Live PC Care

4 December 2009 Rogue 0 Comment

Live PC Care is an unwanted application that spreads over the Internet making use of fake antivirus web sites. Specific Trojan may also download the malware to computers without user’s knowledge. Once on the system, Live PC Care will install itself and configures to run automatically once Windows starts. The technique is accomplished as a result of system files and registry modification. Live PC Care tries to get user’s attention by implementing recurring security warnings prompting to buy the licensed version in order to take out viruses from the PC. A standard virus scan is also initiates after Windows log-on that will display misleading detections. It attempts to convince user into obtaining the registered version of the fake software.

Just like any other rogue programs you may encounter, Live PC Care will not be able to get rid by Windows Add/Remove Programs function. Live PC Care does not provide a module for that operation. Once the rogue software gets inside, taking it out manually is close to impossible. You will need tools and knowledge to tweak certain configuration to revert back changes made by the fake software. For instant removal, we have provided a guide to completely eliminate Live PC Care.

Screen Shot Image:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Characteristics (Analysis)
Unlike Trojans and virus infection, Live PC Care does not infect files locally. Network computers are not threatened from this rogue security application. However, there are Trojans and viruses working closely with Live PC Care that can posses’ risks on a network environment. Rogue programs as Live PC Care is single-minded in executing pay-per-install scheme to bring-in revenue for its developer.

Added Registry Entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Live PC Care"
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\xp_5ea56.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "[xSP_2:213vd3395e69e29f71abba93a68c4181_7]"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no" 

Associated Files and Folders:

C:\Program Files\Mozilla Firefox\searchplugins\search.xml 
C:\Documents and Settings\All Users\Application Data\213vd
C:\Documents and Settings\All Users\Application Data\213vd\LP415.exe
C:\Documents and Settings\All Users\Application Data\213vd\LPCC.ico
C:\Documents and Settings\All Users\Application Data\213vd\8233.mof
C:\Documents and Settings\All Users\Application Data\213vd\mozcrt19.dll
C:\Documents and Settings\All Users\Application Data\213vd\sqlite3.dll
C:\Documents and Settings\All Users\Application Data\213vd\LPCCSys\vd952342.bd
C:\Documents and Settings\All Users\Application Data\LPCCSys
C:\Documents and Settings\All Users\Application Data\LPCCSys\LPCC.cfg
%UserProfile%\Application Data\Live PC Care
%UserProfile%\Application Data\Live PC Care\cookies.sqlite
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Live PC Care.lnk
%UserProfile%\Desktop\Live PC Care.lnk
%UserProfile%\Recent\cb.drv
%UserProfile%\Recent\CLSV.sys
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\fan.exe
%UserProfile%\Recent\FW.dll
%UserProfile%\Recent\hymt.drv
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.dll
%UserProfile%\Recent\ppal.sys
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\SM.dll
%UserProfile%\Start Menu\Live PC Care.lnk
%UserProfile%\Start Menu\Programs\Live PC Care.lnk

1. Kill any running process that belongs to Live PC Care.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
LP415.exe

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Live PC Care"
- Close registry editor. Changes made will be save automatically.

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Live PC Care.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'

Automatic Removal of Live PC Care

In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.