Description is a browser hijacker promoting the distribution of the rogue anti-spyware application known as Personal Antivirus. Due to affiliated trojans infiltrating the computer via security exploits and modifying the browser settings, web-surfing activities are redirected to the domain. Once here, the computer is subject to a fake online scan that displays fictitious and sometimes grossly exaggerated infection results, all in order to intimidate the user into purchasing the fake spyware remover Personal Antivirus.

Technical Information

File System Details creates the following file(s):
# File Name Detection Count
1 %Program Files%\Personal Antivirus\PerAvir.exe N/A
2 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe N/A
3 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe N/A
4 %UserProfile%\Application Data\Personal Antivirus\unins000.exe N/A
5 %UserProfile%\Application Data\Microsoft\Windows\winlogon.exe N/A
6 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk N/A
7 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk N/A
8 %UserProfile%\Application Data\Personal Antivirus\uill.ini N/A
9 %UserProfile%\Application Data\Personal Antivirus\db\config.cfg N/A
10 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt N/A
11 %Program Files%\Personal Antivirus\activate.ico N/A
12 %Program Files%\Personal Antivirus\uninstall.ico N/A
13 %Program Files%\Personal Antivirus\db\DBInfo.ver N/A
14 %Program Files%\Personal Antivirus\Languages N/A
15 %Program Files%\Personal Antivirus\Languages\IAGer.lng N/A
16 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png N/A
17 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus N/A
18 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk N/A
19 %UserProfile%\Application Data\Personal Antivirus\settings.ini N/A
20 %UserProfile%\Application Data\Personal Antivirus\db N/A
21 %UserProfile%\Application Data\Personal Antivirus\db\Urls.inf N/A
22 %Program Files%\Personal Antivirus N/A
23 %Program Files%\Personal Antivirus\unins000.dat N/A
24 %Program Files%\Personal Antivirus\db N/A
25 %Program Files%\Personal Antivirus\db\ia080618x.db N/A
26 %Program Files%\Personal Antivirus\Languages\IAFr.lng N/A
27 %WINDOWS%\system32\log.txt N/A
28 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png N/A
29 %Documents and Settings%\All Users\Desktop\Personal Antivirus.lnk N/A
30 %Documents and Settings%\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk N/A
31 %UserProfile%\Application Data\Personal Antivirus N/A
32 %UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk N/A
33 %UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf N/A
34 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini N/A
35 %Program Files%\Personal Antivirus\Explorer.ico N/A
36 %Program Files%\Personal Antivirus\working.log N/A
37 %Program Files%\Personal Antivirus\db\ia080614.db N/A
38 %Program Files%\Personal Antivirus\Languages\IAEs.lng N/A
39 %Program Files%\Personal Antivirus\Languages\IAIt.lng N/A
40 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png N/A

Registry Details creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Antivirus"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS"

One Comment

  • jonny smith:

    This guide looks very helpful I will send to a friend that has this problem from what he told me .
    In any case I advice all persons that use this to delete all registers of the program to make a scan online with an AV that is good rated by consumer organization like bitdefender for example and install an antivirus if you don t have on already even as a trial version to see how it works .
    Jonny signing out wishing you to be safe online.;)