malwarecrawler.com

PAV- Personal AntiVirus, another rogue software, how to remove/delete/get rid of it

// April 18th, 2009 // Malware Related

Update:

To all of the readers getting a warning like this one from your browsers, stating my site is dangerous- Do not believe it- it is a trick by the personal antivirus infection to scare you away from getting information on how to remove this infection.

It is designed to be a convincing mock up of a firefox phishing/danger warning, however as you can see it is also displayed in Internet Explorer which does not have a warning screen such as this one. What is happening is that the website securityhelpcenter.com is hijacking your search results/attempt to access my site and trying to scare you into buying Personal anti virus (again)…please rest assured that my blog and all links from my blog are completely safe and these warnings are false. If you have tried following my removal instructions and still need help removing it, please leave a comment on this article.

Now, back to the main article- PAV- Personal AntiVirus, another rogue software, how to remove/get rid of it:

I recently got word that the site antispywarepcscanner.com was spreading a new fake/rogue anti virus application. I have blogged about this annoying type of threat previously (anti-virus-1 and Anti virus 360 being two examples)

I decided to investigate this threat further.

The website antispywarepcscanner.com triggers a fake scanning page if the user vists via a specially crafted link placed on genuine, but hacked sites.

A convincing fake scan window is displayed, like the one below:

If a user clicks remove all an installer file is downloaded

If the installer file is launched/run, it will initiate connections to a number of other sites to download the main infection.

Once the installer finishes downloading the infection, the malware file wincontrol.dll will be dropped into C:\Windows\System32\wincontrol.dll (newer versions drop winexplorer.dll) and the main infection dropped into C:\program files\PAV\pav.exe (it may drop files into other places, such as C:\Program Files\PersonalAV\Security Software.exe )

It will then proceed to issue (fake) scary warnings of impending doom and inform the user that their computer is infected with many serious viruses (which is not true, the only virus being Personal AntiVirus itself), with screens such as the ones below displayed in order to frighten the user into buying into the scam:

Of course, to remove all of the scary infections it claims to have found, personal antivirus will require you to “register”…which means handing over your hard earned cash to a bunch of scammers….

Now, lets get on to how to remove this scum from your computer:

There are two tools that I know definitely do detect and remove this infection, the first one being the well known Malwarebytes Anti-Malware…. this tool is FREE to use for detection and removal, but the realtime protection that will prevent such an infection in the first place will require a license. Download it from their website-

http://www.malwarebytes.org/mbam.php , install it, remember to update it first and then perform a scan which will find and remove this nasty.

If Malwarebytes Anti-Malware has helped you remove personal anti virus, please consider buying a license to say thanks and support their fight against malware- you can securely purchase a license by clicking here:
https://store.malwarebytes.org/342/?affiliate=4568&cart=29945&scope=cart – please note that this is completely optional and not a requirement for it to scan and remove personal anti virus, but you will benefit in future from real time protection that will prevent infections like this and many others installing themselves on your system!

The other tool is from a well known anti virus vendor, Kaspersky Lab- It is called AVPTool and is a free virus removal utility. You can download and run it from their website, and it will scan your computer for any threats that MBAM missed and remove them free of charge. Get it here:

ftp://ftp.kaspersky.com/devbuilds/AVPTool/index.html