and you can now launch your executables again. If you would like more information on what FixExec did on your computer, please read the FixExec.txt log on your desktop.
Note: If you received a message that FixExec was not able to extract a file, then please move the FixExec.com file to your Windows desktop and try again.
- When FixExec is done, click on the Start button and then select Control
- When in the Control Panel, double-click on one of the options below depending
on your version of Windows
- For Windows XP double-click on the Add or Remove Programs icon.
- For Windows Vista and Windows 7, double-click on the Uninstall
- For Windows XP double-click on the Add or Remove Programs icon.
- When the Add or Remove Programs or the Uninstall Program screen is displayed,
please scroll through the list of programs and double-click on each of the
entries listed in bold below to uninstall them.
When you double-click on each of the above entries to uninstall them, please follow the default prompts and allow it to terminate the infection and remove the executable associated with the program. If it asks you to reboot, please do not do so. If you cant find the entry to uninstall, or when it is done uninstalling, please continue with the next step.
- This infection may change your Windows settings to use a proxy server that
will not allow you to browse any pages on the Internet with Internet Explorer
or update security software. Regardless of the web browser you use, for these
instructions we will first need need to fix this problem so that we can download
the utilities we need to remove this infection.
Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options as shown in the image below.
- You should now be in the Internet Options screen as shown in the image below.
Now click on the Connections tab as designated by the blue arrow above.
- You will now be at the Connections tab as shown by the image below.
Now click on the Lan Settings button as designated by the blue arrow above.
- You will now be at the Local Area Network (LAN) settings screen as shown
by the image below.
Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.
- At this point you should download Malwarebytes Anti-Malware, or MBAM, to scan your computer for any any infections or adware that may be present. Please download Malwarebytes from the following
location and save it to your desktop:
Malwarebytes Anti-Malware Download Link (Download page will open in a new window)
- Once downloaded, close all programs and Windows on your computer, including
- Double-click on the icon on your desktop named mbam-setup-bc.1878-22.214.171.1243.exe.
This will start the installation of MBAM onto your computer.
- When the installation begins, keep following the prompts in order to continue
with the installation process. Do not make any changes to default settings
and when the program has finished installing, make sure you leave Launch
Malwarebytes Anti-Malware checked. Then click on the Finish button. If MalwareBytes prompts you to reboot, please do not do so.
- MBAM will now start and you will be at the main screen as shown below.
Please click on the Scan Now button to start the scan. If there is an update available for Malwarebytes it will automatically download and install it before performing the scan.
- MBAM will now start scanning your computer for malware. This process can
take quite a while, so we suggest you do something else and periodically
check on the status of the scan to see when it is finished.
- When MBAM is finished scanning it will display a screen that displays any malware that it has detected. Please note that the infections found may be different
than what is shown in the image below due to the guide being updated for newer versions of MBAM.
You should now click on the Remove Selected button to remove all the seleted malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
- You can now exit the MBAM program.
- Now reboot your computer back to normal mode.
- After rebooting if you are still unable to access the Internet, please confirm that your browser is not configured to use a proxy by following the instructions in steps 4-7. It is not required to perform these steps in Windows Safe Mode.
- As many rogues and other malware are installed through vulnerabilities found
in out-dated and insecure programs, it is strongly suggested that you use
Secunia PSI to scan for vulnerable programs on your computer. A tutorial on
how to use Secunia PSI to scan for vulnerable programs can be found here:
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
Your computer should now be free of the Live Security Platinum program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future.