Live Security Professional
Posted: July 31, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 16,976 |
|---|---|
| Threat Level: | 10/10 |
| Infected PCs: | 225 |
| First Seen: | July 31, 2013 |
|---|---|
| Last Seen: | September 28, 2023 |
| OS(es) Affected: | Windows |
Live Security Professional is a rogue anti-malware scanner based on the Winwebsec family – a group of scamware products that specialize in delivering false security information, blocking other programs, hijacking your browser and harming the overall security status of your PC. By causing these problems while also pretending to be able to remove the nonexistent PC threats that Live Security Professional 'detects,' Live Security Professional attempts to trick its victims into purchasing a fake registered version of its software. SpywareRemove.com malware researchers have found Live Security Professional to be just as much scamware as any other member of WinWeb Security and recommend deleting Live Security Professional with a legitimate anti-malware product as soon as you can manage.
Live Security Professional: a Professional Con Man with Fake Alerts Galore
Live Security Professional is a scamware product that tries to fake the aesthetics of an anti-malware scanner, including its system scans and pop-up warnings, without providing any real defenses against malicious software. SpywareRemove.com malware researchers previously found that brand names within Live Security Professional's family of Winwebsec also can be highly variable, and include members like Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Personal Shield Pro, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus. However, the symptoms between Live Security Professional and its brethren largely are consistent despite minor changes in the appearances of these related fake anti-malware programs.
By default, Live Security Professional may be used for some or all of the following attacks:
- Blocking other programs arbitrarily (with notable exceptions for programs that are necessary for launching Live Security Professional, as well as your Web browsers – although Live Security Professional has other attacks specific to them, as noted below).
- Live Security Professional will not block your browser, but Live Security Professional will block specific websites, using the opportunity to display a self-promotional warning message. Live Security Professional also may announce that your browser is infected with spyware, such as a keylogger.
- Your security settings also will be lowered in several ways. Live Security Professional can disable your firewall, block Windows updates and disable the Windows UAC, amongst other attacks.
- Live Security Professional also creates fake pop-up alerts about various PC threats at random intervals – or whenever Live Security Professional blocks a program. When these attacks are combined with its basic appearance as an anti-malware scanner, Live Security Professional clearly is intended to force its victims to pay money for the removal of these imaginary threats. Naturally, SpywareRemove.com malware experts can find no benefits to paying for Live Security Professional or heeding any of its inaccurate security advice.
Turning to Real Security to Get Rid of Your Fake Security
With a full understanding of all of Live Security Professional's capabilities, it should be reasonably obvious that Live Security Professional is a security danger to your PC rather than a net benefit. In the very probable case of Live Security Professional severely impeding your access to necessary security-related programs, SpywareRemove.com malware research team can recommend several means of disabling Live Security Professional – such as booting from a flash drive or using Safe Mode.
Live Security Professional should be removed by an appropriate anti-malware product – since Live Security Professional includes components that are designed to be concealed for avoiding deletion. Since Live Security Professional does not install itself without some assistance from other PC threats, there also may be other malware related to Live Security Professional's presence on your computer that also will need to be detected and removed.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:ej1rw.pad
File name: ej1rw.padSize: 95.02 MB (95023320 bytes)
MD5: 323c6483f2f9ec9b26e38f4fd0053f95
Detection count: 26
Mime Type: unknown/pad
Group: Malware file
Last Updated: August 7, 2013
file.exe
File name: file.exeSize: 122.36 KB (122368 bytes)
MD5: 72e4b6f95e45c578874fc67034fc4e89
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 1, 2020
ej1rw.js
File name: ej1rw.jsSize: 2.65 KB (2655 bytes)
MD5: 242e7a56b8841a23f5dcbad8b74f4087
Detection count: 1
File type: JavaScript file
Mime Type: unknown/js
Group: Malware file
Last Updated: August 7, 2013
%StartMenu%\Programs\Startup\regmonstd.lnk
File name: %StartMenu%\Programs\Startup\regmonstd.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Temp%\tratra.lnk
File name: %Temp%\tratra.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].js
File name: %AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].jsFile type: JavaScript file
Mime Type: unknown/js
Group: Malware file
%AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].txt
File name: %AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].txtMime Type: unknown/txt
Group: Malware file
%AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].dat
File name: %AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].datFile type: Data file
Mime Type: unknown/dat
Group: Malware file
%AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].pad
File name: %AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].padMime Type: unknown/pad
Group: Malware file
%AllUsersProfile%\Application Data\sdaksda.txt
File name: %AllUsersProfile%\Application Data\sdaksda.txtMime Type: unknown/txt
Group: Malware file
%AllUsersProfile%\Application Data\rundll32.exe
File name: %AllUsersProfile%\Application Data\rundll32.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Registry Modifications
Regexp file mask%ALLUSERSPROFILE%\Application Data\rundll32.exe%ALLUSERSPROFILE%\rundll32.exeHKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ctfmon32.exe" = "C:\DOCUME~1\ALLUSE~1\APPLIC~1\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\[RANDOM NUMBERS AND CHARACTERS].dat,XFG00"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Live Security ProfessionalHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ShowedCheckBrowser YesHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner 1HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Internet Settings\Zones\1\2500 3HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2500 3HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Internet Settings\Zones\4\2500 3HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Internet Settings\Zones\3\2500 3HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Internet Settings\Zones\2\2500 3HKEY..\..\..\..{RegistryKeys}Software\Live Security Professional
Additional Information
| # | Message |
|---|---|
| 1 | Live Security Professional Live Security Professional has blocked cmd.exe! Threat detected! |
| 2 | Threat detected! Security Alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform a security scan. |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.