Personal Antivirus is rogue antivirus/antispyware program, new version of General Antivirus. The rogue antispyware uses trojans, fake online malware scanners and advertising on the Internet for distribution. This advertisement tells that your computer is infected and offers to download and install Personal Antivirus to clean your computer.
Personal Antivirus
When installed, Personal Antivirus configures itself to run automatically every time, when you start your computer. Once running, it will scan your computer and list a large amount of infections, but these “infections” are fake. Then, Personal Antivirus said that you should purchase the program in order to remove them. Running of it may drastically slow the performance of your computer.
While Personal Antivirus is running your computer will display fake security alerts from your Windows taskbar. These alerts are a fake and should be ignored! Personal Antivirus can be safely removed from your computer along with any other trojan infections if the proper steps are taken. If you are a non-techie computer user then this method of removing Personal Antivirus and any associated malware from your computer is for you.
Symptoms in a HijackThis Log
O2 – BHO: (no name) – {2e59498d-7e44-4452-9044-0973b080b9e8} – C:\WINDOWS\system32\winexplorer.dll
O2 – BHO: BHO – {abd45510-9b22-41cd-9acd-8182a2da7c63} – C:\WINDOWS\system32\iehelper.dll
O4 – HKLM\..\Run: [PAV] c:\program files\pav\pav.exe
O4 – HKCU\..\Run: [Personal Antivirus] “C:\Program Files\Personal Antivirus\PerAvir.exe” /s
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\lab\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Policies\Explorer\Run: [iv] “C:\Documents and Settings\lab\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe”
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
Use the following instructions to remove Personal Antivirus
Download Avenger from here and unzip to your desktop.
Run Avenger, copy,then paste the following text in Input script Box:
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e59498d-7e44-4452-9044-0973b080b9e8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd45510-9b22-41cd-9acd-8182a2da7c63}
Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PAV
Files to delete:
%programfiles%\PAV
%windir%\system32\winexplorer.dll
%windir%\system32\iehelper.dll
%UserProfile%\Application Data\Personal Antivirus
%programfiles%\Personal Antivirus
You will see window similar to the one below.
Avenger
Click on ‘Execute’. You will be asked Are you sure you want to execute the current script?. Click Yes.
You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
Your PC will now be rebooted.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Personal Antivirus creates the following files and folders
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus
%UserProfile%\Application Data\Personal Antivirus\settings.ini
%UserProfile%\Application Data\Personal Antivirus\uill.ini
%UserProfile%\Application Data\Personal Antivirus\unins000.exe
%UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus\db
%UserProfile%\Application Data\Personal Antivirus\db\config.cfg
%UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
%UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
%programfiles%\Personal Antivirus
%programfiles%\Personal Antivirus\activate.ico
%programfiles%\Personal Antivirus\Explorer.ico
%programfiles%\Personal Antivirus\PerAvir.exe
%programfiles%\Personal Antivirus\unins000.dat
%programfiles%\Personal Antivirus\uninstall.ico
%programfiles%\Personal Antivirus\working.log
%programfiles%\Personal Antivirus\db
%programfiles%\Personal Antivirus\db\DBInfo.ver
%programfiles%\Personal Antivirus\db\ia080614.db
%programfiles%\Personal Antivirus\db\ia080618x.db
%programfiles%\Personal Antivirus\Languages
%programfiles%\Personal Antivirus\Languages\IAEs.lng
%programfiles%\Personal Antivirus\Languages\IAFr.lng
%programfiles%\Personal Antivirus\Languages\IAGer.lng
%programfiles%\Personal Antivirus\Languages\IAIt.lng
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
c:\Documents and Settings\All Users\Desktop\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
BUT WAIT IF I REBOOT MY COMPUTER DOSENT THAT MEAN THAT EVERY THING ELSE IN MY COMPUTER WILL GET ERASED TOO?
it won’t let me unzip the file. it says its empty
Allan, NO
christine, try to download and unzip Avenger again.
thank you soo much so far is seems to have worked. My friend has this virus too but can’t get on the internet to download the information.
when I try to uninstall through program files, it says personalav/.pav is not a Win32 file. running avenger gets me an abort message. help!
Allison, looks like your PC also infected with malware that blocks removal process. Ask help at our Spyware removal forum.
Thank you guys soo much! It removed it in an hour tops and i would like to thank all of you cause my dad would have killed me if that was on here when he gets on. so Thank you again! You guys are life savers! 😀
Freedom !
Thanks for your time and energy to save us alot of headache, but I was wondering…
Has anybody here reported ‘Personal Antivirus’
to the Better Business Bureau yet ? (bbbonline.org)
Because that’s what I was going to do until I found this great website here.
Fake anti-virus scams should be reported and out-of-business !
so I was hesitant to try this at first because I didn’t wanna get screwed with another virus… but to my surprise it actually worked THANK GOD… I got mine from a freaking Cake Decorating website. I finally decided to by Norton and stop being a cheap ass lol that virus really gave me a scare because my midterms are right around the corner and I could have lost all of my info for school.
You guys are awesome for posting this for free thank you so much
I downloaded avenger but it keeps telling me it’s empty. So i can’t unzip it. What should i do?
Mike, disable your antivirus and try again (download and unzip).
Thanks a loooooot !! finally I got rid of the b*****d software!! 🙂
I get an error cannot open runonce registry key execution aborted
What am I doing wrong
this is not workin for me how do i make it work
I ran the malwarebytes program and it appeared to remove the program but after the computer restarted it came up again in the bottom task bar. Hadn’t removed fully. I ran malwarebytes again but this time it didn’t detect the Personal antivirus…..any ideas??
MisMac and gaby, ask help at our Spyware removal forum.
I HAVE IT AND I NEED HELP PLEASE
Thanks, It works great. Life is good…….
Robert, if above instructions does not help you, then ask help at our Spyware removal forum.
A big thank you! It worked for me too and I am so relieved and happy. You’ve made my week!
OMG!!!! thank you so much i didnt have to spend between $40-$120 to get my computer fixed!! thank you soooo much 🙂
If I reboot will my personal documents get deleted. Like music and pictures ?
No.
this worked great thanks, I was getting scared I would not get rid of that crap. thanks.
That was amazing and so easy, thank you!
thank god!!!
my dad flipped shit on me.
good thing i was able to get rid of it
these commands work perfectly, thanks!
Spent $30 on Spyhunter….didn’t get rid of it. Came across your solution and it worked…
Save your $$ don’t buy spyhunter
Thanks so much this worked great.