Another member of the so called “scareware” viruses is the “Personal Antivirus” malware which infected millions of computers worldwide. The Personal Antivirus is a fake antivirus application which gets installed on user’s computers usually when they download warez software from peer-to-peer networks or when they visit malicious websites. Personal Antivirus is categorized as scareware because it generates fake and misleading alert messages warning the user that their computer is “infected” with hundreds of viruses in order to scare the user and make him/her to purchase the scareware program. Ofcourse, after purchasing Personal Antivirus, hoping that it will clean all your “viruses”, you just lose your money simply because Personal Antivirus is just not a real Antivirus. For a Free Scan of your computer to verify if you are infected with Personal Antivirus, download the Antispyware tool below.
Even worse, the program is a virus itself. It installs keyloggers and other spyware programs on your PC to steal sensitive information such as passwords, credit card numbers etc. It also infects your browser settings to redirect you to websites promoting the malware in order to convince you to buy it. So, when you see the following image popping up on your screen, you MUST take action immediately to remove Personal Antivirus program from your computer.
Now, you can remove Personal Antivirus either manually or automatically (recommended). Manual removal requires you to be expert in computers and is not recommended since you have to delete entries in the Registry or delete files under “Program Files” folder which makes it kind of dangerous if you don’t know what you are doing. Anyhow, read below for both methods of removing personal antivirus permanently.
Remove Personal Antivirus Automatically (Recommended)
To safely remove Personal Antivirus or any other malware and viruses residing on your computer, I would recommend to Download the Free Trial of Spyware Doctor Here, or visit the Spyware Doctor Website for more information.
After Downloading Spyware Doctor, run it and have it scan your PC for free. The free version of Spyware Doctor is for malware detection only. After detecting Personal Antivirus, you can purchase the full version to automatically clean up your PC from any malware including Personal Antivirus.
Remove Personal Antivirus Manually
Before proceeding any further, I suggest you to backup everything and especially your computer registry. You need to know what you are doing before manually removing Personal Antivirus:
Step1: Stop the following processes
unins000.exe
PerAvir.exe
pav.exe
winlogon.exe
services.exe
iv.exe
PersonalAv.exe
Note: Some of the processes mentioned above might not be the same in your case
Step2: Remove the following Registry Entries
You must back up your registry first.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Personal Antivirus”
Step3: Remove the following Files
PersonalAv.exe
c:\Documents and Settings\All Users\Desktop\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus
%UserProfile%\Application Data\Personal Antivirus\settings.ini
%UserProfile%\Application Data\Personal Antivirus\uill.ini
%UserProfile%\Application Data\Personal Antivirus\unins000.exe
%UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus\db
%UserProfile%\Application Data\Personal Antivirus\db\config.cfg
%UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
%UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
c:\Program Files\Personal Antivirus
c:\Program Files\Personal Antivirus\activate.ico
c:\Program Files\Personal Antivirus\Explorer.ico
c:\Program Files\Personal Antivirus\PerAvir.exe
c:\Program Files\Personal Antivirus\unins000.dat
c:\Program Files\Personal Antivirus\uninstall.ico
c:\Program Files\Personal Antivirus\working.log
c:\Program Files\Personal Antivirus\db
c:\Program Files\Personal Antivirus\db\DBInfo.ver
c:\Program Files\Personal Antivirus\db\ia080614.db
c:\Program Files\Personal Antivirus\db\ia080618x.db
c:\Program Files\Personal Antivirus\Languages
c:\Program Files\Personal Antivirus\Languages\IAEs.lng
c:\Program Files\Personal Antivirus\Languages\IAFr.lng
c:\Program Files\Personal Antivirus\Languages\IAGer.lng
c:\Program Files\Personal Antivirus\Languages\IAIt.lng
c:\WINDOWS\system32\log.txt
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
Just spent about 4 hours fixing a computer with this problem. Ended by installing Vista back to its factory settings. A friend asked me to look at this laptop. When I got it, it was generating warnings on things such as Trojan.Wincod. At the time I knew nothing about Personal Antivirus. The friend said they had virus protection on the system but I could find neither Norton nor McAfee. The Personal Antivirus screen came up. I asked if this was their protection software. They said yes and we started to do a scan. It indicated that it hadn’t been activated yet (or something. I did not realize at that time that it was important to keep notes.) I got suspicious and looked it up on line before doing anything else.
Next I opened task window and shut down the Personal Antivirus application. Then I went into processes and found something called netFilter.exe that was using 50% of the CPU. Looked that up and found out it was a trojan backdoor. Ended the tree for that process and began looking for any files associated with Personal Antivirus or netFilter.exe. Did not find them. However, in the C/windows/system32 directory I found a series of files. Here is a sample:
1a99azdwa5e148.dll
1fbba5dwar9z064.bin
1z15thief6169.cpl
1z24x5y9are73.dll
1z28t59j5a4.ocx
…
2c36zackdoor5059
…
2dc5spywzre9839.dll
…
3edfaddw5rz649.bin
With a little imagination, you can see “adware”, “spyware”, “theif”, “backdoor”, “threat”, “spybot” and other words loosely encrypted throughout the titles. Either that is a sense of humor or it is how these guys distinguish what these various files do.
When I shut down the computer and restarted — A MISTAKE — I could no longer get anything except the Personal AntiVirus screen. Tried to recover but there were no save points for this computer. So, this being a Compaq, I went through the F11 restore process and restored it back to factory settings.
These programs are illegal and my guess is that many people have been victimized. Given that these guys are taking credit card numbers, there must be a record of who they are and who their customers are. Some enterprising computer-savvy attourney should be able to build a pretty good class action suit.
Thanks for your comment,
Indeed those rogue antivirus programs have fooled many people who lost money paying for them. The origins of these viruses come from Russia or China, so even a lawsuit against them will not have any positive results in my opinion.