How to Remove Live Enterprise Suite | Live Enterprise Suite Removal Guide
Live Enterprise Suite is yet another rogue security application. This is a successor to the frustrating Internet Antivirus Pro and Ghost Antivirus rogues. Like many of these security rogues they are pushed through malware and aggressive advertising. This may be a website that when visited a screen pops up that appears to be doing a scan on your computer. However, everyone sees the same video when they visit the site, so you may see the same message whether you’re browsing with windows, apple mac or linux. Unfortunately, this trick is effective and many will click on the link they provide which installs the software on the local machine. Read on for how to remove live enterprise suite.
Among the other usual nuisances of these pests, this one also installs the TDL3 rootkit and disables task manager. It also deactivates security software that it is able to find and get rid of. This can be a very challenging infection to clean up and you may need to resort to a livecd and deleting some of the files to regain control over the system. You may use either the recovery console or a bartpe/ultimate boot cd disk or even a linux boot disk to remove the files.
There are a number of other things you may try to remove this rogue. First you may want to visit the control panel and add/remove programs and attempt to uninstall live enterprise suite. It probably won’t work, but is worth a try. If it DOES work, then you should scan your system with a malware removal tool such as superantispyware or malwarebytes antimalware (or both) and a reputable antivirus before considering it clean.
To remove live enterprise suite you will want to use an automated tool if at all possible such as superantispywares portable scanner or malwarebytes antimalware (both can be found on the virus removal tools page.) The portable scanner from superantispyware is easier and has some advantages. 1) it is randomly named each download so, is not likely to be noticed and terminated by the rogue. 2) It is updated daily, so you don’t need to check for updates if you’ve downloaded the portable scanner fresh today. That much said, you may not be able to download anything on the affected machine, so make use of a usb flash drive for this and a clean computer.
If you have trouble running either superantispyware’s portable scanner or the malwarebytes antimalware installer you may try the following and then re-attempt to run your chosen cleaner. 1) rename the program to something that will be more likely allowed to run (explorer.exe iexplore.exe firefox.exe are good candidates.) 2) reboot into safe mode with networking and try running again. Malwarebytes will need safe mode with networking to perform an update to make certain that you have the latest definition updates.
Remove anything that is found and scan again. I usually keep scanning and alternate malware removal/antivirus tools until the system is clean. If you have trouble logging in to windows after cleaning, then read this for suggestions on what to do.
The files associated with live enterprise suite are listed below. You will need to delete this files if you have to do a manual removal of live enterprise suite. You may make use of the recovery console or a windows live cd such as bartpe, ultimate bootcd or a linux boot cd to be able to remove the files listed. Unfortunately some of the files are randomly named and so will be different from one install to another. For this reason, you need to be careful in determining which files to delete. Use the locations seen here, the files you see on your system and your best judgment to decide. (When in doubt make a folder to quarantine to and MOVE the files there.)
%user%\Application Data\Live Enterprise Suite
%user%\Application Data\Live Enterprise Suite\settings.ini
%user%\Application Data\Live Enterprise Suite\uill.ini
%user%\Application Data\Live Enterprise Suite\unins000.exe
%user%\Application Data\Live Enterprise Suite\updateloadlist.ini
%user%\Application Data\Live Enterprise Suite\db
%user%\Application Data\Live Enterprise Suite\db\config.cfg
%user%\Application Data\Live Enterprise Suite\db\Timeout.inf
%user%\Application Data\Live Enterprise Suite\db\Urls.inf
%user%\Application Data\Microsoft\Windows\winlogon.exe
%user%\Local Settings\Application Data\Microsoft\Windows\log.txt
%user%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%user%\Local Settings\Application Data\Microsoft\Windows\services.exe
%user%\My Documents\My Pictures\atbyin.exe
%progfiles%\Common Files\RANDOMchar.exe
%progfiles%\Common Files\RANDOMcalc.exe
%progfiles%\Live Enterprise Suite
%progfiles%\Live Enterprise Suite\activate.ico
%progfiles%\Live Enterprise Suite\Explorer.ico
%progfiles%\Live Enterprise Suite\Live Enterprise Suite.exe
%progfiles%\Live Enterprise Suite\unins000.dat
%progfiles%\Live Enterprise Suite\uninstall.ico
%progfiles%\Live Enterprise Suite\working.log
%win%\system32\RANDOM.dll
%win%\system32\RANDOM.dll
I’m still working to confirm/complete the list of files above. Even after a full manual removal of live enterprise suite you should follow up with scans using a trusted malware removal tool such as superantispyware or malwarebytes antimalware. Also, scan with a reputable antivirus application. Reputable doesn’t have to mean a paid antivirus, free is okay, an online scanner can be all right, just make sure that it is a more trusted name such as AVG/avira/trendmicro/norton/mcafee/etc.