Steps For Removing Personal Anti-Virus (PAV – the gold shield icon in your System Tray or lower-right corner of desktop)

These are some simplified steps for removing the recently prevalent malware infection of Personal Anti-Virus (PAV – the gold shield icon in your System Tray or lower-right corner of desktop):
  1. Boot the PC and log on (this will probably have to be
    done for each profile/login to be safe, but at least the primary profile/login
    that is most often used)
  2. Download, Install and run the following two tools from
    http://sysinternals.com: (a) Process
    Explorer, and (b) AutoRuns

    NOTE: I believe you now have the option of running
    these tools right from the website. If so, you can do this to save a few
    steps
  3. From the Process Explorer program, in the process tree,
    see if Personal Anti-Virus (PAV.EXE) is running (look near lower part of the
    list) and hover your mouse pointer over it.  Make a note
    of (write down) the path of the file – should be
    something like C:Program FilesPersonal Anti-VirusPAV.EXE. Then right-clikc it and select KILL PROCESS from the pop-up menu.
  4. From the AutoRuns program, locate the "LOGON" tab, and
    then locate any entry in the list where PAV.EXE/Personal Anti-Virus is listed –
    uncheck any/all PAV.EXE entries
  5. Run the My Computer icon from your desktop, and
    navigate to the folder you noted in step 3 above, and delete the entire
    "Personal Anti-Virus" folder
Repeat these steps from all logon profiles. Note that steps
2 & 5, however, will only need to be done once.

Apparently this bug is being spread by servers that are part of the paid advertising accounts of such popular search engines as Bing, Google and Yahoo. It has been so far spread that there is even a lawsuit being launched: http://mcpmag.com/articles/2009/09/22/microsoft-takes-on-malvertising.aspx

This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s