How to Remove Personal Antivirus Virus

The Personal Antivirus virus is a fraudulent anti-spyware that was made by a company called Innovagest 2000. It has cloned itself after the Internet Antivirus Pro as well as General Antivirus.

Trojans are responsible for introducing it into many computers as a false security alert. The alert will say that your computer contains viruses, or that it found Malware running. When a person clicks on part of these alerts, the Personal Antivirus will be installed on your computer.

After the Personal Antivirus is installed and running, it will continually tell you that viruses and spyware have been detected, and the only way to get rid of them is to purchase their software program. These are bogus, as there are no actual viruses running, other then the Personal Antivirus program.

When the virus is running, it will keep coming up with security warnings that look like they’re coming from Windows Security Center, telling you to buy the Personal Antivirus. You’ll also have warnings from Internet Explorer when you’re trying to access a webpage.

One solution to the problem is go and download a program called Malwarebytes’ Anti-Malware or MBAM, and save it to your desktop.

  1. Once you have it saved to your desktop, close all other programs that are running, including windows.

  3. Then double click on the icon on your desktop named mbam-setup.exe.
  4. After you double click on the icon, it will install it into your computer.
    When the installation process is started, it will prompt you to choose certain factors, just keep on following the prompts, and it will continue.
  5. Keep the default settings the same as when it is first installed, no need to change anything.
  6. Leave the ‘update Malwarebytes’, ‘AntiMalware’, and ‘Launch Malwarebytes AntiMalware’ checked.
  7. Then click finish.
  8. After the installation is complete, MBAM will automatically be launched on you desktop. It will suggest getting any updates available before starting any scanning, clicking OK, the box will close and it will update itself.
  9. After you click OK, as stated above, the main program will be shown. You’ll see a ‘scanner tab’ with ‘perform quick scan’ option, make sure this tab is selected, and then click on the ‘scan’ to start scanning your PC for the Personal Antivirus, and all its related files.
  10. MBAM will begin to scan your computer for any and all ‘malware’.
  11. This process can take a little while, so you’d be best served to find something else to do while the scanning is taking place, of course be sure you’re checking back on it occasionally.
  12. When MBAM is finished scanning, it will show a message stating that it is done, just click on OK to close the message and continue on with the removal of the Personal Antivirus process.
  13. When you get back to main MBAM panel, click on the ‘show results’ button.
  14. This will bring up a screen that will display any and all of the malware that it discovered. You can now go ahead and click on the ‘remove selected’ button so that MBAM can remove and quarantine all the found viruses and malware.
  15. Most of the time, you’ll need to re-boot you computer for the entire process to be completed.

From my experience, the free version of MBAM is not guaranteed to find and clean personal antivirus. I would suggest using the PCTools’ Spyware Doctor for getting rid of Personal Antivirus permanently.

Removing Antivirus 2009-How to Remove Antivirus 2009 Permanently

Antivirus 2009 is a new rogue virus that comes from the same origins as Antivirus 2008. It is advertised and displayed through several misleading websites.

You’ll see fake security warnings saying that you computer has been infected with malicious spyware, and then it will prompt you to click on their warning message to get rid of the spyware and viruses.

Once you click OK, Antivirus 2009 will be installed. It will then tell you that only way to get rid of all the malicious intruders is to buy their software program. All these warning messages can look very official, coming from sites like Google, or from your Internet Explorer or Windows.

These rogue viruses are typically not harmful to your system, but rather they use all sorts of forms of deceptive advertising and trickery to sell as many copies as possible. This means misleading websites that offer free computer virus scans. Once you accept their invitations for a free scan, Antivirus 2009 will be downloaded onto your computer. Of course, it is a fake security scanner, so DO NOT buy it.

There are several places to find some legitimate software programs that will remove Antivirus 2009. You can also try to remove Antivirus 2009 on your own manually which however is not recommended since you can damage your computer operating system.

