Over the past several months we’ve seen a particularly insidious piece of software infecting systems by the name of “Personal Antivirus.” It seems to have grown in its proliferation in the past few weeks, as our techs are reporting a large number of infections. The purpose of our e-mail is not to scare, but to encourage our valued clients to be vigilant concerning this malicious program.
Here’s what we’ve discovered about this program: When a user visits a webpage infected with it, it downloads the Personal Antivirus executable and begins warning the user that they are infected with a Trojan virus. They will most often see an icon in the system tray that warns them that they are infected. Opening the icon reveals a fake antispyware program named Personal Antivirus, which promises the user that it can remove the infection that it is falsely reporting to have found. It also requires the user to buy the program to be able to remove it. Unfortunately, upon installing the program, the user will find themselves not only $59.99 poorer, but infected worse than before. In addition, this Trojan puts the user’s private information at risk. We have also found that not purchasing the program but clicking on its interface can also further infect a system.
What can I do to avoid infection?
1. Maintain current antivirus definitions with your antivirus program. However, we have found that not every antivirus program is catching PAV, because it is mutating at a very fast rate, and its debilitating effects are widely varied from system to system.
2. Be extremely careful when doing web searches. Examine the link that you are clicking on. If it looks like it is linking to a dodgy website, it’s best to be safe and try a different search result.
3. We have found that this virus is proliferating wildly via Facebook, and infected web sites. Take great care before clicking on apps, banner ads, or private messages that don’t appear to be legitimate.
I have PAV on my system. What can I do to remove it?
1. We have seen some success with terminating the PAV.exe process through task manager and deleting it from C:Program FilesPersonal AntivirusPAV.exe. it does leave behind some other references, but in its initial state, you might be able to minimize its damage by deleting that file.
2. We have found that MalwareBytes or Combofix are able to find and remove some strains of this virus. However, it’s always advisable to allow a computer professional to help you before using these tools. We can help minimize the damage that it causes.
3. If you have purchased the program with your credit card, it is recommended that you call your credit card company immediately and have them cancel the charge while re-issuing you a new card.
We are quite confident that the antivirus companies will soon catch up to PAV and prevent its installation or download altogether. But as we have seen with so many viruses through the years, sometimes it takes a bit of time for the antivirus definitions to be able to catch and remove these malicious programs.
If you have any questions or concerns, please feel free to contact us.