Home > Threats > PC Live Guard

PC Live Guard - Misleading Computer Application

Posted on 3 January 2010 under Rogue Programs

1. What is PC Live Guard?

PC Live Guard is unreliable computer security tool that uses scare tactics in order to convince user that his computer is infected, in hope to receive cash benefits.

PC Live Guard is installed through fake online computer scanner, which tricks user into downloading the program. Online scanner will simulate PC scan giving forged report in the end, which states that computer viruses have been found. To remove them user will be suggested to download PC Live Guard.

PC Live Guard will disable Windows Security Center adding shield shaped icon in the taskbar area. The program will create the following fake System alerts:
  • PC Live Guard has detected potentially harmful software in your system. It is strongly recommended that you register PC Live Guard to remove all found threats immediately.
  • Click here to remove all potentially harmful programs found immediately using PC Live Guard.
  • Suspicious software which may be malicious has been detected on your PC. Click here to remove this threat immediately using PC Live Guard.
PC Live Guard uses silent install mode, when application is installed without user's intervention. After the main program window appeared, computer scan will be started, which will end in creating a report with the following threat names:
  • BAT.Looper
  • Packed.Win32.PolyCrypt
  • SpamTool.Win32.Delfi.h
  • Trojan.BAT.AntiV.a
  • Trojan-IM.Win32.Faker.a
  • Trojan-PSW.BAT.Cunter
  • Trojan-PSW.VBS.Half
  • Trojan-PSW.Win32.Antigen.a
  • Trojan-PSW.Win32.Delfi.d
  • Trojan-PSW.Win32.Fantast
  • Trojan-PSW.Win32.Hooker
  • Trojan-SMS.J2ME.RedBrowser.a
  • Trojan-Spy.HTML.Bankfraud.ix
  • Trojan-Spy.HTML.Bayfraud.hn
  • Trojan-Spy.HTML.Citifraud
  • Trojan-Spy.HTML.Sunfraud.a
  • Virus.BAT.Gray.705
  • Virus.BAT.IBBM.ClsV
  • Virus.Win32.Faker.a
Each name is assigned to the file in C:\Documents and Settings\[username]\Recent, which is considered to be a virus. But in reality it is not. As shown by the research, none of the files are dangerous. They are dropped on the machine at the time of PC Live Guard installation in order to show user that the program has found something. To make it look more convincing, warnings named "Virus detected" and "Identity theft attempt detected" will pop in the middle of the screen time to time. By clicking on "Remove All" Activation Page will open asking user to subscribe for PC Live Guard software license. Do not make any payments as PC Live Guard is rogue software and will not help any security related issues.

2. PC Live Guard screen shot:

PC Live Guard

3. How to remove PC Live Guard:

  1. Internet connection might be disabled or Internet browser might be blocked by PC Live Guard, so it won't be possible to download any files to infected computer. In this case please download all files required for PC Live Guard removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove PC Live Guard download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove PC Live Guard.

  5. Restart the computer to complete PC Live Guard removal procedure.

4. PC Live Guard files:

setup_build8_287.exe (setup file)
packupdate_build7_287.exe (setup file)
C:\Documents and Settings\All Users\Application Data\6fbb698\PC6fbb.exe

5. Hijackthis entries:

O4 - HKLM\..\Run: [PC Live Guard] "C:\Documents and Settings\All Users\Application Data\6fbb698\PC6fbb.exe" /s /d