Resources

I have SpyHunter 3 as well as an older version of Norton that is just a free version now. I can scan my computer and come up clean and still end up getting stuff from “Personal AntiVirus” how do I get rid of this?

Personal Antivirus

As you know, Personal Antivirus is one of those rogue antivirus programs that is really malware. It usually arrives through a worm and then generates fake security alerts in an attempt at tricking you into purchasing the Personal Antivirus product.

Inadequate Virus Protection

Right off the bat, since you are still seeing Personal Antivirus messages or alerts, your computer may be under protected with its old version of Norton and SpyHunter3. While Norton products are good, I wonder if your older, free version of Norton is receiving updates with the latest protections against viruses and spyware. I looked up SpyHunter3 and apparently it is a legitimate antispyware product developed by a company called Enigma Software. However, since these two products in conjunction are not ridding your computer of the fake, Personal Antivirus program, it’s time for a new approach.

Before moving forward, check Norton and SpyHunter3 to see that they are updated with the latest updates from their developers. If not, update each program and run full system scans. If you have Windows XP or Vista, download Microsoft Windows Defender (it’s preinstalled on Windows Vista), update it, and run a full scan with this tool.  

Online Malware Removal Tools

A number of online removal tools are available from leading computer security developers such as Microsoft, Trend Micro, McAfee, and Norton. Let’s see if any of these free tools will work for you.

• Microsoft Malicious Software Removal Tool
• BitDefender Scan Online
• Trend Micro House Call
• McAfee Free Scan

Why Multiple Antivirus and Antispyware Tools are Necessary

I know it seems like overkill to run multiple anti-malware tools. Since each company develops its own products and discovers new threats independently, it makes sense that if one product doesn’t find a virus, another one (from a company that has already detected the threat and developed a fix) will.

I suspect that at least one of these free online tools will do the trick for you. If not, consider investing in a more modern antivirus product such as one of Norton’s latest PC security products or an Internet protection suite from one of the major computer security developers. If you are looking for a good antivirus/antimalware program, we reviewed numerous products earlier this year. All are reputable and several offered excellent protection for personal use at no charge. You can read the antivirus reviews at your leisure and decide which one makes the most sense for your system.

I was just about to turn off my Internet and all of a sudden I had this software called personal antivirus upload on my computer. I want to uninstall but it won’t let me. I tried to delete but it still doesn’t leave. Does anyone have any ideas?

Most likely, the reason that you are having difficulty getting rid of this “personal antivirus” application is that it is a form of malware or rogue antivirus program. Since you haven’t made mention to downloading any such program, this personal antivirus application probably came to you compliments of visiting a particular website, clicking on a link sent through an instant messaging service, clicking the security alert that appeared, or opening an unsolicited attachment.

Sometimes you can prevent the application from installing by closing out of your browser immediately and shutting down the computer. However, this strategy doesn’t always work and it is past that point for you.

What is Personal Antivirus?

The application, Personal Antivirus, was created by Innovagest 2000. It is a form of rogue antivirus that will eventually create pop ups telling you that you have security problems with your computer such as spyware or viruses. It makes use of Trojans, a form of malware that uses a great deal of Internet bandwidth and can upset the functioning of your computer. As long as you don’t click on the security alert that appears, the application shouldn’t fully install. However, it is designed to load automatically upon the start of Windows.

What are Rogue Antivirus Programs?

A variety of rogue antivirus programs exists and infects computers every day. These fake antivirus applications can create a lot of problems on your computer. So, you really do want to get it removed as quickly as possible.

How to Remove Fake Personal Antivirus Applications

The first strategy that you need to take is to run a thorough scan using an up-to-date anti-virus/anti-spyware program. If you have such a program, check the website for it and make sure that you have the latest version. Once you have done that, you can run the application and hopefully, it will remove the fake personal antivirus program. You can check the log file for most anti-virus/anti-spyware programs to see what programs have been removed.

If you don’t already have an up-to-date anti-virus/anti-spyware program, you need to obtain one. I can recommend Anti-VirusPLUS. It’s a great application that should be able to remove the fake one.

What Signs Exist for Personal Anti-Virus?

If you check the log file for your legitimate anti-virus/anti-spyware program, you will most likely see some of the following types of data:

• Rogue.PersonalAntiVirus
• C:\Program Files\Personal AntiVirus
• C:\Program Files\Personal AntiVirus\Explorer.ico
• C:\Program Files\Personal AntiVirus
• PerAvir.exe

These are just a few of the entries that will show up in the scan. Once they are removed by your legitimate anti-virus/anti-spyware program, you should be fine.

