[admin]

Want to remove System Live Protect (AKA LiveProtect)?

System Live Protect:
../misc/guide_icons/system_live_protect.jpg

How-to remove System Live Protect from your system. System Live Protect is a rougue spyware application. System Live Protect is often installed without consent through a trojan. System Live Protect displays exaggerated or false reports of system errors and infections, then prompts the user to purchase a registered version to remove the purported threats. DO NOT purchase System Live Protect, remove it!

Luckily, S!Ri has made a tool that makes removing System Live Protect an easy, automated task. Simply follow the instructions below:

Download SmitfraudFix:

Use this URL to download the latest version (the file contains both English and French versions):
http://siri.geekstog...mitfraudFix.exe

Use:

• Search:
  
  • Double-click SmitfraudFix.exe
    
    
  • Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
  
  
  
  
• Clean:
  
  • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    
    
  • Double-click SmitfraudFix.exe
    
    
  • Select 2 and hit Enter to delete infect files.
    
    
  • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    
    
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    
    
  • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
  
  
  
  
• Optional:
  
  • To restore Trusted and Restricted site zone, select 3 and hit Enter.
    
    
  • You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

Note:
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Has SmitFraudFix helped you? A tool like this takes a lot of time to keep updated. Please consider a donation to S!Ri so he can continue his hard work.

Are you still having problems with System Live Protect, or other malware on your system? Please start a new topic in our Malware Removal Forum, after following these instructions.

Other references:
LiveProtect @ Symantec | SmitFraudFix | live-protect.com (don't visit!)

[admin]

This topic has been left open to allow specific questions and comments related ONLY to this guide. It's NOT for posting HJT logs, links to your logs, or any other general malware help. Replies not following these rules will be deleted. Thanks for your cooperation.

[admin]

MarkN, on Jul 27 2007, 09:46 AM, said:

Is this System Live Protect automatically installed on all Vista OS's?

NO! System Live Protect is malicious software (malware), usually installed by a trojan. It's designed to look like a legitimate program, and only purpose is to entice you to buy it.

[Nebberz]

I was infected with this on my laptop running vista. Sadly smitfraudfix is not compatible with vista or so it tells me when I try to run the app in safe mode.

Smitfraudfix v2.207
Unsupported Version.
WIndows 2000 / Xp required

press any key to continue.

any suggestions or advice on where to go from here? I'm not finding much through google.

I used ctrl-alt-del to kill the system live process i saw, and was able to delete the folder...but i still get popups telling me my computer is infected and to download and install system live protect.

Thanks.

[MoNsTeReNeRgY22]

Hello and Welcome to Geeks to Go!

Please post a topic in the Malware Removal forum which can be found at the following link:
http://www.geekstogo.com/forum/Malware-Rem...o-Here-f37.html

[Princess Kairi]

Hello! Thank you so much for the tutorial!
My background was messed up, it kept going back to red and my icons were flashign white. I followed the tutorial however when I got back on my computer this white X showed up in my toolbar again... >.<
I'm pretty sure it's the System Live Protect thing, do I have to do more to get rid of it?
My background is back to normal now and everythig seems to be running okay it's just that this...



showed up again... Basically, how do I get rid of that X I guess?

[don77]

Hello and welcome Princess Kairi
I see yuo started a topic in the malware forum that would have been the next suggestion
Someone should be along shortly to help you

[Princess Kairi]

No one has helped me yet though...

[MoNsTeReNeRgY22]

You are in good hands now

[flyrod]

Hello, I keep getting the "shield with an X on it" from System Live Protect.
I have run the Smitfraudfix. The program does not appear to be on my computer, but it ask to install it.
Could you please help?

thanks flyrod

[MoNsTeReNeRgY22]

Hi flyrod,

Please post a HJT log in the Malware Removal forum and someone will be with you shortly.
http://www.geekstogo.com/forum/Malware-Rem...o-Here-f37.html

MoNsTeReNeRgY22