Live Enterprise Suite is a rogue antispyware program. It is a clone of Internet Antivirus Pro, which is also a rogue antispyware application. Live Enterprise Suite usually distributed through the use of trojans that come from malicious websites that pretend to be online malware scanners. When the trojan is started, it will download and install Live Enterprise Suite onto your computer.
During installation, Live Enterprise Suite will be configured to run automatically each time you logon into Windows. Once started, the fake security application will run a system scan and labels legitimate Windows files and not existing files as infections that will not be fixed unless you first purchase the program. Important to know, all of these reported infections are fake, so you can safely ignore the scan results that Live Enterprise Suite gives you.
The same trojan that installs Live Enterprise Suite will also install a variant of trojan TDSS that may block user access to security websites and hijack search engines results. Last, but not least, while Live Enterprise Suite is running, you will be shown a fake Windows Security Center, nag screens, fake security alerts and notifications from Windows task bar. An example:
System Alert
Your PC is still infected with dangerous viruses. Activate
antivirus protection to prevent data loss and to avoid the
theft of your credit card details. Click here to activate
protection.
However, all of these alerts and pop-ups are a fake and like scan false results should be ignored! If you are infected with Live Enterprise Suite, then use these removal instructions below, which will remove Live Enterprise Suite and any other infections you may have on your computer for free.
More screen shoots of Live Enterprise Suite
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Run: [Live Enterprise Suite] “C:\program files\Internet Antivirus Pro\IAPro.exe” /s
O4 – HKCU\..\Policies\Explorer\Run: [inandorand] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CD Burning\atoutfor.exe
O4 – HKCU\..\Policies\Explorer\Run: [] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CD Burning\atoutfor.exe
O23 – Service: Guard Service (HTGrdEngine) – Unknown owner – C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\services.exe
Use the following instructions to remove Live Enterprise Suite (Uninstall instructions)
Download TDSSKiller from here and unzip to your desktop.
Open TDSSKiller folder and double click the TDSSKiller icon. When the scan is finished, you will see window similar to the one below.
TDSSKiller
Close all programs and press Y key.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Live Enterprise Suite infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Live Enterprise Suite removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Live Enterprise Suite creates the following files and folders
%UserProfile%\Application Data\Live Enterprise Suite\settings.ini
%UserProfile%\Application Data\Live Enterprise Suite\uill.ini
%UserProfile%\Application Data\Live Enterprise Suite\unins000.exe
%UserProfile%\Application Data\Live Enterprise Suite\db\config.cfg
%UserProfile%\Application Data\Live Enterprise Suite\db\Timeout.inf
%UserProfile%\Application Data\Live Enterprise Suite\db\Urls.inf
C:\Program Files\Internet Antivirus Pro
C:\Program Files\Internet Antivirus Pro\db
C:\Program Files\Internet Antivirus Pro\Languages
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro
%UserProfile%\Application Data\Live Enterprise Suite
%UserProfile%\Application Data\Live Enterprise Suite\db
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
c:\program files\Internet Antivirus Pro\IAPro.exe
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
C:\Program Files\Internet Antivirus Pro\activate.ico
C:\Program Files\Internet Antivirus Pro\Explorer.ico
C:\Program Files\Internet Antivirus Pro\unins000.dat
C:\Program Files\Internet Antivirus Pro\uninstall.ico
C:\Program Files\Internet Antivirus Pro\working.log
C:\Program Files\Internet Antivirus Pro\db\DBInfo.ver
C:\Program Files\Internet Antivirus Pro\db\ia080614.db
C:\Program Files\Internet Antivirus Pro\db\lists.ini
C:\Program Files\Internet Antivirus Pro\db\WMILib.dll
C:\Program Files\Internet Antivirus Pro\Languages\IAEs.lng
C:\Program Files\Internet Antivirus Pro\Languages\IAFr.lng
C:\Program Files\Internet Antivirus Pro\Languages\IAGer.lng
C:\Program Files\Internet Antivirus Pro\Languages\IAIt.lng
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro Home Page.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Internet Antivirus Pro.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Purchase License.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ghost Antivirus.lnk
C:\Documents and Settings\All Users\Desktop\Internet Antivirus Pro.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
Live Enterprise Suite creates the following registry keys and values
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\htgrdengine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\567 1.4.2.0_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Enterprise Suite_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTGRDENGINE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\live enterprise suite
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft windows logon process
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Preferences\addontemplatesdir
HKEY_CURRENT_USER\SOFTWARE\Microsoft\FTP\searchdir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\realdebugger
