Generalscansite.com
Generalscansite.com is a scam site that advertises the Live Enterprise Suite rogue software. Generalscansite.com is quite tricky since it is able to modify user's browsers and make the users visit its domain whether they want to or not. Sly Trojan horses are responsible for this browser redirect phenomenon. When a user enters Generalscansite.com, he/she will receive a lot of pop-ups that informs him/her about some type of malware infections detected. After that, the user will be presented with a fake online scan which is a counterfeit animation aimed at trusting computer users. The user will then be prompted to purchase Live Enterprise Suite in order to remove the "detected" malware. Do not fall for this scam.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite 2 %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\db 3 %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\db\config.cfg 4 %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\db\Timeout.inf 5 %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\db\Urls.inf 6 %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\settings.ini 7 %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\uill.ini 8 %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\unins000.exe 9 %Documents and Settings%\[UserName]\Application Data\Live Enterprise Suite\updateloadlist.ini 10 %Documents and Settings%\[UserName]\Application Data\Microsoft\Windows\winlogon.exe 11 %Documents and Settings%\[UserName]\Local Settings\Application 12 %Documents and Settings%\[UserName]\Local Settings\Application Data\Microsoft\Windows\pguard.ini 13 %Documents and Settings%\[UserName]\Local Settings\Application Data\Microsoft\Windows\services.exe 14 %Documents and Settings%\[UserName]\My Documents\My Pictures\atbyin.exe 15 %Program Files%\Common Files\[random path]calc.exe 16 %Program Files%\Common Files\]random path]char.exe 17 Data\Microsoft\Windows\log.txt
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Live Enterprise Suite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows logon process"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION "svchost.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "Debugger"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "RealDebugger"HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HTGRDENGINEHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTGrdEngineHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTGRDENGINEHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTGrdEngineHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}567 1.4.2.0_is1Live Enterprise Suite_is1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.