Windows Protection

Threat Description:

Pc-windows-live.com is a browser hijacker that functions for distributing the payload of XP Antivirus Pro 2010 rogue security program. It’s pretty interesting that Pc-windows-live.com, if accessed from a random computer, will return a web page dedicated to the software called Windows Defender 2010 which is in fact the general name for a whole family of scareware tools and does not really exist. Below is a screenshot of Pc-windows-live.com site that we made on our lab computer after we had it infected with XP Antivirus Pro 2010 malware. As you can see, it has identical design but promotes a different program than if you visit it directly. Such trick is a result of the malware’s intervention into your HOSTS file and some other system settings including the browser configuration, in the first place. So the only case when you hit Pc-windows-live.com is after a browser redirect implemented by rogue anti-spyware which evidently resides on your workstation, perhaps without you even being aware of it. XP Antivirus Pro 2010 displays an enormous number of fake system tray alerts, popup warnings and fabricated security scanners. Pc-windows-live.com pops up each time you click the ‘Register’ button on any one of those ads, which prompts us to denominate it a browser hijacker. Anyway, if you are visiting Pc-windows-live.com in some way other than through direct hit (i.e. if your browser is rerouting you there forcibly), make sure you get your system cleaned up from trojans and rogue anti-spyware.

Determine if your system is infected with Pc-windows-live.com hijacker and related threats:

Download Pc-windows-live.com Infection Free Scanner with Remover

Pc-windows-live.com Screenshot:

How to remove this threat manually:

Pc-windows-live.com manual uninstall procedure:

Get rid of the related corrupt files:

• %Documents and Settings%\[UserName]\Application Data\av.exe
• %Documents and Settings%\[UserName]\Application Data\WRblt8464P

Delete the associated registry entries:

• HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
• HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
• HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
• HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″

Please note that Pc-windows-live.com manual removal is a procedure of high complexity and should be performed with extreme caution. Lack of the required skills and even the slightest deviation from the instructions may cause irreparable system damage. To ensure trouble-free deletion, it is recommended to use the automatic removal tool below:

Download Pc-windows-live.com Removal Tool