how to effectively remove rouge "Personal Antivirus" (PAV.exe)
Posted on 2009-04-23
I am working on a machine infected with the rouge antivirus Personal Antivirus. I thought I had it removed, but, no, it has reared its ugly head again in a different way. At first it displayed pop-ups saying "your computer may be infected...etc...click here to download protection." I stopped the PAV.exe process in Task Manager, found all PAV files and deleted them...thought I had it...the pop-ups were no more. However, I was running WinDoctor and it found unfixable problems with Norton Internet Security engine "not running." (Norton Internet Security 2009 was installed and running prior to the infection) I went to Symantec website to run automated support tool...when I clicked on support...I went to "about:blank" this website may have malicious content....click here to download removal." I ran Hijackthis and tried to submit the log to Hijackthis.de, and got the "about:blank webpage again. I tried to run TrendMicro Housecall and got the "about:blank" page as well. I looked in the registry, but couldn't find anything.
Symantec support tech said they would remove it for $99.00. I said I thought that since NIS 2009 let it through that they should remove it for nothing. They said no. So I am now turning to the experts!! I have run Spyware Doctor and MalwareBytes and still have the infection. I ran HijackThis in safe mode ...was able to submit, but DE came with nothing nasty. Ha anyone encountered this particularly insidious rouge?