Personal Antivirus is rogue antivirus/antispyware program, new version of General Antivirus. The rogue antispyware uses trojans, fake online malware scanners and advertising on the Internet for distribution. This advertisement tells that your computer is infected and offers to download and install Personal Antivirus to clean your computer.
Personal Antivirus
When installed, Personal Antivirus configures itself to run automatically every time, when you start your computer. Once running, it will scan your computer and list a large amount of infections, but these “infections” are fake. Then, Personal Antivirus said that you should purchase the program in order to remove them. Running of it may drastically slow the performance of your computer.
While Personal Antivirus is running your computer will display fake security alerts from your Windows taskbar. These alerts are a fake and should be ignored! Personal Antivirus can be safely removed from your computer along with any other trojan infections if the proper steps are taken. If you are a non-techie computer user then this method of removing Personal Antivirus and any associated malware from your computer is for you.
Symptoms in a HijackThis Log
O2 – BHO: (no name) – {2e59498d-7e44-4452-9044-0973b080b9e8} – C:\WINDOWS\system32\winexplorer.dll
O2 – BHO: BHO – {abd45510-9b22-41cd-9acd-8182a2da7c63} – C:\WINDOWS\system32\iehelper.dll
O4 – HKLM\..\Run: [PAV] c:\program files\pav\pav.exe
O4 – HKCU\..\Run: [Personal Antivirus] “C:\Program Files\Personal Antivirus\PerAvir.exe” /s
O4 – HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\lab\Application Data\Microsoft\Windows\winlogon.exe
O4 – HKCU\..\Policies\Explorer\Run: [iv] “C:\Documents and Settings\lab\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe”
O23 – Service: Guard Service (ITGrdEngine) – Unknown owner – %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
Use the following instructions to remove Personal Antivirus
Download Avenger from here and unzip to your desktop.
Run Avenger, copy,then paste the following text in Input script Box:
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e59498d-7e44-4452-9044-0973b080b9e8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd45510-9b22-41cd-9acd-8182a2da7c63}
Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PAV
Files to delete:
%programfiles%\PAV
%windir%\system32\winexplorer.dll
%windir%\system32\iehelper.dll
%UserProfile%\Application Data\Personal Antivirus
%programfiles%\Personal Antivirus
You will see window similar to the one below.
Avenger
Click on ‘Execute’. You will be asked Are you sure you want to execute the current script?. Click Yes.
You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
Your PC will now be rebooted.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Personal Antivirus creates the following files and folders
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus
%UserProfile%\Application Data\Personal Antivirus\settings.ini
%UserProfile%\Application Data\Personal Antivirus\uill.ini
%UserProfile%\Application Data\Personal Antivirus\unins000.exe
%UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus\db
%UserProfile%\Application Data\Personal Antivirus\db\config.cfg
%UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
%UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
%programfiles%\Personal Antivirus
%programfiles%\Personal Antivirus\activate.ico
%programfiles%\Personal Antivirus\Explorer.ico
%programfiles%\Personal Antivirus\PerAvir.exe
%programfiles%\Personal Antivirus\unins000.dat
%programfiles%\Personal Antivirus\uninstall.ico
%programfiles%\Personal Antivirus\working.log
%programfiles%\Personal Antivirus\db
%programfiles%\Personal Antivirus\db\DBInfo.ver
%programfiles%\Personal Antivirus\db\ia080614.db
%programfiles%\Personal Antivirus\db\ia080618x.db
%programfiles%\Personal Antivirus\Languages
%programfiles%\Personal Antivirus\Languages\IAEs.lng
%programfiles%\Personal Antivirus\Languages\IAFr.lng
%programfiles%\Personal Antivirus\Languages\IAGer.lng
%programfiles%\Personal Antivirus\Languages\IAIt.lng
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
c:\Documents and Settings\All Users\Desktop\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
Aneesh, if instructions avove does not help you, than ask for help in our Spyware removal forum.
Thank you so much. I was ready to chuck the whole computer out and start again. This worked beautifully.
thanks a lot i was getting so annoyed i couldnt even go on a website without it saying possible threat buy personal antivirus but this site worked perfectly fine so thank you
i did everything it said to do on here and the program is still running!!! and is killing my computer and my internet connection
Emma, probably your PC infected with a new version of the rogue. Ask for help in our Spyware removal forum.
Thank you so much 🙂
Thank you so much 🙂 Very nice
Thanks soooooo much!!!!!!! Will pass this on at first i thought it was another scam but no you are the real deal!!!!!!! thank’s
thanks a ton!~!~! I appreciate it to no end! very easy to do, and i can’t tell you how many headaches this saves.
thanks a lot man you rock
Thanks a lot. It seems to have worked.
Hi everyone.
I have just repaired a friends system that was infected with PAV. This rogue prevented any application or installation running in normal mose so I rn Avenger in safe mode but it failed to find any of the entries that you indicated. I then rebooted into safe mode again and ran the latest Malwarebytes but that came up clen as well.
In the end I ran my old favorite SmitfraudFix 2.43
and bingo all is well.
Sorry about the long winded post but obviously PAV have made some tricky changes to their piece of crap so this may help some other victims out there.
Thanks for your help anyway and keep up the good work
i just got thedownload til today.but if it works i will send another comment.to you thanks very much.cynthia fricke bay st louis miss
I need serious help, when i download the things in these instructions, my computer wont let me open them, or run them at all. i honestly dont know what to do. help. Please.
Harmony, start a new topic in our Spyware removal forum. I will help you to remove this malware.