Automatic removal is the recommended method to remove Antivirus 2009. The most trusted Antivirus 2009 remover is Spyware Doctor from PCTools. You can download the free version and perform a full system scan of your PC. When the Spyware Doctor detects the virus, you can get the full registered version and have it clean Antivirus 2009 and any remnants of it automatically.

A summary of the manual method of removing Antivirus 2009 follows below.

  1. There are three different steps that you need to follow to remove Antivirus 2009. On your keyboard press ’Alt+Ctrl+Delete’
  2. Then click on ‘Task Manager’.
  3. Find these two processes; AVP2009.exe and AntivirusPro2009.exe,
  4. Click ‘End Process’.

Continue to search for the malicious file of Antivirus 2009 which are as follows:

  1. C:\Program Files\AntivirusPro2009 –
  2. C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe
  3. C:\WINDOWS\system32\AVP2009.cp – C:\Program Files\AVP2009\AVP20091.dat
  4. C:\Program Files\AVP2009\avp2009.dat C:\Program Files\AVP2009\avp2009.cpl
  5. C:\Program Files\AVP2009\AVP2009.exe
  6. C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk
  7. C:\Documents and Settings\Admin\Desktop\AntivirusPro2009.lnk
  8. C:\Documents and Settings\Admin\Start Menu\Programs\AntivirusPro2009
  9. C:\Documents and Settings\Admin\Start Menu\Programs\AntivirusPro2009\AntivirusPro2009.lnk
  10. C:\Documents and Settings\Admin\Start Menu\Programs\AntivirusPro2009\Uninstall.lnk

Click start, then click search. You’ll want to type the above named in there and let your computer find them. When any are found, just delete them.

The next step in how to remove Antivirus 2009 from your computer is as follows.

  1. Click start, then click ‘run’ then type in ‘regedit’ then hit OK.
  2. This opens you registry editor.
  3. Then you want to scroll down until you find these registries to edit.


3.2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro2009

3.3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus Pro 2009″

3.4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Antivirus”

3.5 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antivirus”

3.6 HKEY_CURRENT_USER\Software\AVP2009

3.7 HKEY_CURRENT_USER\Software\AntiVirus

While it is very possible to remove Antivirus 2009 on you own, it is only recommended that you try the manual removal only if you consider yourself an expert.

If you damage the registry it can cause more serious operating problems then Antivirus 2009 ever could.

If you’re inexperienced then buy yourself a software program that will automatically scan, find, and destroy all remnants of Antivirus 2009.

All you’ll do is find a legitimate antivirus software make such as PCTools’ Spyware Doctor, download their program, and run the scan feature. It will find all the files and registries of Antivirus 2009 and remove them automatically, thus ensuring that you don’t do further damage to your computer.

Protect your children on the Internet

Many parents ask how they can protect their children while they surf on the Internet. Recently a mother was worried that her children spend too much time on sites like Orkut, MySpace and Facebook. These concerns were not because of time loss from such activities but mainly because she didn’t know with whom the children were communicating in these social networks and whether the children were giving any personal information to unknown people. After several references on the press about the hazards hidden in the Internet social networks, the mother decided to block some sites on the children computer.

The only problem was that the mother was not aware of parental control software like Net Nanny or Norton Internet Security, which also cost some money. Before you decide to block some addresses (something that the children will be opposed), try a few other things:

First of all, educate your children and tell them about the dangers that exist when they share information with strangers. Family members should discuss the security and confidentiality of data in the web. You can place the computer in an area where you can easily check the screen to get an idea of what your children do and which sites they visit frequently. Furthermore, Orkut is a social network which means that one can easily see what friends your children have and what data is exchanged.

Finally, to block specific sites on your child’s computer with Windows without paying any money, follow the procedure below.

* Start – Run
* Enter notepad c: \ windows \ system32 \ drivers \ etc \ hosts
* Go to last line and add:

* Save the file and quit notepad

You can block any site you want with this technique. If you want later to unblock a certain site, simply remove the appropriate line with the same procedure. You should know however that usually your children are very smart and they will find out about the above technique sooner or later. So maybe a parental control software might be more appropriate.

