Virus infection in Windows 8.1 Connected Account
November 25, 2014 1 Comment
Although I use Linux on my own machines, the family PC runs Windows 8.1 (awful OS, by the way). When I bought the PC I installed AVG AntiVirus Free. As a way of thanking AVG for the free application, I allow the application to send anonymous data about detected threats back to AVG so that the company can improve the detection capabilities of its products.
Anyway, a couple of days ago while I was using the family PC to browse the Web, AVG AntiVirus Free popped-up a window informing me it had detected the trojan VBS/Dropper. Whilst it was able to isolate and remove the threat, re-infection kept recurring periodically and frequently. Each time AVG AntiVirus Free was able to isolate and remove the threat. I launched a full scan (including looking inside archive files etc.) of all hard drives several times, but AVG AntiVirus Free always reported that there were no infected files.
Whenever the AVG AntiVirus Free window popped-up warning that it had detected the trojan, the message showed that the infected file was in a long directory path, and the infected object was named livecomm.exe. Searching the Web showed me that Livecomm.exe is also known as ‘Communications Service’ and is something to do with the Metro application for e-mail (server in the ‘Cloud’). So I launched the Metro Mail application (it was not running previously) and deleted all the e-mails in the Junk, Deleted and POP folders of my Microsoft Hotmail account (the POP folder contains copies of e-mails downloaded by the e-mail client on my main laptop). Lo and behold, there were no more pop-up warnings from AVG AntiVirus Free regarding VBS/Dropper. Presumably one of the deleted unread e-mails or unread junk e-mails either contained an infected attachment or a link to an infected remote file.
I’m posting this because I did not find anything on the Web regarding this phenomenon, and it looks to me like a problem that occurs specifically on Windows 8/8.1 when a user has a Windows account on the PC that is connected to his/her Microsoft e-mail account (what Microsoft refers to as ‘Connected Account’). If I understand the design correctly, the LiveComm.exe service communicates with remote servers in the ‘Cloud’, so I assume this is another pathway for virus infection in Windows 8 and above that users need to be aware of.