Wednesday, 17 February 2010

How to remove Personal Anti Malware fake antivirus program? (Uninstall guide)

Personal Anti Malware is a fake program that reports false threats and uses aggressive advertising to scare you and to trick you into thinking that your computer is infected with malware. This rogue security software claims to remove the infections in exchange of payment. Don't purchase it. Personal Anti-Malware is a scam. By the way, if you unadvisedly purchased it, contact your credit card company and dispute the charges. Another interesting thing is that if you did purchase it then you probably see a new version of the PersonalAntiMalware virus with new graphical user interface and title - Personal Anti Malware Center. One way or another, this program should be removed from the system as soon as possible. The good new is that it can be removed for free with legitimate anti-malware/spyware software. Read removal instructions below to find out how to remove Personal Anti Malware for free.

Personal Anti Malware video:

As a typical rogue program, Personal Anti-Malware displays fake warnings and pop-ups and it has its own Anti Malware Security Center called Security Essentials. Yep, you're right, just like the false scan results, these alerts and pop-ups were made to scare you and to convince you into paying for this needless software. This fake program constantly displays notification from Windows task bar with random infections:

Critical System Warning!
Your system is infected with version of [virus name].
This malicious program is a [virus type].
It infected [file name].
This [virus type] attempts to steal and corrupt your private information.
Click here to save your private information!

As you can see, Personal Anti Malware is a total scam. Don't install it and most importantly, don't purchase it. OK, let's get on with the business of disinfecting your computer. There are several free and effective removal tools that should be able to get rid of this fake program. These programs are listed in the removal guide below. It might be that you will have to use two programs to remove this infection completely. You may use more than one spyware removal software. They are all free. Also note, if you can't do anything in Normal Mode then you should reboot your PC in Safe Mode with Networking and complete the removal steps again. What is more, Personal Anti Malware may come bundled with other malicious software that is not included in the removal guide. Because of that manual Personal AntiMalware removal is not recommended.

Personal Anti Malware removal instructions (method #1):

NOTE: complete steps 1 and 2 if you can't use Internet or download/install malware removal tools listed in step 3.

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entries in the scan results:
O4 - HKCU\..\Run: [Personal Anti Malware] C:\Program Files\Personal Anti Malware\PAM.exe
O4 - HKCU\..\Run: [Windows applications server] C:\Program Files\Personal Anti Malware\SysShield.exe
O4 - HKCU\..\RunOnce: [%Temp%\delInstav2009.bat] %Temp%\delInstav2009.bat
Select all such entries and click once on the "Fix checked" button. Close HijackThis tool.

3. Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.
NOTE1: if you can't run any of the above programs you must rename the installer of selected program before saving it on your PC. For example: if you choose MalwareBytes then you have to rename mbam-setup.exe to iexplore.exe, explorer.exe or any random name like test123.exe before saving it.

NOTE2: if you still can't run the renamed file then you need to change file extension too not only the name.
1. Go to "My Computer".
2. Select "Tools" from menu and click "Folder Options".
3. Select "View" tab and uncheck the checkbox labeled "Hide file extensions for known file types". Click OK.
4. Rename mbam-setup.exe to either or test123.pif
5. Double-click to run renamed file.

Removing Personal Anti Malware in Safe Mode with Networking (method #2):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here:

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
If you can't reboot your PC in Safe Mode with Networking, download SafeBootKeyRepair and run it. If the rogue program blocks it then download and run this file RenamedSBKRepair. Follow the prompts. Then reboot your PC in Safe Mode with Networking.

2.Download one of the following legitimate anti-malware applications and run a quick system scan. Don’t forget to update it first. All programs a free.

Personal Anti Malware files and registry values:

Files and folder:
  • C:\Documents and Settings\All Users\Start Menu\Personal Anti Malware
  • C:\Program Files\Personal Anti Malware
  • C:\Program Files\Personal Anti Malware\add.exe
  • C:\Program Files\Personal Anti Malware\AVP_Update.exe
  • C:\Program Files\Personal Anti Malware\PAM.exe
  • C:\Program Files\Personal Anti Malware\scanopt.sys
  • C:\Program Files\Personal Anti Malware\Support.url
  • C:\Program Files\Personal Anti Malware\svo.scf
  • C:\Program Files\Personal Anti Malware\sysdata.sys
  • C:\Program Files\Personal Anti Malware\SysShield.exe
  • C:\Program Files\Personal Anti Malware\Uninstall.exe
  • C:\Program Files\Personal Anti Malware\warning.mht
Registry keys and values:
  • HKEY_CURRENT_USER\Software\AV2009
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Anti Malware"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows applications server"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform "AVP09"

Share this information with other people:

No comments:

Post a Comment