Personal Antivirus is rogue antivirus/antispyware program, new version of General Antivirus. The rogue antispyware uses trojans, fake online malware scanners and advertising on the Internet for distribution. This advertisement tells that your computer is infected and offers to download and install Personal Antivirus to clean your computer.
Personal Antivirus
When installed, Personal Antivirus configures itself to run automatically every time, when you start your computer. Once running, it will scan your computer and list a large amount of infections, but these “infections” are fake. Then, Personal Antivirus said that you should purchase the program in order to remove them. Running of it may drastically slow the performance of your computer.
While Personal Antivirus is running your computer will display fake security alerts from your Windows taskbar. These alerts are a fake and should be ignored! Personal Antivirus can be safely removed from your computer along with any other trojan infections if the proper steps are taken. If you are a non-techie computer user then this method of removing Personal Antivirus and any associated malware from your computer is for you.
Symptoms in a HijackThis Log
O2 – BHO: (no name) – {2e59498d-7e44-4452-9044-0973b080b9e8} – C:\WINDOWS\system32\winexplorer.dll
O2 – BHO: BHO – {abd45510-9b22-41cd-9acd-8182a2da7c63} – C:\WINDOWS\system32\iehelper.dll
O4 – HKLM\..\Run: [PAV] c:\program files\pav\pav.exe
O4 – HKCU\..\Run: [Personal Antivirus] “C:\Program Files\Personal Antivirus\PerAvir.exe” /s
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\lab\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Policies\Explorer\Run: [iv] “C:\Documents and Settings\lab\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe”
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
Use the following instructions to remove Personal Antivirus
Download Avenger from here and unzip to your desktop.
Run Avenger, copy,then paste the following text in Input script Box:
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e59498d-7e44-4452-9044-0973b080b9e8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd45510-9b22-41cd-9acd-8182a2da7c63}
Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PAV
Files to delete:
%programfiles%\PAV
%windir%\system32\winexplorer.dll
%windir%\system32\iehelper.dll
%UserProfile%\Application Data\Personal Antivirus
%programfiles%\Personal Antivirus
You will see window similar to the one below.
Avenger
Click on ‘Execute’. You will be asked Are you sure you want to execute the current script?. Click Yes.
You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
Your PC will now be rebooted.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Personal Antivirus creates the following files and folders
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus
%UserProfile%\Application Data\Personal Antivirus\settings.ini
%UserProfile%\Application Data\Personal Antivirus\uill.ini
%UserProfile%\Application Data\Personal Antivirus\unins000.exe
%UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus\db
%UserProfile%\Application Data\Personal Antivirus\db\config.cfg
%UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
%UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
%programfiles%\Personal Antivirus
%programfiles%\Personal Antivirus\activate.ico
%programfiles%\Personal Antivirus\Explorer.ico
%programfiles%\Personal Antivirus\PerAvir.exe
%programfiles%\Personal Antivirus\unins000.dat
%programfiles%\Personal Antivirus\uninstall.ico
%programfiles%\Personal Antivirus\working.log
%programfiles%\Personal Antivirus\db
%programfiles%\Personal Antivirus\db\DBInfo.ver
%programfiles%\Personal Antivirus\db\ia080614.db
%programfiles%\Personal Antivirus\db\ia080618x.db
%programfiles%\Personal Antivirus\Languages
%programfiles%\Personal Antivirus\Languages\IAEs.lng
%programfiles%\Personal Antivirus\Languages\IAFr.lng
%programfiles%\Personal Antivirus\Languages\IAGer.lng
%programfiles%\Personal Antivirus\Languages\IAIt.lng
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
c:\Documents and Settings\All Users\Desktop\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
Excellent dude, It works for me. Thankyou.
THANK YOU! Worked, a life saver!
Thank you. The cost was $0 and it removed the Personal Antivirus.
i used this to get rid of it yesterday, but it came back today
Did u go back into the same (usually adult) website u got it from in the first place?
Yes worked ok for me, hope it stays away.
Hey thanks a lot, it worked for me as well.
