A friend of mine contacted me today with this issue:
PersonalAV – a malware programme she accidentally installed and can’t get rid of.
Here are some instructions to get rid of the programme, but I don’t know if it comes with any additional Trojans or something…
Step 1: Kill the running processes.
Go to the Task Manager:
right click on free space in the windows panel OR:
Press Ctrl + Alt + Del to get into a menu and choose the Task ManagerEnd the following processes:
PersonalAv.exe
services.exe
PerAvir.exe
winlogon.exe
services.exe
Step 2: Remove registry keys:
Start > Run > ‘regedit’ > Enter.
Search for the following keys and remove them:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallPersonal Antivirus_is1
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_ITGRDENGINE
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesITGrdEngine
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “PrS”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Personal Antivirus”
Step 3: Remove the programme files:
I have written two scripts that will do this work for you. Use either Windoze XP or Windoze Vista…
You can also manually delete them:
PersonalAv.exe
c:Documents and SettingsAll UsersDesktopPersonal Antivirus.lnk
c:Documents and SettingsAll UsersStart MenuProgramsPersonal Antivirus
c:Documents and SettingsAll UsersStart MenuProgramsPersonal AntivirusPersonal Antivirus Home Page.lnk
c:Documents and SettingsAll UsersStart MenuProgramsPersonal AntivirusPersonal Antivirus.lnk
c:Documents and SettingsAll UsersStart MenuProgramsPersonal AntivirusPurchase License.lnk
%UserProfile%Application DataMicrosoftInternet ExplorerQuick LaunchPersonal Antivirus.lnk
%UserProfile%Application DataPersonal Antivirus
%UserProfile%Application DataPersonal Antivirussettings.ini
%UserProfile%Application DataPersonal Antivirusuill.ini
%UserProfile%Application DataPersonal Antivirusunins000.exe
%UserProfile%Application DataPersonal AntivirusUninstall Personal Antivirus.lnk
%UserProfile%Application DataPersonal Antivirusdb
%UserProfile%Application DataPersonal Antivirusdbconfig.cfg
%UserProfile%Application DataPersonal AntivirusdbTimeout.inf
%UserProfile%Application DataPersonal AntivirusdbUrls.inf
%UserProfile%Local SettingsApplication DataMicrosoftWindowslog.txt
%UserProfile%Local SettingsApplication DataMicrosoftWindowspguard.ini
%UserProfile%Local SettingsApplication DataMicrosoftWindowsservices.exe
c:Program FilesPersonal Antivirus
c:Program FilesPersonal Antivirusactivate.ico
c:Program FilesPersonal AntivirusExplorer.ico
c:Program FilesPersonal AntivirusPerAvir.exe
c:Program FilesPersonal Antivirusunins000.dat
c:Program FilesPersonal Antivirusuninstall.ico
c:Program FilesPersonal Antivirusworking.log
c:Program FilesPersonal Antivirusdb
c:Program FilesPersonal AntivirusdbDBInfo.ver
c:Program FilesPersonal Antivirusdbia080614.db
c:Program FilesPersonal Antivirusdbia080618x.db
c:Program FilesPersonal AntivirusLanguages
c:Program FilesPersonal AntivirusLanguagesIAEs.lng
c:Program FilesPersonal AntivirusLanguagesIAFr.lng
c:Program FilesPersonal AntivirusLanguagesIAGer.lng
c:Program FilesPersonal AntivirusLanguagesIAIt.lng
c:WINDOWSsystem32log.txt
%UserProfile%Application DataMicrosoftWindowswinlogon.exe
%UserProfile%Local SettingsApplication DataMicrosoftInternet ExploreriGSh.png
%UserProfile%Local SettingsApplication DataMicrosoftInternet ExploreriMSh.png
%UserProfile%Local SettingsApplication DataMicrosoftInternet ExploreriPSh.png
%UserProfile%Local SettingsApplication DataMicrosoftInternet Exploreriv.exe
%UserProfile%Local SettingsApplication DataMicrosoftWindowslog.txt
%UserProfile%Local SettingsApplication DataMicrosoftWindowspguard.ini
%UserProfile%Local SettingsApplication DataMicrosoftWindowsservices.exe
Good luck!
However, if you don’t want to do all this and are contemplating reinstalling Windows anyways, make the right decision and install a different OS altogether…
Sorry Carroll, spam will be taken down…
This is not a free platform to post useless links!
This comment has been removed by a blog administrator.
i'm new… promise to register nearly more often!