Personal Antivirus is reported to be a rogue application. There could be several malicious webites distributing this application. There are several ways a fake/rogue application may enter into your computer.

{slide=Tell me how it infects my computer! -      }

1. You may have downloaded it knowingly or unknowingly mistaking it to be something else.
2. It may have automatically downloaded while you were visiting some harmful website
3. Your computer may have a trojan virus which in turn downloads such an application.

Recently I have noticed that the malware authors are also keeping track of the removal instructions published on the internet. As soon as they think that the malware is exposed, they change the file/folder names and the locations where they are saved on the hard disk. So keeping this in mind you will require the latest information of the malware in order to be able to remove it.

 You can see the threatexpert analysis reports of several variations on this link  . The  rogue has changed the file names and the folder names since it was created. Now this article includes the latest names. 

If you happen to have the virus installer, you can submit it to threatexpert site and get it analyzed. That will help you to get the precise information about the virus.  {/slide}

 {slide=Tell me how I can use System Restore to rid of it! -  }

Trying system restore

 If you know the duration since your computer is infected, you can try to restore your computer at a prior date, that will work like a miracle in removing the infection

• Using system restore in windows XP
  •          Using system restore in windows Vista

{slide=Are there any free tools available! -  }
Free removal tools

• Special tools to remove a single virus or a family of virus.
• Free Online virus scanners
• Fully functioning antivirus/ antispyware

•  Free tools for windows XP
  
  
  • Free tools for windows Vista

{slide=I have no time! Tell me briefly  -      }
Ok, here is your brief guide

1. Open Task manager, and terminate the following processes
   pav.exe
   Personal Antivirus.exe
   plus any random looking names
2. Open The System Configuration Utility
   Start > run . Type msconfig, press Ok
   Click on Startup tab. Locate and uncheck the names
   Personal Antivirus, PersonalAV, PAV
   Press Apply, Press OK, Restart the Computer
3. Use windows search tool, search and delete all instances of
   PersonalAV, PAV, AskSBar, NetFilter.exe, msxmlm.dll
4. Run CCleaner - Cleaner and Registry menus. And you are done!

{/slide}

{slide=Ok Show me the steps! -      }
Manual Removal

The steps to be taken to remove the infected files manually   

Boot in safe mode

Sometimes you will not be able to delete a file even if you find it, in that case you should boot in safe mode and then try to delete it/ them.

• How to boot in safe in windows XP

• How to boot in safe mode in windows Vista

Remove Processes from Task Manager 

Press Ctrl Shift Esc to open Task Manager. See in the list of the processes for a processe/s named Personal Antivirus.exe or pav.exe ,  select if found and press the End Process button. It will prompt you , say yes, and then close the Task Manager.

 Optionally you can use Windows Defender to see the path of a currently running program/ process and its publisher, so as to differentiate malware processes from windows genuine processes.

• How to use Windows Defender in windows XP
  
  
  •         How to use Windows Defender in windows Vista

Removing entry from windows startup

The system configuration can be started in xp and in vista by typing msconfig in the run box/ start menu search box. In xp by clicking on Start > run . The windows startup is reversible, therefore you can check / uncheck any entry from windows startup any number of times.

After the system configuration window is open, Click on the Startup tab, that will list all the programs that are scheduled to start with windows. Expand the middle column using your mouse pointer so that you can see the full path of the program. Locate and uncheck  "Personal Antivirus" or "PAV" or "PersonalAV" (look for any other suspicious names)  Press Apply , Press Close/Ok , Select "Restart the computer" at the next prompt.

 View Hidden Files

  Before you could delete Personal Antivirus and its associated files you need to search for them, and before doing that you need to enable to view hidden files and folders 

•  How to Enable to View Hidden Files and Folders in Windows XP
  •           How to Enable to View Hidden Files and Folders in Windows Vista

Searching andd Deleting the Folders / files on the hard disk

After restarting the computer, use the windows search utility to search for "Personal Antivirus". This search will find all its folders on the hard disk , delete the folders from the hard disk. Delete its all instances.

The Folders could be found in following locations

     %CommonStartMenu%\PAV
     %ProgramFiles%\Common Files\Uninstall
     %ProgramFiles%\Common Files\Uninstall\PAV
     %ProgramFiles%\PAV

In recent instances these files/folders are found

(in order to remove the files from the temp folder, using a temp files cleaner like CCleaner is recommended)

%Program Files% is typically C:\Program Files\
%CommonPrograms% is typically C:\Documents and Settings\All Users\Start Menu\Programs\
%CommonStartMenu% is typically C:\Documents and Settings\All Users\Start Menu
%Temp% is typically C:\Documents and Settings\[UserName]\Local Settings\Temp\

 Run CCleaner : After deleting Personal Antivirus and its associated files , as there will be leftover entries in the windows regitry. CCleaner is a free temp files/registry cleaner, that will automatically clean the registry as well as remove the temp files . Click here to read more

Using HijackThis:  The following entries are found in one instance of hijackthis log. Remove these entries by selecting them and by pressing the "Fix Checked"button in the program Hijackthis.

 Edit Registry : if you are comfortable in using the regedit command.  You can find a list of all the registry modifications done by different variations of this rogue on this link.

• How to edit registry in windows XP
  •           How to edit registry in windows Vista

{slide=What if I have other problems! -      }

More Problems

If you are unable to open Task Manager, registry editor, system restore, Folder Options etc

If the virus has disabled them. There are free tools and techniques to solve this problem.  They are listed here.

Tools for Windows XP

Tools for Windows Vista

Use the system file checker

If you want to make sure that the windows system files are not altered by the virus, and in case if they are altered then to repair them.

•  How to run System File checker utility in windows XP
  •          How to run System File checker utility in windows Vista

Unable to access security related sites

Using Firewall 

Check your firewall for any suspicious communication from your computer to the internet and block it using firewall.

Reprinted with permission from threatexpert.com

 {/slide}