True Warrior - Live PC Care

» If you can't view the screen shot (it's too small or unclear), you may have to click the screen shot when you put the mouse over the it.
» The view area is dependant upon your browser settings.

This sleek program is another to watch out for. So, don't be tricked.

Watch out for this web site: http://pay1.livepcguard.com/index.php?uid=213&mid=95e80ec579bd1ce589752a089a43cfa5&wv=wvXP&bid=b_Unknown&sid=11110&ls=8&verint=645&errors=106&nid=MainWindow_84&abbr=LPCG&pid=3

It appears that the client was browsing the internet when their browser was hijacked and redirected to another site. The client was duped into installing this program. A file was downloaded to the C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\Content.IE5\<random foldername>\xp_aa2e7[1].exe (2,551,296 bytes) potentially from this page (www1_new-sysdefender_net).





Below are entries found in the Registry(If you are unfamiliar with the registry...Leave this page NOW) and files associated with the program.  

1. Key Name: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
   Class Name:
   Last Write Time:
   Value 0
   Name: Live PC Care
   Type: REG_SZ
   Data: "C:\Documents and Settings\All Users\Application Data\b3b72a6\LPb3b7.exe"
   
   
   
2. Key Name: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
   Name: 
   Type: REG_SZ
   Data: C:\DOCUME~1\ALLUSE~1\APPLIC~1\b3b72a6\LPb3b7.exe
   
3. HKEY_LOCAL_MACHINE\Software\Classes\LPb3b7.DocHostUIHandler\Clsid
    Type: REG_SZ
   Data: {3F2BBC05-40DF-11D2-9455-00104BC936FF}
   

• Live PC Care.lnk
  
  on the C:\Documents and Settings\<username>\Destop
• Live PC Care.lnk

1. 4,286 bytes » LPCG.ico
2. 322 bytes » 82.mof
3. 2,551,296 bytes » LPb3b7.exe
4. LPCGSys
5. Quarantine Items
6. 11,392 bytes » vd952342.bd

1. 68,901 bytes » LPTIVKDCG.cfg