Virus infection in Windows 8.1 Connected Account

Although I use Linux on my own machines, the family PC runs Windows 8.1 (awful OS, by the way). When I bought the PC I installed AVG AntiVirus Free. As a way of thanking AVG for the free application, I allow the application to send anonymous data about detected threats back to AVG so that the company can improve the detection capabilities of its products.

Anyway, a couple of days ago while I was using the family PC to browse the Web, AVG AntiVirus Free popped-up a window informing me it had detected the trojan VBS/Dropper. Whilst it was able to isolate and remove the threat, re-infection kept recurring periodically and frequently. Each time AVG AntiVirus Free was able to isolate and remove the threat. I launched a full scan (including looking inside archive files etc.) of all hard drives several times, but AVG AntiVirus Free always reported that there were no infected files.

Screen snapshot 1 - VBS/Dropper infection

Whenever the AVG AntiVirus Free window popped-up warning that it had detected the trojan, the message showed that the infected file was in a long directory path, and the infected object was named livecomm.exe. Searching the Web showed me that Livecomm.exe is also known as ‘Communications Service’ and is something to do with the Metro application for e-mail (server in the ‘Cloud’). So I launched the Metro Mail application (it was not running previously) and deleted all the e-mails in the Junk, Deleted and POP folders of my Microsoft Hotmail account (the POP folder contains copies of e-mails downloaded by the e-mail client on my main laptop). Lo and behold, there were no more pop-up warnings from AVG AntiVirus Free regarding VBS/Dropper. Presumably one of the deleted unread e-mails or unread junk e-mails either contained an infected attachment or a link to an infected remote file.

I’m posting this because I did not find anything on the Web regarding this phenomenon, and it looks to me like a problem that occurs specifically on Windows 8/8.1 when a user has a Windows account on the PC that is connected to his/her Microsoft e-mail account (what Microsoft refers to as ‘Connected Account’). If I understand the design correctly, the LiveComm.exe service communicates with remote servers in the ‘Cloud’, so I assume this is another pathway for virus infection in Windows 8 and above that users need to be aware of.

About Fitzcarraldo
A Linux user with an interest in all things technical.

One Response to Virus infection in Windows 8.1 Connected Account

  1. Chad says:

    OH MY GOD, thank you so much! This is the exact issue I was having. MalwareBytes at one point would keep detecting these fake addons on my computer, but then it stopped after awhile. Even after, I was STILL being redirected on Chrome to fake websites full of adware and viruses. After scanning with several programs, I finally found the root, did some research and now I’m here. I’m almost 100% sure this is my issue, and I will be monitoring it. I also uninstalled the Mail app since I won’t be using it, so hopefully that helps too.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: