topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday October 13, 2024, 8:46 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?  (Read 20868 times)

patteo

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 437
    • View Profile
    • Read more about this member.
    • Donate to Member
Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?

I have had this Trojan hiding in my laptop for the better part of 3 months now.

Windows Defender detects it whenever it tries to do something, and this generally happens only when I start a new Firefox session or a new Internet Explorer session.

Windows Defender then detects it and quarantines it. You can see it in the attached picture.

After I instruct Windows Defender to remove it, Windows Defender deletes it and after making sure I update the signatures on Windows Defender, I do a complete entire harddisk scan and it finds nothing and then everything seems to be OK for a few days and then when I start a new Firefox session or a new Internet Explorer session, the Trojan is detected and quarantined by Windows Defender.

I have also bought the pro version of Malwarebytes but its complete and full scan reveals no such Trojan.

Likewise, I have runned Hitman Pro and it also finds no such Trojan.

Yet it keeps resurfacing and being stopped by Windows Defender but somehow not being completely removed when it is deleted.

The next thing I do was to apply the Windows 8.1 update in the hope that it would somehow rid my laptop of this Trojan.

No such luck.

Short of completely fresh install of Windows 8.1 on my Laptop, does anyone knows of a solution ?

A Google Search did not come up with a clear solution.

Thanks for any help or advise.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,963
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #1 on: November 07, 2013, 09:12 AM »
There must be some good samaritan forum out there that helps people remove stuff like that. I know of a german language one, but that's probably not much help for you.

Did do a quick search - the few removal guides I looked at, involved downloading unknown software of dubious origin, or paying 'support' to get all the details :down:

Tom

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,068
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #2 on: November 07, 2013, 09:16 AM »
Probably best and quickest to go for the clean install - assuming Windows Recovery hasn't got infected!

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,858
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #3 on: November 07, 2013, 09:16 AM »
Thats a nasty one.

Google "Kapersky Rescue Disk". Download and burn it to a CD (or USB key)? Then boot and allow it to grab the most recent updates? Then disinfect from that.

Haven't run into anything this hasn't been able to squash.

AVG and Avira also have similar bootable scanners if it doesn't.

Luck! :Thmbsup:

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,193
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #4 on: November 07, 2013, 09:16 AM »
Also try SUPERAntiSpyware http://www.superantispyware.com/

patteo

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 437
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #5 on: November 07, 2013, 09:31 AM »
Probably best and quickest to go for the clean install - assuming Windows Recovery hasn't got infected!

Yes, that's a concern.

I have an additional identical ASUS laptop (call it Laptop A that also came pre-installed with Windows 8). This one is not infected.

Just wondering if you know whether if I create an installation recovery disk from it Laptop A, it will install correctly fresh install on my infected laptop (Laptop B) since, I assume the Windows activation process checks for some hardware identifier on (Laptop B) which has already been licensed on their Windows activation server.

The lesson learned is that I should have created a recovery disk when I bought Laptop B before anything like that happened.

Thanks for any thoughts on this.

patteo

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 437
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #6 on: November 07, 2013, 09:35 AM »
Thats a nasty one.

Google "Kapersky Rescue Disk". Download and burn it to a CD (or USB key)? Then boot and allow it to grab the most recent updates? Then disinfect from that.

Haven't run into anything this hasn't been able to squash.

AVG and Avira also have similar bootable scanners if it doesn't.

Luck! :Thmbsup:

I will probably give this a shot before going "Nuclear" with the Windows  Reinstall.

Thanks

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,858
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #7 on: November 07, 2013, 09:46 AM »
Let us know how you make out! :)

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #8 on: November 07, 2013, 11:57 AM »
Thats a nasty one.

Google "Kapersky Rescue Disk". Download and burn it to a CD (or USB key)? Then boot and allow it to grab the most recent updates? Then disinfect from that.

Haven't run into anything this hasn't been able to squash.