Antivirus 2008 is hijacking my Mozilla browser and Malwarebytes doesn’t remove it. What should I do?

Antivirus 2008 is a rogue program from the people who brought you XP Antivirus and XP Cleaner. It uses a stealth installation from a Trojan or other malware and is difficult, although not impossible, to manually remove. Among other problems, it will often give you false pop ups alerting you of problems with your system. If you’ve tried Malwarebytes and that hasn’t done it, try Paretologic’s Antivirus Plus - there is a free download that will scan your system before you commit to a purchase. ParetoLogic’s database shows two versions of this virus, so it’s safe to say that this software is equipped to remove Antivirus 2008.

Manually Remove Antivirus 2008

If you want to try to manually remove the virus, you will have to alter the registry. If you are not comfortable with your computer, you might want to leave this to someone who is, and always make sure that everything important is backed up before you start.

First, you will have to kill these processes:

• AntiVirus2008.exe
• AntvrsInstall.exe
• AntvrsInstall[1].exe
• Antvrs.exe.

To do this, open Windows Task Manager (usually by pressing CTRL+ALT+DEL). Click on the Processes tab and you will see a list. Find the above processes and choose End Process to kill them.

Next, you need to get into the registry by going to Start and then Run. In the open box, type in: regedit. Then click OK. Navigate to the following registry values and delete them:

• HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
• HKEY_USERS\Software\antivirus 2008
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “3P_UDEC”
• HKEY_CURRENT_USER\Software\Antivirus
  Software\Microsoft\Windows\CurrentVersion\RunOnce\3P_UDEC
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antivirus”
• Microsoft\Code Store Database\Distribution Units\3BA4271E-5C1E-48E2-B432-D8BF420DD31D

You need to unregister the dll files that are associated with the virus. They are shlwapi.dll and wininet.dll. Go to Start and Run and then type in: cmd. Click OK. Now navigate to the folder that contains the dlls. When you find the exact directory, type in: regsvr32 /ushlwapi.dll and click Enter. You should see the message that the process was successful. Do the same thing again, only this time, type in: regsvr32  /uwininet.dll.

You can find and delete the files by going to Start> then Search> Files and Folders and typing in the name of the file you are looking to delete. Delete the following files:

• AntiVirus 2008.lic
• AntiVirus 2008.lnk
• Antivirus.lnk
• AntiVirus2008.exe
• Antvrs.exe
• AntvrsInstall.exe
• AntvrsInstall[1].exe
• shlwapi.dll
• wininet.dll

Delete the directory:

• ProgramFiles\ANTIVIRUS 2008

As you can see, manually deleting everything you need to in order to get rid of the program is a bit arduous - you might want to try another program like Antivirus Plus before you give up completely.

WinPC Antivirus keeps popping up on the screen. I’m having trouble removing it.

What is WinPC?

WinPC Antivirus and WinPC Defender sure sound like legitimate computer security products, don’t they? Both programs are related with WinPC Antivirus typically arriving via fake security alerts that prompt you to download and install WinPC and WinPC Defender arriving as a hitchhiker with another download. Unfortunately, both versions of WinPC are fakes. That’s right, even though WinPC sounds legitimate and its screens look like a real antivirus program, it is an imposter. In fact, if your computer is infected with WinPC, you’ll see numerous security alerts prompting you to purchase the product in order to “resolve” the problems. You’re correct in trying to remove this malware.

Removing WinPC

First, do you have any legitimate computer security software installed on your computer? If so, technically, your computer security software should have blocked this infection. However, not all PC security products have real-time blocking which means that some infections can sneak in and won’t be resolved until the next update and scan. Assuming that you do have a good computer security product installed, go ahead and update the software and then run a complete system scan.

WinPC is classified as “scareware,” not a computer virus. Because of this, standard virus scanners may not detect it. If your computer security software doesn’t address all types of malware, then you’ll need additional tools. MalwareBytes and Windows Defender are two reputable free choices whereas if you want a complete Internet Security package, consider ParetoLogic’s Antivirus Plus.

Any of these products should safely remove WinPC from your system. No matter which product you choose, close out all running programs, update the scanner with the latest defenses, and then run a complete system scan. Complete scans are time consuming, so plan on not using your computer for several hours as the scanner searches for and destroys vicious and malicious software from your system.