I’m happy I didn’t get hooked by that fussy software.
Hey thankyou very much, it worked for ma as well.
This is seems to be working for the time being.. However did not get all of the PAV folders that you stated in the malwarebytes scan only got 2-3 PAV virus folders. Never-the-less it seems to work so thanks very much!!. P.S. make sure you have a zip extractor for Avenger program. Trying to download one with PAV running in the background is more than a little anoying.
Many Thanks
This worked for me so far so good. Me crosses her fingers…..wasn’t difficult to do either—Thank You sooo much….My McAfee couldnt even get rid of this program—-THANK YOU THANK YOU THANK YOU!!
OH and I got mine from a baby poem website—was a link for a baby shower wishing well poem….so those who think you get it from porno sites—-think again—virus can attack from any site including children’s sites.
That took care of the problem. I just wish we could prevent people like those at PAV from scamming the public. Thank you for your help!!
THANK YOU!!!! it worked! now do i uninstall the malwarebytes?
Dude thankyou when i deleted it i wet my pants
Worked great I used several other tools with no success. Hijack this although an excellent program was not able to find it. I knew of course it was there cause it would always start on boot.
thank u sooooooooooooooooo much i thought i wud never get that dumb program off my computer! it kept making the computer and internet slow and when i went to uninstall in control panel it wasnt even there! i was like wtf? lol but yes thanks again the only problem i had is like the scan took 20 minutes but besides that everything is good now thanks!!
OMG..I officially love you. This worked like a charm, you guys rock! 🙂
Thank you so much. I really thought this could have been part of the scam. I really appericate this site and will defintely past the word on. Once again thank you.
Seems to have worked. Thanks.
thank you easy to follow and costs nothing i was close to giving up and was just going to replace my computer i was getting that frustrated but then i followed ur instuctions and seems to work so u have saved me alot of money
waaahh!!
thank u sO much!
u saved my life!
i got so sweaty while configurin out how to uninstall this shit anti virus! thank God! ur the answer to my prayer! whew!
yehaa!worked for me thanks alot
yehaa!your a diamond thanks
It was like magic. Thanks a lot! 🙂
This is the best thing ever. I tried 3 or 4 different antivirus products. It would get rid of part of the Personal Antivirus but not all of it. I kept getting the pop up blocker, a website blocker and this weird warning that every web page was corrupt. Thank you, Thank you, Thank you
THANK YOU!!!!!!! A little kid put it on my computer…he fancy’s himself as a computer genius….he is no longer allowed on computers!!!!
THANK YOU SOOOO MUCH!!!!!!!!
Cheers mate this has worked a treat. I wrote to the tossers asking them how to remove this shite from my computer to no avail. I thought it was some sort of scam and it was doing my bonce in with all the pop-ups. The only thing slowing my comp down was that crap. Once again mate thanks…
Thank you , i got this on my laptop and i fort oh my dayz , i only been on facebook in the last day but then there is some pop ups on that, i jus rememberd there was a free screen saver pop up that came on my screen but i accidently clicked on so it could have been that . 🙂
Well wonders beyond wonders the tosspot support team actually got back to me after slagging them off with the spiel on how to uninstall their programme. Just adding it here in case it helps any other unsuspecting downloaders but in all fairness to the guy who posted these details here his version worked for me. Happy Days Lol:
Dear customer,
Thank you for contacting Customer Support Center.
Please follow my instructions to uninstall Personal Antivirus
1.Open My computer, choose Disk C;
2.Find C:\Program Files\Common Files\Uninstall\PAV\Uninstall.lnk
3.Run the Uninstall file.
4.Reboot your computer.
There are other options to find the uninstall file:
-paste the following string to Windows Explorer address bar and execute it (Press Enter key):
C:\Program Files\Common Files\Uninstall\PAV\Uninstall.lnk
or
Start->Run->C:\Program Files\Common Files\Uninstall\PAV\Uninstall.lnk
After that our product will be removed.
If you have any questions concerning our software, please contact our Customer Support Service.
—————–
Kate Connor
Antivirus Customer Support Specialist