An exercise in total frustration for the user who has caught it, and also for the person asked to fix it.
This rogue anti-virus will not let go. Everything that the user tries to do is intercepted. Any attempt to search for and download tools to thwart it are blocked or re-directed, and core Windows functions are disabled or removed in their entirety.
So, how did I remove it from a client computer? I will tell you now that LUCK played a part.
First, I took the drive from the client machine and hooked it up to mine via the X-Port on the top of my CM690 case.
Next, I ran an ESET NOD32 virus check on the drive. This took some time, and there was a short period after the check had finished where ESET decides what to do with the offending files.
I then ran Malwarebytes on the drive which cleared out the rest of Live Platinum Security.
Having replaced the drive back into the original host machine, I booted it and, sure enough, Live Platinum Security had been wiped out.
Good so far? Well, yes and no.
When I tried to run Windows Update, it wouldn’t do anything. Six ‘regsvr32’ entries got it going but then I got the 80246008 error which equates to no ‘BITS’ service. I found a marked ‘answer’ to the problem in MS Answers which was most definitely NOT an answer, and then sat back to think about the problem.
Aha.. The computer is clear of the main issue. I wonder if a System Restore would get it back to a point where it was working.?
I am seriously glad that Windows 7 system restore is as reliable as it is. As luck would have it, there was a restore point dated two days BEFORE the introduction of LPS, and it worked.
All I had to do after the restore was uninstall and re-install MSE, run the last critical updates, and VOILA. A working computer where I didn’t have to back up the client machine and do a complete re-install of everything.
I don’t know how any technically challenged computer user could have done the above because there is rarely if ever a second machine with or without an easy hook up. The machine was completely unworkable with LPS running which was the intention of the LPS author, and I do have some sympathy with computer users who catch this type of malware.
Personally, I think that it would be a good idea for users to create a restore point whenever they finish a session on their computers. One never knows when something like LPS is going to hit, and while creating a restore point every time is an annoyance, boy did it help in this instance..
Bear in mind that Windows 7 will only automatically create a new restore point if none have been created in the last 7 days, which is why I am suggesting a manual one at the very least on a daily basis..
Thu, Sep 13 2012 9:33