Home Malware Programs Rogue Anti-Spyware Programs Live Security Professional

Live Security Professional

Posted: July 31, 2013

Threat Metric

Ranking: 16,976
Threat Level: 10/10
Infected PCs: 225
First Seen: July 31, 2013
Last Seen: September 28, 2023
OS(es) Affected: Windows

Live Security Professional is a rogue anti-malware scanner based on the Winwebsec family – a group of scamware products that specialize in delivering false security information, blocking other programs, hijacking your browser and harming the overall security status of your PC. By causing these problems while also pretending to be able to remove the nonexistent PC threats that Live Security Professional 'detects,' Live Security Professional attempts to trick its victims into purchasing a fake registered version of its software. SpywareRemove.com malware researchers have found Live Security Professional to be just as much scamware as any other member of WinWeb Security and recommend deleting Live Security Professional with a legitimate anti-malware product as soon as you can manage.

Live Security Professional: a Professional Con Man with Fake Alerts Galore

Live Security Professional is a scamware product that tries to fake the aesthetics of an anti-malware scanner, including its system scans and pop-up warnings, without providing any real defenses against malicious software. SpywareRemove.com malware researchers previously found that brand names within Live Security Professional's family of Winwebsec also can be highly variable, and include members like Antivirus Security, System Security, AntiSpyware Pro 2009, Total Security, Total Security 2009, Security Tool, Trojan.RogueAV.a.gen, System Adware Scanner 2010, FakeAlert-KW.e, Advanced Security Tool 2010, System Tool 2011, MS Removal Tool, Antivirus Center, Security Shield, Personal Shield Pro, Advanced PC Shield 2012, Security Sphere 2012 and Futurro Antivirus. However, the symptoms between Live Security Professional and its brethren largely are consistent despite minor changes in the appearances of these related fake anti-malware programs.

By default, Live Security Professional may be used for some or all of the following attacks:

  • Blocking other programs arbitrarily (with notable exceptions for programs that are necessary for launching Live Security Professional, as well as your Web browsers – although Live Security Professional has other attacks specific to them, as noted below).
  • Live Security Professional will not block your browser, but Live Security Professional will block specific websites, using the opportunity to display a self-promotional warning message. Live Security Professional also may announce that your browser is infected with spyware, such as a keylogger.
  • Your security settings also will be lowered in several ways. Live Security Professional can disable your firewall, block Windows updates and disable the Windows UAC, amongst other attacks.
  • Live Security Professional also creates fake pop-up alerts about various PC threats at random intervals – or whenever Live Security Professional blocks a program. When these attacks are combined with its basic appearance as an anti-malware scanner, Live Security Professional clearly is intended to force its victims to pay money for the removal of these imaginary threats. Naturally, SpywareRemove.com malware experts can find no benefits to paying for Live Security Professional or heeding any of its inaccurate security advice.

Turning to Real Security to Get Rid of Your Fake Security

With a full understanding of all of Live Security Professional's capabilities, it should be reasonably obvious that Live Security Professional is a security danger to your PC rather than a net benefit. In the very probable case of Live Security Professional severely impeding your access to necessary security-related programs, SpywareRemove.com malware research team can recommend several means of disabling Live Security Professional – such as booting from a flash drive or using Safe Mode.

Live Security Professional should be removed by an appropriate anti-malware product – since Live Security Professional includes components that are designed to be concealed for avoiding deletion. Since Live Security Professional does not install itself without some assistance from other PC threats, there also may be other malware related to Live Security Professional's presence on your computer that also will need to be detected and removed.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



ej1rw.pad File name: ej1rw.pad
Size: 95.02 MB (95023320 bytes)
MD5: 323c6483f2f9ec9b26e38f4fd0053f95
Detection count: 26
Mime Type: unknown/pad
Group: Malware file
Last Updated: August 7, 2013
file.exe File name: file.exe
Size: 122.36 KB (122368 bytes)
MD5: 72e4b6f95e45c578874fc67034fc4e89
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 1, 2020
ej1rw.js File name: ej1rw.js
Size: 2.65 KB (2655 bytes)
MD5: 242e7a56b8841a23f5dcbad8b74f4087
Detection count: 1
File type: JavaScript file
Mime Type: unknown/js
Group: Malware file
Last Updated: August 7, 2013
%StartMenu%\Programs\Startup\regmonstd.lnk File name: %StartMenu%\Programs\Startup\regmonstd.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Temp%\tratra.lnk File name: %Temp%\tratra.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].js File name: %AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].js
File type: JavaScript file
Mime Type: unknown/js
Group: Malware file
%AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].txt File name: %AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].txt
Mime Type: unknown/txt
Group: Malware file
%AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].dat File name: %AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].dat
File type: Data file
Mime Type: unknown/dat
Group: Malware file
%AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].pad File name: %AllUsersProfile%\Application Data\[RANDOM NUMBERS AND CHARACTERS].pad
Mime Type: unknown/pad
Group: Malware file
%AllUsersProfile%\Application Data\sdaksda.txt File name: %AllUsersProfile%\Application Data\sdaksda.txt
Mime Type: unknown/txt
Group: Malware file
%AllUsersProfile%\Application Data\rundll32.exe File name: %AllUsersProfile%\Application Data\rundll32.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

Regexp file mask%ALLUSERSPROFILE%\Application Data\rundll32.exe%ALLUSERSPROFILE%\rundll32.exeHKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ctfmon32.exe" = "C:\DOCUME~1\ALLUSE~1\APPLIC~1\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\[RANDOM NUMBERS AND CHARACTERS].dat,XFG00"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Live Security ProfessionalHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ShowedCheckBrowser YesHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner 1HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Internet Settings\Zones\1\2500 3HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2500 3HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Internet Settings\Zones\4\2500 3HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Internet Settings\Zones\3\2500 3HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Internet Settings\Zones\2\2500 3HKEY..\..\..\..{RegistryKeys}Software\Live Security Professional

Additional Information

The following messages's were detected:
# Message
1Live Security Professional
Live Security Professional has blocked cmd.exe! Threat detected!
2Threat detected!
Security Alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe.
Recover your PC from the infection right now, perform a security scan.

Loading...