AVG and Avira also have similar bootable scanners if it doesn't.

Luck! :Thmbsup:

I will probably give this a shot before going "Nuclear" with the Windows  Reinstall.

I'd recommend doing the Kaspersky Rescue Disk route as well. But run ATF cleaner before the KRD scan (it ain't real fast - but it's worth the wait) to shave a few hours off the scan time.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #9 on: November 07, 2013, 04:52 PM »
There's also ComboFix which can squash quite a few things where others fail.

If you do end up going nuclear on the computer you may as well try running it before you do.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,858
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #10 on: November 07, 2013, 08:39 PM »
There's also ComboFix which can squash quite a few things ...

Including your OS if you don't know what you're doing, or get a little too careless when attempting to fix things CF reports but doesn't handle automatically. ;D

That said, CF is a great tool - even if I'd consider it more a court of last resort when it comes to malware cure-alls.

--------------

@4wd & Stoic - great suggestions btw! :Thmbsup:

cmpm

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 2,026
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #11 on: November 07, 2013, 10:50 PM »
You should be able to get an install disk from ASUS.
That worked for me on a Gateway XP, but I'm not sure about ASUS.

Here's some free Sophos tools that could fix the problem.

virus removal
http://www.sophos.co...us-removal-tool.aspx

rootkit
http://www.sophos.co...os-anti-rootkit.aspx

For some help via a forum that will walk you through steps to remove most any problem, try geekstogo.com. I do recommend these folks.
And you might find others who have removed your particular deal.

http://www.geekstogo.com/forum/

Giampy

  • Participant
  • Joined in 2009
  • *
  • Posts: 444
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #12 on: November 08, 2013, 07:37 AM »
Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?

I would call for help to http://www.bleepingcomputer.com/

Someone already asked your same question:
http://www.bleepingc...andropper-need-help/
(are you Zatiac?  :) )

And this is the solution of Zatiac (of course I don't know if that applies for you too):
http://www.bleepingc...ed-fast-help-please/
"A refrigerator without beer is like a body without soul"
« Last Edit: November 08, 2013, 07:54 AM by Giampy »

patteo

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 437
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #13 on: November 08, 2013, 09:59 AM »
Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?

I would call for help to http://www.bleepingcomputer.com/

Someone already asked your same question:
http://www.bleepingc...andropper-need-help/
(are you Zatiac?  :) )

And this is the solution of Zatiac (of course I don't know if that applies for you too):
http://www.bleepingc...ed-fast-help-please/


Thanks for the heads up about the solution.

From Zatiac
"Thanks for the response but I got it solved, I reset internet explorer and uninstalled java....that got all traces of the dropper off my laptop :D  I suspect the dropper is how the fbi moneypacks ransom got on my laptop as well. "


I'm right now scanning with Sophos Virus Removal Tool overnight to see if it detects anything.

Then I may Zatiac's "solution" and test out to see if the solution "works".

I may still go for the "Nuclear method".

I rang up Asus and they took me through the process of Rebooting and Reinstalling the Windows 8 OS from the hidden partition to reset everything to as per factory.

They told me I cannot Recreate the Recovery disk from another identical Laptop as it would have a different Windows 8 key.

They advised that a factory type Reset by Reinstalling and formatting is the surest method to ensure that the virus is removed, although it takes several hours because essentially, it reformats and recreates the partitions.

Naturally this is the sure fire though time consuming way.

But it's also an excuse for me to refresh everything, make the laptop run a bit faster (hopefully) and probably junk a lot of useless stuff on my laptop.

I'm of course a little bit concerned if some of the software that requires activation will reactivate properly. But they probably should since I'm not changing any hardware.

But in the process, I thought I may as well test out a couple of these suggested Virus Removal Tools in this thread first. I wouldn't be surprised if they found nothing. Sigh!

