cancel
Showing results for 
Search instead for 
Did you mean: 

Personal Anti Virus (PAV)

hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

Personal Anti Virus (PAV)

Hi
My son has managed to get this on his computer and I'm having trouble getting rid of it.  I booted his Vista laptop into safe mode and ran an AVG scan, but it didn't find anything.  While in safe mode, I deleted the main exe file, and rebooted, so the program isn't running, but it seems to have blocked Internet Explorer.  I'm now running AVG again in normal mode and I've also installed Spybot S&D, but they haven't found anything yet (they're still running)
MSN still runs, and Spybot etc updated fine, so he's connected to the internet ok.
Any ideas?
John
8 REPLIES 8
samuria
Grafter
Posts: 1,581
Thanks: 3
Registered: ‎13-04-2007

Re: Personal Anti Virus (PAV)

Find and Stop Personal Antivirus Processes:
delete
c:\Program Files\Personal Antivirus\PerAvir.exe
%UserProfile%\Application Data\Personal Antivirus\unins000.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
PersonalAntivirus[1].exe
pav.exe
%PROGRAMFILES%\PAV\pav.exe

Find and Unregister Personal Antivirus DLL Files:
wincontrol.dll
regsvr32 /u Personal Antivirus.dll
Find and Remove Personal Antivirus registry values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Antivirus"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE

Find and Delete Personal Antivirus Files:
c:\Program Files\Personal Antivirus
c:\Program Files\Personal Antivirus\PerAvir.exe
c:\Program Files\Personal Antivirus\uninstall.ico
c:\Program Files\Personal Antivirus\activate.ico
c:\Program Files\Personal Antivirus\Explorer.ico
c:\Program Files\Personal Antivirus\unins000.dat
c:\Program Files\Personal Antivirus\working.log
c:\Program Files\Personal Antivirus\db
c:\Program Files\Personal Antivirus\db\DBInfo.ver
c:\Program Files\Personal Antivirus\db\ia080614.db
c:\Program Files\Personal Antivirus\db\ia080618x.db
c:\Program Files\Personal Antivirus\Languages
c:\Program Files\Personal Antivirus\Languages\IAEs.lng
c:\Program Files\Personal Antivirus\Languages\IAFr.lng
c:\Program Files\Personal Antivirus\Languages\IAGer.lng
c:\Program Files\Personal Antivirus\Languages\IAIt.lng
c:\WINDOWS\system32\log.txt
c:\Documents and Settings\All Users\Desktop\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus
%UserProfile%\Application Data\Personal Antivirus\unins000.exe
%UserProfile%\Application Data\Personal Antivirus\settings.ini
%UserProfile%\Application Data\Personal Antivirus\uill.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus\db
%UserProfile%\Application Data\Personal Antivirus\db\config.cfg
%UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
%UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
PersonalAntivirus[1].exe
pav.exe
wincontrol.dll
hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

Re: Personal Anti Virus (PAV)

Thanks Samuria
I'd done an internet search and came up with the same I think.  That looks like the only way to get rid of this beast.
It's not loading now (I deleted the exe since there isn't an uninstall file), but it's still blocking Internet Explorer from starting (at least I hope that's what's stopping it!)
I'll let you knowe the outcome.
John
hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

Re: Personal Anti Virus (PAV)

OK - can't find most of those references (files or registry).  I've run Ccleaner (deleted over 800 Mb of rubbish, and also run the reg cleaner in that) and Spybot registry cleaner.  Now running Spybot again, to see if it picks up anything else.
The main issue at the moment is that IExplorer won't run at all (so MS updates are not available)  He's installed Firefox, so he can get on to the internet (but as far as I can see, it's installed on to the desktop! (so I guess I'll have to uninstall it and try again))
Kids!
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: Personal Anti Virus (PAV)

You could also try running these two progs..... both free....
http://www.malwarebytes.org/mbam.php
http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
I use both, as well as CCleaner (and reg cleaner) and AVG....
hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

Re: Personal Anti Virus (PAV)

Thanks
I'll try those.  I set up a new user, which let me open IExplorer, but it still has a redirect on somewhere, because I get a page blocked message and what looks like a Firefox warning asking me to click on the install PAV (On IE?!) and I can't open any other site.  When logged in as my son, there's still no luck with IExplorer.
The Registry entries etc earlier appear to be for XP - I assume Vista is different.  Someone at work suggested having a look at the host file, but I can't find that on Vista either.
I' think I'll try those in the mroning, when my brain is working a bit better.  Crazy
I'll let you know what happens.
John
samuria
Grafter
Posts: 1,581
Thanks: 3
Registered: ‎13-04-2007

Re: Personal Anti Virus (PAV)

Try IE with no addons normally on the menu under accessories \system tools there will be a addon running and you should be able to disable it if you get IE running
hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

Re: Personal Anti Virus (PAV)

The Malwarebytes route seems to have worked! (It did take over 2 1/2 hours to run the full system scan though!) Crazy
Thanks for the help guys.
John
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: Personal Anti Virus (PAV)

That`s what we`re here for  Smiley