Image belongs to siri-urz. Thank you S!Ri
Personal Anti Malware Center removal instructions (method #1):
NOTE: complete steps 1 and 2 if you can't use Internet or download/install malware removal tools listed in step 3.
1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.
2. Search for such entries in the scan results:
O4 - HKCU\..\Run: [Personal Anti Malware Center] C:\Program Files\AMC\BIN\AMC.exe
O4 - HKCU\..\RunOnce: [C:\DOCUME~1\[User]\LOCALS~1\Temp\delInstav2009.bat] C:\DOCUME~1\[User]\LOCALS~1\Temp\delInstav2009.bat
O4 - HKCU\..\RunOnce: [C:\DOCUME~1\[User]\LOCALS~1\Temp\delav2009.bat] C:\DOCUME~1\[User]\LOCALS~1\Temp\delav2009.bat
O4 - HKCU\..\RunOnce: [C:\DOCUME~1\[User]\LOCALS~1\Temp\delUpdav2009.bat] C:\DOCUME~1\[User]\LOCALS~1\Temp\delUpdav2009.bat
O4 - HKCU\..\RunOnce: [C:\DOCUME~1\[User]\LOCALS~1\Temp\delInstavp2009.bat] C:\DOCUME~1\Bleeping\LOCALS~1\Temp\delInstavp2009.bat
Select all such entries and click once on the "Fix checked" button. Close HijackThis tool.
3. Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.
NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either test123.com or test123.pif
5. Double-click to run renamed file.
Removing Personal Anti Malware Center in Safe Mode with Networking (method #2):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
If you can't reboot your PC in Safe Mode with Networking, download SafeBootKeyRepair and run it. If the rogue program blocks it then download and run this file RenamedSBKRepair. Follow the prompts. Then reboot your PC in Safe Mode with Networking.
2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
Personal Anti Malware Center files and registry values:
Files and folder:
- C:\Program Files\AMC
- C:\Program Files\AMC\bin\AMC.exe
- C:\Program Files\AMC\bin\CreateProcessLib.dll
- C:\Program Files\AMC\bin\libclamav.dll
- C:\Program Files\AMC\bin\pthreadVC2.dll
- C:\Program Files\AMC\bin\Uninstall.exe
- C:\Program Files\AMC\data
- C:\Documents and Settings\All Users\Start Menu\Personal Anti Malware Center
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Anti Malware Center"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "C:\DOCUME~1\[User]\LOCALS~1\Temp\delav2009.bat"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "C:\DOCUME~1\[User]\LOCALS~1\Temp\delInstavp2009.bat"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "C:\DOCUME~1\[User]\LOCALS~1\Temp\delUpdav2009.bat"
Share this information with other people: