Personal Antivirus is rogue antivirus/antispyware program, new version of General Antivirus. The rogue antispyware uses trojans, fake online malware scanners and advertising on the Internet for distribution. This advertisement tells that your computer is infected and offers to download and install Personal Antivirus to clean your computer.
Personal Antivirus
When installed, Personal Antivirus configures itself to run automatically every time, when you start your computer. Once running, it will scan your computer and list a large amount of infections, but these “infections” are fake. Then, Personal Antivirus said that you should purchase the program in order to remove them. Running of it may drastically slow the performance of your computer.
While Personal Antivirus is running your computer will display fake security alerts from your Windows taskbar. These alerts are a fake and should be ignored! Personal Antivirus can be safely removed from your computer along with any other trojan infections if the proper steps are taken. If you are a non-techie computer user then this method of removing Personal Antivirus and any associated malware from your computer is for you.
Symptoms in a HijackThis Log
O2 – BHO: (no name) – {2e59498d-7e44-4452-9044-0973b080b9e8} – C:\WINDOWS\system32\winexplorer.dll
O2 – BHO: BHO – {abd45510-9b22-41cd-9acd-8182a2da7c63} – C:\WINDOWS\system32\iehelper.dll
O4 – HKLM\..\Run: [PAV] c:\program files\pav\pav.exe
O4 – HKCU\..\Run: [Personal Antivirus] “C:\Program Files\Personal Antivirus\PerAvir.exe” /s
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\lab\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Policies\Explorer\Run: [iv] “C:\Documents and Settings\lab\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe”
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
Use the following instructions to remove Personal Antivirus
Download Avenger from here and unzip to your desktop.
Run Avenger, copy,then paste the following text in Input script Box:
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e59498d-7e44-4452-9044-0973b080b9e8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd45510-9b22-41cd-9acd-8182a2da7c63}
Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PAV
Files to delete:
%programfiles%\PAV
%windir%\system32\winexplorer.dll
%windir%\system32\iehelper.dll
%UserProfile%\Application Data\Personal Antivirus
%programfiles%\Personal Antivirus
You will see window similar to the one below.
Avenger
Click on ‘Execute’. You will be asked Are you sure you want to execute the current script?. Click Yes.
You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
Your PC will now be rebooted.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Personal Antivirus creates the following files and folders
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus
%UserProfile%\Application Data\Personal Antivirus\settings.ini
%UserProfile%\Application Data\Personal Antivirus\uill.ini
%UserProfile%\Application Data\Personal Antivirus\unins000.exe
%UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus\db
%UserProfile%\Application Data\Personal Antivirus\db\config.cfg
%UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
%UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
%programfiles%\Personal Antivirus
%programfiles%\Personal Antivirus\activate.ico
%programfiles%\Personal Antivirus\Explorer.ico
%programfiles%\Personal Antivirus\PerAvir.exe
%programfiles%\Personal Antivirus\unins000.dat
%programfiles%\Personal Antivirus\uninstall.ico
%programfiles%\Personal Antivirus\working.log
%programfiles%\Personal Antivirus\db
%programfiles%\Personal Antivirus\db\DBInfo.ver
%programfiles%\Personal Antivirus\db\ia080614.db
%programfiles%\Personal Antivirus\db\ia080618x.db
%programfiles%\Personal Antivirus\Languages
%programfiles%\Personal Antivirus\Languages\IAEs.lng
%programfiles%\Personal Antivirus\Languages\IAFr.lng
%programfiles%\Personal Antivirus\Languages\IAGer.lng
%programfiles%\Personal Antivirus\Languages\IAIt.lng
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
c:\Documents and Settings\All Users\Desktop\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
Amy, if computer is ok. Then, make a new backup now.
Thank you Thank you Thank you! After several attempts to resolve this issues, I came across this site and so glad that I found this site! It really worked! Very easy to follow for non-computer savy people or techies! You saved my laptop!! Thank you for all your help! You truly are a God sent! ;D
Like others, I got this while on Facebook. It makes it seem like you have a virus and when you click to get rid of it, it downloads onto your computer. Follow the directions and it removes it completely! I am so relieved!!! THANK YOU!!!
OMG is gone!!!!! thank you!!!
You guys rock!!!!
Is this a trail version? It is amazing…the fake Anti virus is gone…
I ment…trial version?
hey it really works wooohoooooo thanx a lot!
Thanks a lot!! Fake antivirus is deleted, now I can go to sleep 🙂
this appears to have worked! i’ve already recommended it to my colleagues! Thank you easter bunny!
Patrik,
I want to thank you so very much for the info
on deleting PAV, it woked like a charm. I am thinking about purchasing the protection module
but was wondering if it will pose a conflict with
the McAfee security suite that I currently have on
my computer ( provided by Yahoo ) or will they both run okay
this truly works i cant belive it thank you so much for this site
Bob, if you want to purchase a full version of MBAM, then YES, you can use it with McAfee w/o problems.
I tried your removal process and it didnot work for me. I received error message:
\
error message received is :
“could not RunOnce key to register cleanup”
I seriously love you guys!!!
This worked like a charm.
You’re a life saver well actaully
computer saver.
Well so far so good… I have to say I was very skeptical but it seems to have worked… You guys rock!
OMG, thanks so much for this. it helped so much. it removed my antivirus. i was worrying me head big time. but wat i want to know is why does my laptop takes so long to boot up now.
To all your guys !
Thanks a million to get rid off Personal Antivirus
What a challenge , I wonder why we tolerate a almost blackmailing sales praxis like this. Should be against the law , very unethical. But thanks again !
Best regards Elfi
Thanks a million !!!
Thank you very much for your help .I finally got rid off this anoing software. Should be against the law very unethical sales pactice
Best regards Elfi
thanks so much!!! finally it was removed!!!
Hey thanks a lot, it worked for me as well.
I’m happy I didn’t get hooked by that fussy software. Its really means to me…Luv u so much guys, helping me on it..:)
Hey, Avenger(for which you had given the link) is not working in my system.It’s giving application error.
Then skip Avenger steps.
I’m so glad I found you. Thank You so much for all the help. I thought I was going to go crazy trying to get rid of that Personal Antivirus crap! It just downloaded its self, I hate it when that happens! Your instructions were great, I followed them to a T and everything is now back to normal. I can’t thank you enough 🙂
Outstanding! Thank you very much for providing this service. McAfee did not do the trick – you did! Thank you. Thank you!
Thank You Thank You Thank You this worked 100% and that annoying Personal AntiVirus is gone. Much appreciated.
I need to know how to remove this my personal antivirus if it has screw up your computer so bad that it won’t boot up to get to this website to download the program? Isn’t there a f7 that you can hit to go into safety mode… I’ve tried this also, doesn’t work… someone please help me…
M’Liss, try to press F8 key, to boot your PC in Safe mode. Read more about safe mode How to reboot computer in Safe mode.
How to remove other antivirous (total security)
my pc. change or remove program is not working.remove for his anti virous. so plz guide me.
vinod sharma, use these total security removal instructions.
hey … i am pretty unaware of d registiry n stuff… kindly elaborate if u dnt mind ….. in simple steps…. as to find these data where n how?
i would be highly grateful if u could mail me too… my laptop infected with personal antivirus… its painful….