Cannot remove Personal Antivirus - rogue software

My daughter computer with Vista is infected with the rogue software
'Personal Antivirus' but no matter what I do I cannot remove it. It is
installed in C:\Program Files\PAV and Vista does not allow me to remove
it. It says needs Administrator permission though I am Adminstrator and
I gave all required permissions. When i click close in System Tray it
does not close it. When I try to uninstall it does not uninstall it.
Wondering reinstalling OS is the only option? I have Zone alarm with
latest updates but that does not seem to be able to remove it.
Appreciate any help.

I've noticed with Vista, as I am new to Vista, that if you want anything
to work with admin writes, you must right click and specifically run as
admin. So if there is a start > Programs> > application you want to
uninstall > uninstall file, right click on it and run it as admin.

It only means it was installed on an admin rights and then created another
account to lockdown users capability to remove or uninstall the said
application and worst some have rootkit capability that is becoming more and
more complex in each new variant that comes out in the open.

Download hijackthis send in the logs and lets have it analyzed on what
variant/class of rogue or fake AV you have. Also what version of zone alarm
are you using, have you updated it recenty?

where to get hijackthis
http://www.trendsecure.com/portal/en...ols/hijackthis

Milo - I see you are back and again telling posters to run HijackThis and
"lets [sic] have it analyzed". Once again, we do not analyze HJT logs here
in the MS newsgroups. If you are going to tell people to run HJT (which
should really be the last resort, especially when there are already clear
removal instructions for the OP's infection - given by DL), then at least
give them links to some specialty forums to post the HJT logs.

out of respect to the links as indicated - the troubleshooting " by using a
3rd party tool - a nice marketing intro for the MB product " revolves only
in XP environment not in Vista as what satyad's concern - as it also prompts
in one way or the other the use of Hijackthis so how would that be different
to my request of hijackthis log. And the FakeAV in satyad case and like any
other fake AV it didn't came alone since the behavior he indicated now
usually fake/rogue av are introduced by a catalyst malware, which am more
concern about than the fake AV which is only the payload and recently some
of them even have rootkit capability.

And if so the request for the log is granted, I would ask them to send it
via e-mail which I would gladly analyze myself.

I agree Milo. Detecting that a file contains malware is important, but
other things can be *more* important. If the detector can *identify* a
specific malware for instance (giving it a name) it is more useful than
just a filename. Where the suspect file is located is important - but
most important in my opinion is *how* it got there and what *else* may
have been done from that point on. These rogues have the ability to do
some serious damage even after they are *removed*. Unfortunately, I fear
HJT won't address file infections at all, only some other start methods.

HJT analysis may be able to *identify* the exact malware by its various
startup methods, but I doubt it will be able to tell you what other
malware was available at the referenced malicious server at any given
time, or what other malware uses the same ingress vector yet gets less
"press" attention.

Preempt the OP's likelihood of interpreting your post as a request to
post his HJT log here, and I don't think anyone will object.

I believe Personal Antivirus creates a 'PAV' folder in the Program Files,
plus a BHO called '&helper' with a file name of something like
'ms.....64.dll' in the windows/system32.

Use Hijackthis to delete them, then reboot.

How to remove Personal Antivirus

An anti-junkware site, funded by adverts for junkware, in the usual layout
that makes it very difficult to see what's the article and what's the
advert. If you're not VERY carefull where you're clicking here, you'll
simply replace one infestation of junkware with another.

Take a look here, Personal Antivirus removal guide:

so last night i get this stinking personal antivirus virus. go through all the forums and spend 3 hours trying to figure out how to delete files that wont delete. i follow all the advice of the geniuses on here. Finally, i simply try the system restore and bam! its gone. took... what 3 minutes? checked to see if any traces are there.. none.. its gone.


Post Originated from http://www.VistaForums.com Vista Support Forums