While I'm on this subject, I might as well mention that in future, before I access some new sites or install some programs, I'll make better use of www.virustotal.com, whether to check out a URL or an exe first, besides using Malwarebytes and Hitman Pro

A ounce of prevention is worth a megaton of going Nuclear to clean up a laptop.

This process is going to proceed rather slowly, but if I come across any further useful lessons, I'll certainly post on this thread.

Thanks to all who have posted their thoughts.

Donationcoders are such a group of helpful people.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,963
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #14 on: November 08, 2013, 10:39 AM »
From Zatiac
"Thanks for the response but I got it solved, I reset internet explorer and uninstalled java....that got all traces of the dropper off my laptop :D  I suspect the dropper is how the fbi moneypacks ransom got on my laptop as well. "

that was something similar to what I cleaned of a laptop this summer - but that was with help of the german language www.trojaner-board.de (thread link).
They got me to scan with a whole bunch of apps:

1) AV (Avira was on the machine)
2) Malwarebytes
3) Oldtimer (think a German lang. only app - comparable to "Hijackthis") - which was also later used to erase some files when rebooting
4) Malwarebytes AntiRootkit
5) AdwCleaner
6) Emsisoft Anti-Malware
7) a "Windows repair tool" they had creasted themselves
8) ESET Online Scanner

Scans 1, 2, and 3 found files related to the trojan.

The Oldtimer scan found a *.js file and a *.pad file in Program Data

Other files were found in:
Users\[USER NAME]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\
Users\[USER NAME]\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\
(I presume the 6.0 above was the Java version number)
Users\[USER NAME]\AppData\Local\Temp\
Users\[USER NAME]\
and a shortcut in the Startup Menu:
Users\[USER NAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tom
« Last Edit: December 16, 2013, 04:54 PM by tomos, Reason: corrected \"thread link\" link »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,858
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #15 on: November 08, 2013, 12:20 PM »
Might be really cool to do a collaborative antimalware info resource for the community here. There's enough of us at DC that either regularly need to deal with this for clients, or are individuals with some serious real world experiences gained from fixing their own PCs. The DC hive mind should have a lot of good vetted info and tips to share in a more organized manner than just random forum postings.

Ideally it would be a small wiki since it would need to be editable and expandable without it becoming a three mile long thread with dozens of unlinked posts, many of which will become outdated fairly rapidly.

Thoughts anybody? :huh:

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #16 on: November 08, 2013, 12:58 PM »
Might be really cool to do a collaborative antimalware info resource for the community here. There's enough of us at DC that either regularly need to deal with this for clients, or are individuals with some serious real world experiences gained from fixing their own PCs. The DC hive mind should have a lot of good vetted info and tips to share in a more organized manner than just random forum postings.

Ideally it would be a small wiki since it would need to be editable and expandable without it becoming a three mile long thread with dozens of unlinked posts, many of which will become outdated fairly rapidly.

Thoughts anybody? :huh:
Would it be similar to this idea I had a while back:
https://www.donation...ex.php?topic=25200.0

I wanted to make a DC-approved list of software for keeping the computer secure, using as many freeware tools as possible.  No BS, no marketing hype...just specific software and the specific type of protection it is the best for.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,963
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #17 on: November 08, 2013, 01:03 PM »
I think the wiki option would be a great idea :up:

I've suggested it myself too :D in particular to try and help keep the software free for business use up-to-date. Cant remember any response, but I didn't followup on it either.
Tom

patteo

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 437
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #18 on: November 08, 2013, 09:52 PM »
Completed scan by Sophos Virus Removal Tool.

I was not surprised that it detected nothing of consequence relating to the Trojan Dropper:MSIL/Livate.A.

I may try a couple of others of the suggested methods before going Nuclear.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #19 on: November 08, 2013, 10:41 PM »
There's also ComboFix which can squash quite a few things ...

