Posts Tagged ‘program’

Personal Antivirus PersonalAV manual removal guide and tools

Monday, July 27th, 2009



Remove Personal antivirus, antivirus number 1, system antivirus fake spywares
Personal Antivirus is a fake spyware and virus remover, that is a program that tries to convince you into buying it by providing fake, unrealistic data about your PC infections or by using trojans and other parasites to promote itself. Personal Antivirus is distributed by malicious infected web sites that provide fake “computer antivirus scans”, malicious software bundles, for example fake codecs, fake shareware, or are downloaded by trojans already installed in your system. In the last case, trojans in your system get a signal to start promoting rogue applications like Personal Antivirus, from botnet owners that in fact control your PC. You start seeing various popups describing grave state of your system and that you need this “wonderfull” Personal Antivirus, that is “recommended by Microsoft”. That is utter lies – Microsoft does not recommend this scamware.

After you download Personal Antivirus it will start pretending to scan your system for infections. Of couse, the infection list is already preset in such tools. You will be asked to pay for “full copy” of this scam to remove parasites detected. Though after paying you will not hear anything about their manufacturers again, except in your Bank statement. Then it will be to late to get the money back, so please do not pay for Personal Antivirus.

Personal Antivirus is classified as Rogue Anti-Spyware. After infecting a user’s system, it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only Personal Antivirus can help you to remove it after you download the trial version. As soon as the victim downloads Personal Antivirus trial version, it pretends to scan your computer and shows a grossly exaggerated amount of non-existent errors. Then, Personal Antivirus offers to buy the full version to fix these false errors. If the user agrees, Personal Antivirus does not only fix the errors, but it also takes the user’s money and may even install additional spyware into the victim’s computer.

Some Rogue Anti-Spyware, such as Personal Antivirus, may offer users to buy it after the victim clicks on a banner or a pop-up while surfing the internet. Usually, a Trojan is installed to a victim’s computer after clicking on the advertisement. It then proceeds to download or even install Personal Antivirus, which is another way for Rogue Anti-Spyware to spread itself.



How to remove this spyware/malware manually:
Stop these Personal Antivirus processes:
PersonalAv.exe
services.exe
PerAvir.exe
winlogon.exe
services.exe

Remove these Personal Antivirus Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PrS”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Personal Antivirus”

Remove these Personal Antivirus files:
PersonalAv.exe
c:\Documents and Settings\All Users\Desktop\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus
%UserProfile%\Application Data\Personal Antivirus\settings.ini
%UserProfile%\Application Data\Personal Antivirus\uill.ini
%UserProfile%\Application Data\Personal Antivirus\unins000.exe
%UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus\db
%UserProfile%\Application Data\Personal Antivirus\db\config.cfg
%UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
%UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
c:\Program Files\Personal Antivirus
c:\Program Files\Personal Antivirus\activate.ico
c:\Program Files\Personal Antivirus\Explorer.ico
c:\Program Files\Personal Antivirus\PerAvir.exe
c:\Program Files\Personal Antivirus\unins000.dat
c:\Program Files\Personal Antivirus\uninstall.ico
c:\Program Files\Personal Antivirus\working.log
c:\Program Files\Personal Antivirus\db
c:\Program Files\Personal Antivirus\db\DBInfo.ver
c:\Program Files\Personal Antivirus\db\ia080614.db
c:\Program Files\Personal Antivirus\db\ia080618x.db
c:\Program Files\Personal Antivirus\Languages
c:\Program Files\Personal Antivirus\Languages\IAEs.lng
c:\Program Files\Personal Antivirus\Languages\IAFr.lng
c:\Program Files\Personal Antivirus\Languages\IAGer.lng
c:\Program Files\Personal Antivirus\Languages\IAIt.lng
c:\WINDOWS\system32\log.txt
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
=======================
Note: Manual removal guide can be confusing if you are a newbie. In that case, manual removal is not recommended. use an auto removal tool instead.
To automatically remove spywares,
use one of these great removal tools

Super Anti Spyware

Malware Bytes anti-malware (mbam.exe)

Spyware Doctor

=======================

Tags: , , , , , ,
Posted in 1:Spyware Removal | 4 Comments »

System Security 2009 fake virus program removal guide

Monday, July 27th, 2009



Remove System Security 2009 fake rogue spyware
System Security, also known as System Security 2009, (Fake anti virus program / Rogue spyware) is another deadly counterfeit antispyware application that developed to invade our Internet life. (Do not confuse System Security, which is fake softeware, to AE Software Technologies’ System Security 2009 which indeed a legit software). Presumably, System Security is a new verion of Winweb Security, with different name but same destruction. Just like most fake antispywares, System Security simulates the Windows system security alert interface, then issues misleading and exaggerated results to distract and scare the internet users.

System Security 2009 usually installed itself onto your PC without your permission, through Vundo Trojan, Virus or fake software. System Security will display fake system alerts or fake security alerts to trick user to buy the paid version of System Security, in order to remove the potential and reported problems. Not only does it cause your machine to slow down dramatically, it would also put your privacy and data in risk.

And Once installed, Security 2009 will be set to start automatically when Windows starts. Once started, the program will scan your computer and list a variety of infections, which cannot be removed unless you first purchase the program. These infections, though, are actually legitimate programs that could cause problems with the proper operation of your computer if deleted. While running, Security 2009 will also display fake security alerts in your Windows taskbar. These security alerts will contain messages stating that Security 2009 detected malware or an attack on your system and that you should register the software to protect yourself. These fake alerts and the false positives found in the scan are just a tactic to scare you into purchasing the software.



Manual System Security Removal Instructions:

Stop System Security Processes:
SystemSecurity.exe
05643921.exe
install.exe

Find and Delete these System Security Files:
systemsecurity.exe
SystemSecurity.lnk
SystemSecurity on the Web.lnk
Uninstall SystemSecurity.lnk
%desktopdirectory%\system security.lnk
%desktopdirectory%\ws\config.udb
%desktopdirectory%\ws\init.udb
%desktopdirectory%\ws\languages\english.lng
%desktopdirectory%\ws\languages\german.lng
%desktopdirectory%\ws\languages\spanish.lng
%desktopdirectory%\ws\systemsecurity.exe
%programs%\system security\system security.lnk
%desktopdirectory%\ws\systemsecurity.exe
05643921.exe
install.exe
%desktopdirectory%\system security 2009.lnk
%programs%\system security\system security 2009 support.lnk
%programs%\system security\system security 2009.lnk

Remove System Security Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run systemsecurity
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 displayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 shortcutpath
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\systemsecurity2009 uninstallstring
=======================
Note: Manual removal guide can be confusing if you are a newbie. In that case, manual removal is not recommended. use an auto removal tool instead.
To automatically remove spywares,
use one of these great removal tools

Super Anti Spyware

Malware Bytes anti-malware (mbam.exe)

Spyware Doctor

=======================

Tags: , , , , , , , , ,
Posted in 1:Spyware Removal | 9 Comments »