Personal Antivirus is rogue antivirus/antispyware program, new version of General Antivirus. The rogue antispyware uses trojans, fake online malware scanners and advertising on the Internet for distribution. This advertisement tells that your computer is infected and offers to download and install Personal Antivirus to clean your computer.
Personal Antivirus
When installed, Personal Antivirus configures itself to run automatically every time, when you start your computer. Once running, it will scan your computer and list a large amount of infections, but these “infections” are fake. Then, Personal Antivirus said that you should purchase the program in order to remove them. Running of it may drastically slow the performance of your computer.
While Personal Antivirus is running your computer will display fake security alerts from your Windows taskbar. These alerts are a fake and should be ignored! Personal Antivirus can be safely removed from your computer along with any other trojan infections if the proper steps are taken. If you are a non-techie computer user then this method of removing Personal Antivirus and any associated malware from your computer is for you.
Symptoms in a HijackThis Log
O2 – BHO: (no name) – {2e59498d-7e44-4452-9044-0973b080b9e8} – C:\WINDOWS\system32\winexplorer.dll
O2 – BHO: BHO – {abd45510-9b22-41cd-9acd-8182a2da7c63} – C:\WINDOWS\system32\iehelper.dll
O4 – HKLM\..\Run: [PAV] c:\program files\pav\pav.exe
O4 – HKCU\..\Run: [Personal Antivirus] “C:\Program Files\Personal Antivirus\PerAvir.exe” /s
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\lab\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Policies\Explorer\Run: [iv] “C:\Documents and Settings\lab\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe”
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
Use the following instructions to remove Personal Antivirus
Download Avenger from here and unzip to your desktop.
Run Avenger, copy,then paste the following text in Input script Box:
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e59498d-7e44-4452-9044-0973b080b9e8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd45510-9b22-41cd-9acd-8182a2da7c63}
Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PAV
Files to delete:
%programfiles%\PAV
%windir%\system32\winexplorer.dll
%windir%\system32\iehelper.dll
%UserProfile%\Application Data\Personal Antivirus
%programfiles%\Personal Antivirus
You will see window similar to the one below.
Avenger
Click on ‘Execute’. You will be asked Are you sure you want to execute the current script?. Click Yes.
You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
Your PC will now be rebooted.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Personal Antivirus creates the following files and folders
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus
%UserProfile%\Application Data\Personal Antivirus\settings.ini
%UserProfile%\Application Data\Personal Antivirus\uill.ini
%UserProfile%\Application Data\Personal Antivirus\unins000.exe
%UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus\db
%UserProfile%\Application Data\Personal Antivirus\db\config.cfg
%UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
%UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
%programfiles%\Personal Antivirus
%programfiles%\Personal Antivirus\activate.ico
%programfiles%\Personal Antivirus\Explorer.ico
%programfiles%\Personal Antivirus\PerAvir.exe
%programfiles%\Personal Antivirus\unins000.dat
%programfiles%\Personal Antivirus\uninstall.ico
%programfiles%\Personal Antivirus\working.log
%programfiles%\Personal Antivirus\db
%programfiles%\Personal Antivirus\db\DBInfo.ver
%programfiles%\Personal Antivirus\db\ia080614.db
%programfiles%\Personal Antivirus\db\ia080618x.db
%programfiles%\Personal Antivirus\Languages
%programfiles%\Personal Antivirus\Languages\IAEs.lng
%programfiles%\Personal Antivirus\Languages\IAFr.lng
%programfiles%\Personal Antivirus\Languages\IAGer.lng
%programfiles%\Personal Antivirus\Languages\IAIt.lng
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
c:\Documents and Settings\All Users\Desktop\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
spy hunter IS sucks
it worked you saved me 😀
and dont bye spy hunter!
totaly saved my ass. best help ive ever gotten
I just did it and it seems to have cleared up the problem. if it last this is fantastic. I owe someone a couple of beers.
Thanks,
Dave
This worked for me – whoever created this, is a genius! This is the best help I’ve ever gotten with no charge. I’m so glad that the annoying pop ups from personal antivirus are now completely gone. Thank you so much for you help – YOU GUYS ROCK!!
Thanks! This worked perfectly to remove the stupid personal antivirus popups. I was infected by a facebook app
thank you, I successfully removed it. but i was still getting the your computer is infected, download personal anti virus thing. I would also like to add if you are using firefox. Add the no script add on. I have and so far I haven’t been getting that stupid message
I got thru the 1st step, but when my computer reboots, it hangs. Can you pls tell me what happens? what should i do or what I did something wrong? Thanks…
tim, try boot your computer in Safe mode and run MalwareBytes.
works perfectly, thx dude
Ok so i took a short break. managed to download the MalwareBytes prog and Run it. And it seems to have worked. comp is faster, has not locked up for at least 5 minutes so far! (that’s new!) and no more popup security alerts. THANKS
Now on another point – we all need to help the people of #Iranelection via Twitter etc. These free tech IT skills are so excellent, we could share our freedom with the People of Iran via IT support, proxy Servers etc. Visit www. Haystack etc. Thanks for Helping me already!
Hey,i panicked and downloaded this crap! I am not great with computers as it is and am now completely lost! When I try to download the Avenger my own anti virus(REAL) says it is very dangerous and I shouldn’t use it basically. Being terrible with computers, should I try this or buy Spyware Doctor to do the job. I don’t want to make things worse than they are?!?
Just went for it and all seems to be removed. Thank you so much, you are a life-saver!!!
Thank you so much. So far it has worked awesome
Ahhh! Thank you sooo much! I was so scared that my new laptop had been ruined by the stupid Personal Antivirus! Once again, thank you!
I got thru to the first step but now I’m unable to download step two. Even when I do a search for the program I can’t find it. My internet completely shuts down when I click the link. What should I do?
thank you sooo much for this program… it worked YES !!!!!!!!!!!!!!
Chelle, Avenger is a free and very good program. Look the Avenger homepage – swandog46.geekstogo.com
Jennifer, if you can`t download MalwareBytes, try make it in the Safe mode with networking.
Thank U so much. It worked perfectly.
Please remove personal antivirus from my computer
thank you
unbelievable…I wish I found this in the 1st place instead of wasting my whole day with the other programs. Yeah so simple and in a matter of minutes.
Chere Sims, if above instructions does not help you, then ask for help at our Spyware removal forum.
thank you soooo much!!:)
I did everything it said but .. when I turn on the computer it was still there, the Personal Anti-Virus, i mean.
Help? I’m goind crazy!!!
hey
i was downloaded the avenger and pasted the script that u given by you and i clicked execute and then it shows an error message widow like
Error:Invalidscript a valid script must begin with a command directive aborting execution!
ok
then i clicked ok button then it again shows an error message window that is can’t open file ‘c:/avanger.txt ‘ (error 5: access is denied
Thanks alot–The frustration, anger and annoyance were far more bearable –knowing this was free and legitimate help–and that it worked for so many others.
OMG THIS ACTUALLY WORKED!!!!!!! THNX SOO MUCH!
Thank You sooooo much for helping me i was so scared we ended up getting this when we were in facebook. So even before downloading anything on here i looked up the Downloads and was happy to see it was all good 🙂 And I was so happy i didn’t have to buy anything!!! I have a question i backed up my pc on my external HD will that personal antivirus be on my back up too?
Thanks Again!!!!
I got it through Facebook for some reason today. Found this website, ran the Avenger and Malware, and by the looks of it, it’s gone. THANKS!
jagadeesh, check inserted script twice, looks like you have made a mistake.