Remove Enterprise Suite. Removal instructions
Enterprise Suite is a misleading application created by the same group of scammers who have released Windows Enterprise Suite, Windows Enterprise Defender and many other rogue applications. The misleading application is pushed through the use of Trojans that come from fake online scanners [Figure 2], bogus websites or bundled with other malicious software. The scammers also use social engineering to promote rogue applications. Once a Trojan virus is installed, it will download Enterprise Suite files and display fake security alerts to scare you into thinking that your computer is infected with spyware, worms and other malware. The rogue program will then imitate system scan and will give false report of threats/infections on your computer. Finally, you will be prompted to pay for a full version of the program to remove those threats. So obviously, this is a scam. Do not purchase this bogus application. Instead, uninstall Enterprise Suite from your PC upon detection.
[Figure 1. Enterprise Suite graphical user interface]
As you can see from the image above, EnterpriseSuite uses Windows OS style to make it look more legitimate and reliable. The rogue program displays fake scan results, though, the names of provided infections are real. If you decide to check if a particular infection reported by this program actually exists, you will likely find out that it does exist. Some of the reported infections you may see:
SpamTool.Win32.Delf.h
Trojan-Spy.Win32.Citifraud
Trojan-PSW.Win32.Fantast
Trojan-PSW.Win32.Dripper
Trojan-PSW.Win32.Delf.d
Trojan-Spy.HTML.Bankfraud.ix
Trojan.BAT.AnitV.a
Virus.Win32.Faker.a
Trojan-Spy.HTML.Bankfraud.ra
Virus.BAT.IBBM.ClsV
[Figure 2. Enterprise Suite – fake online scanner]
To make things worse, Enterprise Suite will constantly display fake security alerts stating that your computer is not protected and that you should buy the full version of the program to ensure full system and remove found infections. Those security alerts are very annoying and will likely pop up every one or two minutes. However, that’s not all. The misleading application will block anti-virus software and security related websites. It will hijack Internet Explorer and redirect you to various misleading websites instead of requested ones. Windows Task manager, registry editor, system restore and other tools may be blocked too.
Enterprise-suite.net is the homepage of Enterprise Suite [Figure 3]. The rogue application also try to establish connection with:
securityearth.cn
update1.enterprise-suite.net
update2.enterprise-suite.net
[Figure 3. Enterprise Suite – home page]
If you find that you find that your computer is infected with this malware, please use the removal guide below to remove Enterprise Suite manually for free. Don’t forget to scan your computer with a legitimate anti-spyware application and contact your credit card company if you have already purchased this bogus program.
Related files: PE.dll, WinESuite.exe, 752.mof, mozcrt19.dll, sqlite3.dll, WE345d.exe, WES.ico, vd952342.bd, wes.cfg, cookies.sqlite, Instructions.ini, Enterprise Suite.lnk, ANTIGEN.dll, cb.exe, cid.dll, CLSV.tmp, DBOLE.sys, ddv.sys, eb.exe, energy.sys, exec.tmp, FS.exe, grid.drv, runddlkey.drv, sld.drv, SM.drv, tempdoc.dll, tempdoc.tmp, tjd.sys, search.xml
Enterprise Suite properties:
• Changes browser settings
• Shows commercial adverts
• Stays resident in background
Automatic Enterprise Suite removal:
Enterprise Suite manual removal:
Kill processes:
WE345d.exe eb.exe FS.exe cb.exe
how to kill malicious processes
Delete registry values:
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WE345d.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=162&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2:117fc3395e69e29f71abba93a68c4181_162]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “887805703”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=162&q={searchTerms}”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Enterprise Suite”
how to remove registry entries
Unregister DLLs:
ANTIGEN.dll cid.dll tempdoc.dll
how to unregister malicious DLLs
Delete files:
752.mof mozcrt19.dll sqlite3.dll WE345d.exe WES.ico vd952342.bd wes.cfg cookies.sqlite Instructions.ini Enterprise Suite.lnk Enterprise Suite.lnk ANTIGEN.dll cb.exe cid.dll CLSV.tmp DBOLE.sys ddv.sys eb.exe energy.sys exec.tmp FS.exe grid.drv runddlkey.drv sld.drv SM.drv tempdoc.dll tempdoc.tmp tjd.sys c:\\Program Files\\Mozilla Firefox\\searchplugins\\search.xml
how to remove harmful files
Delete directories:
C:\Documents and Settings\All Users\Application Data\345d567
C:\Documents and Settings\All Users\Application Data\345d567\WESSys
C:\Documents and Settings\All Users\Application Data\WESSys
%UserProfile%\Application Data\Enterprise Suite
Information updated: 2012-01-19 13:12:01