[munna85]

I got hit over the weekend by a particularly scummy little piece of malware called Live Security

Platinum.

The way it works is that it disables your current antivirus program and most other programs on your

machine, including all your browsers except Internet Explorer. In fact even on internet explorer it

effectively blocks you from visiting almost every site except the one the scammers want you to go to.

What happens is the malware "appears" to run a security scan of your machine and then tells you that

you have a list of (bogus) viruses and malware. It prompts you to use your credit card to buy the "Live

Security Platinum" program to remove these non-existent viruses. The program does nothing except make

you poorer and probably send your credit card information to some criminal organization in the Ukraine

or god knows where.

It's a sophisticated scam that obviously prays on naive internet users.

To remove it I first went to my Windows "Control Panel" / "Appearance and Personalization" / "Show

Hidden Files and Folders".
Check the radio button for "Show Hidden Files and Folders"
Uncheck "Hide extensions for known file types"
Uncheck "Hide operating system files (recommended)"
Now look in your ProgramData directory.
Sort the folders by creation date.
You should see a folder created on the day of infection that is a long list of random characters.
Look inside the folder and you should see three files including an "ico" extension file with the "Live

Security Platinum" logo.
Delete those 3 files.
Then restart your computer.

You should now be able to start your Anti-virus program again.
Immediately do a full scan of your computer.
The Live Security Platinum virus also installs a Trojan virus which your true AV system
needs to find and remove right away.

That should be all there is to it.

I've seen quite a few posts recommending to download some kind of SpyWare removal tool (there is a free

and paid version) but I am skeptical of whether it does any good or not. At any rate it seems

unnecessary.