WARNING!! PAV.EXE Personal Antivirus

[Orbital Shark]

   Note

I've not seen this for some time but it seems to be doing the rounds again so I thought i'd give everyone a heads up.

Personal Antivirus, or PersonalAntivirus, is a rogue anti-spyware program to come out from the company called Innovagest 2000.

Personal Antivirus is installed by a trojan called Zlob, which attempts to trick you into buying the alleged rogue anti-spyware program. Once you're infected with Zlob, a fake security message similar to a Windows notification pops up saying your PC is infected with malware. This Personal Antivirus message is used to lure you into purchasing, downloading and installing their program to remove the imaginary spyware.

Personal Antivirus may also automatically launch at your computer's startup and scan your computer. Personal Antivirus may be difficult to remove manually, and will continue to try to recreate itself. Personal Antivirus is a clone of Internet Antivirus Pro and General Antivirus, which are other corrupt distributed programs. Personal Antivirus should not be trusted and is recommended to be removed.

I have come across 4 machines over the last week that have been infected by this rediculously annoying 'antivirus' software.

Step by step removal:
I have found that advanced removal is the best method for this app.

1, You will need to end the PAV.EXE process in taskmanager. Right-click the taskbar and click 'Task Manager' then the 'Processes' tab. Next, find and right-click the PAV.EXE entry and select 'End Process Tree'. This will kill the process.


2, Delete the following folders from your computer

• c:\program files\PersonalAV
• c:\program files\Common Files\Uninstall\PersonalAV
• c:\windows\tasks\PersonalAV

3, Run 'regedit' from the start menu and do a search for 'PersonalAV' and delete every entry found.

   Tip

It's best to run a second full search once the first has finished

Once all trace of the app has been removed you should re-boot your machine and you will find that the annoying tray notification applet has gone & all processes for PAV.EXE have been eliminated.

 

[blackroseMD1]

Thanks for the heads up Orbital. If it's making it's way around again, that means I have to warn all of my volunteers/customers...again. lol

 

[Dark Nova Gamer]

Good job orbital, made it easy to follow and I have seen that on a few of my friends PC's I'll pass this page along to them.

 

[mickey megabyte]

thanks sharky for the heads up.

not seen this one for a while...

*waits for phone to start ringing*

 

[stormy13]

Looks like a new variant of this,

How to remove Personal Antivirus (Removal Guide)

 

[Orbital Shark]

Looks like a new variant of this,

How to remove Personal Antivirus (Removal Guide)

Doesn't supprise me mate, thankfully I have 100% success without needing to install other software

 

[Jacee]

One thing about ZLob and *fake* Anti-virus or Anti-spyware pop-ups... once you see the alerts, it's already installed on the computer.

Most of the latest ZLob infections include a Rootkit (**Backdoor TDSS and more ...
A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network).

These are often hard to get rid of, you can clean up a Rootkit (kind of)... but I am one who prefers not to. It's better to wipe and do a clean install your Windows OS. You cannot be sure that your OS is totally stable again without doing this.

** Virus Description: Backdoor:W32/TDSS

 

[bigseb]

Good tip... thanx.

 

[mansrm81]

Thanks OS. I'll keep this in mind.