Including your OS if you don't know what you're doing, or get a little too careless when attempting to fix things CF reports but doesn't handle automatically. ;D

Hence the reference to "if you're going to re-install you might as well"  ;)  ;D

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,068
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #20 on: November 09, 2013, 03:05 AM »
If it were me I would just go nuclear - even if you think you have cleared things you can never be 100% certain you got everything.

patteo

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 437
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #21 on: November 09, 2013, 07:27 AM »
If it were me I would just go nuclear - even if you think you have cleared things you can never be 100% certain you got everything.

Thank you Carol for your thoughts. I appreciate your validation of what has been going through my head. I'm hoping against hope.

This is exactly what I'm feeling, seeing how hard it is to detect.

Even if it appears that it has been removed, I can never be 100% certain.

So I'll just have to bite the bullet, go nuclear and learn to be far more careful.

This is the first time in many years that I have been tripped up by a virus.

I guess, the biggest danger is really complacency had set in for me.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #22 on: November 09, 2013, 07:45 AM »
There's also ComboFix which can squash quite a few things ...

Including your OS if you don't know what you're doing, or get a little too careless when attempting to fix things CF reports but doesn't handle automatically. ;D

Hence the reference to "if you're going to re-install you might as well"  ;)  ;D

Yes, but here's the "fun" part. Many (read most/all) of the off the shelf machines, that don't come with install media and use a recovery partition. Also use a highly proprietary boot sector that provides the press hotkey 'X' to get to brand X's recovery partition. This means that anything that does any cleaning of said boot sector has a highly probability chance of frying said functionality right off the disk. ...Yes...I see this happen a lot.

So like 40hz, I too have seen combofix torch a machine (from a consumers perspective) in the process of cleaning it many times. Scratch building the boot sector isn't the slightest bit fun on these new OS's because it has gotten a hell of a lot more complicated from the good old SYS C: days. :)

I had to do a production server transplant not to long ago from one MB with an SSD to a second MB with RAID1. It got done...but it took quite a bit longer than the initial estimate. :D

patteo

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 437
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #23 on: November 19, 2013, 09:42 AM »
Just a little update on going nuclear and the aftermath.

I should add for the benefit of others that uninstalling Java did not remove the persistent virus.

1. You kind of obliterate everything and it's great to start afresh again, sort of. I looked through what I had previously installed and really, some of those I don't really use so I did some spring cleaning as well. The process is painfully slow, partly because I'm also taking my time. But the laptop seems to runs faster.

2. I decided to just as a matter of practice, exercise much greater caution when installing programs. Whenever possible, I upload each exe (limitation of 64mb) to www.virustotal.com or at least scan the url of the website before I download.

Better an ounce a caution than to have to go Nuclear again.

I wish there was a way of automating the process a bit more, like rightclick a url and send the url to be scanned at www.virustotal.com. Or a way for me to right click a file and send the exe to be scanned at www.virustotal.com

3. Started wondering about a disk imaging solution. Used to use Ghost on XP.

Any suggestion of a reliable free imaging solution that works well with Windows 8 ?

4. Right now, for anti-virus, I use Windows Defender, Malwarebytes and also Web Of Trust (WOT - addin for Firefox).

Just wondering if I should add anymore armor besides being much more cautious about where I surf and what I click on. Any suggestions, apart from disconnecting myself from the internet ?

5. I also have noscript enabled on Firefox.


Thanks for any suggestions.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,858
    • View Profile
    • Donate to Member
Re: Does anyone know how I may remove Trojan Dropper:MSIL/Livate.A ?
« Reply #24 on: November 19, 2013, 10:04 AM »
^Easiest to just use the disk imaging tool built into Windows.

They sorta hid it in Win8.

Do a search for "file recovery." There will be a link to the old Win7 recovery tools which allows you to create backups and clone disk images just like before.

More about it here:

http://arstechnica.c...cover-your-whole-pc/


Luck! :Thmbsup:
« Last Edit: November 19, 2013, 10:13 AM by 40hz »