How to Remove the Conficker – Downadup – Kido Worm

The new worm blast that affects almost all Windows versions listens to the name of Conficker or Downadup or Kido. It is estimated that around 50000 computers per hour are being infected with the Conficker worm all over the world. This worm spreads itself by exploiting the Microsoft vulnerability MS08-067. It is a very clever malware as it tries to break passwords by brute force attacks in order to take administrator access to the infected machines. It uses also network shares to copy itself over to other hosts. The worm code is so complicated that researchers are aggressively digging into it in order to engineer a cure for it. The new version of the worm is Conficker C and as known so far, on April 1st all the infected hosts will be taken under the control of a secret master bot network.

To remove the worm, first you need to patch your windows machine for vulnerability MS08-067. After that, you need a solid antispyware tool. You can download XoftSpySE below for a free scan of your computer for Conficker Worm

free download xoftspyse

Adobe Reader and Acrobat JBIG2 Processing Multiple Vulnerabilities

Adobe Acrobat is a program designed to create, manage and view Portable Document Format (PDF) and Adobe Reader is designed to only view and print PDF’s. Both Adobe Acrobat and Reader have buffer overflow vulnerabilities while handling JBIG2 streams inside a PDF file. JBIG2 is an image encoding standard for encoding bi-level images. One of the flaws is due to a four byte value which represents the number of values in a table and is used to allocate a buffer. This value is taken from the file without adequate checking and a specially crafted PDF file can be used to overflow the buffer. The other flaw is due to a malformed JBIG2 symbol dictionary segment contained in a malicious PDF file. There are still some other unspecified errors in the processing of this JBIG2 streams. Potential vectors of attack are sending the malicious PDF document as an email attachment, or enticing the victim to visit the website that has malicious document – which can be achieved via iframes, or placing the document on a file share. In either case the attacker has to convince the victim to open the files. Successful exploitation can lead to code execution. Some technical details are publicly available.

Affected:Adobe Acrobat Standard 8.1.3 and prior
Adobe Acrobat Standard 7.0.8 and prior
Adobe Acrobat Standard 9
Adobe Acrobat Standard 8.1 and prior
Adobe Acrobat Standard 7.1
Adobe Acrobat Reader (UNIX) 7.0.1 and prior
Adobe Acrobat Reader 8.1.3 and prior
Adobe Acrobat Reader 7.0.9 and prior
Adobe Acrobat Reader 9
Adobe Acrobat Reader 8.1 and prior
Adobe Acrobat Reader 7.1
Adobe Acrobat Professional 8.1.3 and prior
Adobe Acrobat Professional 7.0.9 and prior
Adobe Acrobat Professional 9
Adobe Acrobat Professional 8.1 and prior
Adobe Acrobat Professional 7.1
Adobe Acrobat 7.0.3 and prior

Microsoft Buffer Overflow Vulnerability on Graphical Device Interface GDIPlus EMF

There is a Critical Microsoft vulnerability discovered these days affecting almost all windows versions:


Graphics Device Interface (GDI) is an application programming interface by Microsoft Windows. It’s a core operating system component responsible for representing graphical objects. Microsoft Windows GDI has integer overflow vulnerability in gdiplus.dll while processing Enhanced Metafile (EMF) files. Possible vectors to exploit the flaw are: (a) Create a webpage containing a malicious WMF or EMF image file, and entice an attacker to visit his webpage. (b) Send an email with a specially crafted EMF image file attachment and convincing the user to view it or (c) embedding the malicious image file in an Office document and convincing the user to open it. Successful exploitation might lead to code execution or denial-of-service. Technical details about the vulnerability are publicly available.

Affected versions:

Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Gold 0
Microsoft Windows XP 0
Microsoft Office XP SP2 and prior