Home > Threats > Live Enterprise Suite

Live Enterprise Suite

Posted on 26 January 2010 under Rogue Programs

1. What is Live Enterprise Suite?

Live Enterprise Suite is useless and confusing software, aimed to make a profit by fooling computer users. The program is a clone of already known from the past rogue anti-virus - Internet Antivirus Pro. Such rogue programs are installed with the help of Trojans, covered by online computer scanner or codec, needed to watch video content. Live Enterprise Suite is intended to convince user that his computer system is in danger and needs urgent protection. All of it can result in unsafe cash transfers and disclosure of private data to third parties.

After Live Enterprise Suite has been installed, computer scan will be started, where legitimate Windows files, needed to run OS smoothly, will be detected as computer threats, assigning the name of a virus each of them. The user may not notice that these are harmless files, thus believing into a scam. After PC scan, the victim will be suggested to hit "Cleanup" button to protect Windows and delete malicious files. Clicking the button will direct user to Live Enterprise Suite Registration page. Do not make any payments, because even after "licensed" program version has been purchased, no virus removal or computer protection functions will be working.

In order to enhance user's fears about computer infections, Live Enterprise Suite will be configured to run each time Windows are started. Furthermore System alerts will be displayed in the taskbar area stating that:
  • Your PC is still infected with dangerous viruses. It is strongly recommended to activate antivirus protection to prevent data loss and to avoid the theft of your credit card details. Click here to activate protection.
  • Spyware.BrowserDeath activity detected. This kind of spyware attempts to steal passwords from Internet Explorer, Mozilla Firefox, Opera and other programs, including logins and passwords from online banking sessions, eBay, Payp.
To begin Live Enterprise Suite removal process:
  • While running Windows in normal mode, malicious processes won't let to download any files. Safe Mode is required to download removal tool:
    1. Restart the computer;
    2. As soon as white letters on a black background appear, start tapping F8 key on your keyboard;
    3. After Windows Advanced Options Menu appeared, select an option "Safe Mode with Networking";
    4. Log in as a user;
    5. Act Yes on Desktop warning;
    6. Download Live Enterprise Suite removal tool to Desktop, but do not install yet;
    7. Restart and boot the computer as usual;
    8. Follow these installation instructions.

2. Live Enterprise Suite screen shot:

Live Enterprise Suite

3. How to remove Live Enterprise Suite:

  1. Internet connection might be disabled or Internet browser might be blocked by Live Enterprise Suite, so it won't be possible to download any files to infected computer. In this case please download all files required for Live Enterprise Suite removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove Live Enterprise Suite download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove Live Enterprise Suite.

  5. Restart the computer to complete Live Enterprise Suite removal procedure.

4. Live Enterprise Suite files:

C:\Program Files\Internet Antivirus Pro\IAPro.exe

5. Hijackthis entries:

O4 - HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\user\Application Data\Microsoft\Windows\winlogon.exe
O4 - HKCU\..\Run: [Live Enterprise Suite] "c:\program files\Internet Antivirus Pro\IAPro.exe" /s
O4 - HKCU\..\Policies\Explorer\Run: [foratof] "C:\WINDOWS\system32\mui\0404\foratof.exe"
O23 - Service: Guard Service (HTGrdEngine) - Unknown owner - C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\services.exe