How to remove Personal Antivirus, a rogue anti-spywareMalware –


How to remove Personal Antivirus rogue anti-spywareMalware

NOTE: In its early stages PAV populates only two locations:
c:\programs files\PersonalAV and
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus
The actual PAV file has 1.26mb
By rebooting your machine in Safe mode and removing the two folders it should clean up the the program from your computer

You can also edit your hosts file and add the following entry there:

defenderpageblock.com 127.0.0.1

This will prevent the page: http://defenderpageblock.com/buy.php?id=2033-1 from loading on your browser. As usual it is always safer to use an alternative browser such as Firefox, Opera or Chrome. Specially if you are not running the latest IE version (8.0 as of 9-3-2009)

If your machine’s infection is beyond this preliminar stage, then do a complete check for the locations and files described below
“The following information was copied from another site, see the source at the end of this entry.

=================

Description:
When it comes to computer security, Personal Antivirus is not a program you want to have in your system. The explanation is simple: Personal Antivirus is a rogue anti-spyware tool designed to deceive people into paying for its registered commercial software, no matter how illicit its tactics may be. Personal Antivirus propagates through backdoor Trojans or insecure downloads on the web. The latent intrusion is always followed by Personal Antivirus launching its misleading campaign on your computer. It means you will keep getting multiple alerts and scanners trying to get you alarmed about the security of your PC. Personal Antivirus pop-ups and scanners report infections that supposedly inhabit your machine. These deceitful techniques practised by Personal Antivirus are all about tricking you into downloading and registering the paid commercial version of Personal Antivirus. In reality, Personal Antivirus is not capable of removing any actual infections because it’s not developed on a legitimate antivirus engine. Therefore, purchasing Personal Antivirus is probably the most unreasonable to do. On the other hand, though, ignoring Personal Antivirus in your system will soon turn its obsessive pranks into a major system disruption and further malware invasion resulting in getting your privacy violated. So it’s highly recommended to remove Personal Antivirus once you spot its signs on your computer.

Malware Type: Rogue Anti-Spyware

Malware Author: Innovagest2000 SL

How to remove Personal Antivirus and affiliated threats manually:
Manual removal of Personal Antivirus is a feasible objective if you have sufficient expertise in dealing with program files, processes, .dll files and registry entries.

The files to be deleted are listed below:

%Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk
%Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus
%Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
%Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
%Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus
%UserProfile%\Application Data\Personal Antivirus\settings.ini
%UserProfile%\Application Data\Personal Antivirus\uill.ini
%UserProfile%\Application Data\Personal Antivirus\unins000.exe
%UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus\db
%UserProfile%\Application Data\Personal Antivirus\db\config.cfg
%UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
%UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
%Program Files%\Personal Antivirus
%Program Files%\Personal Antivirus\activate.ico
%Program Files%\Personal Antivirus\Explorer.ico
%Program Files%\Personal Antivirus\PerAvir.exe
%Program Files%\Personal Antivirus\unins000.dat
%Program Files%\Personal Antivirus\uninstall.ico
%Program Files%\Personal Antivirus\working.log
%Program Files%\Personal Antivirus\db
%Program Files%\Personal Antivirus\db\DBInfo.ver
%Program Files%\Personal Antivirus\db\ia080614.db
%Program Files%\Personal Antivirus\db\ia080618x.db
%Program Files%\Personal Antivirus\Languages
%Program Files%\Personal Antivirus\Languages\IAEs.lng
%Program Files%\Personal Antivirus\Languages\IAFr.lng
%Program Files%\Personal Antivirus\Languages\IAGer.lng
%Program Files%\Personal Antivirus\Languages\IAIt.lng
%WINDOWS%\system32\log.txt
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
The registry entries that need to be removed are as follows:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Personal Antivirus”
Please, be aware that manual removal of Personal Antivirus is a cumbersome process and does not always ensure complete deletion of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal of Personal Antivirus, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.

====================

source: http://remove-malware.net/how-to-remove-personal-antivirus-rogue-anti-spyware/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: