# Where has Billbo been?



## billbo (Aug 6, 2009)

Hi All! Wanted to drop a quick line in. My daughter has managed to infect my home PC with a nasty virus/malware. It is called PAV.EXE or Personal Anti Virus. Anyway, my home PC is shot right now and I don't like to do a whole lot from work so I havn't been around much.

I am having SMF withdrawl. I have been trying to rid my machine on my own but I think I'm in over my head on this one. I can't seem to find an easy fix. My real anti virus (Norton) doesn't pick it up and it has cloned itself in my machine
	

	
	
		
		



		
			






I'm still alive but my computer is not.
	

	
	
		
		



		
		
	


	





Cheers for now, hopefully I will be back smoking soon!


----------



## geek with fire (Aug 6, 2009)

I just cleaned a computer belonging to a relative of mine that had PAV.  I'm an IT guy by trade, so I have a natural aversion to the automatic cleaners.  If you are tech savvy, this might make sense to you:

I rebooted in safe mode and did the following 3 items:
1.) Run MSCONFIG.  Remove any entries from the startup section that pointed to AV.exe or PAV.exe or any file in a folder that looks like it might be (you can always recheck them later if you grab the wrong one)
2.) Delete PAV.exe or AV.exe from anywhere on your computer.  The one I worked on had them in 2 locations; one in program files and the other in c:\windows\system32
3.) Search through Registry (by running regedit) for anything like PAV.exe, AV.exe or Personal.  Remove entries as you feel necessary.

_*WARNING: Deleting things from registry can cause heartburn.  GeekWithFire takes no responsibility for self-screwage caused by modifying registry.*_


----------



## tntxajun (Aug 6, 2009)

Malwarebytes is a mal/spyware free program. It will remove it. Use this before heading to your registry.


----------



## tntxajun (Aug 6, 2009)

http://www.malwarebytes.org/mbam.php

will be on for awhile so you can PM me with any questions.
Use the free version,, download,,, update it after you install
and then run the program.
Its a great malware tool and I use it alot helping folks get rid of
nasties.

Is your Anti-virus program update ? Hopefully you have one.

Jack~


----------



## fire it up (Aug 6, 2009)

Good advice from GwF, if that is a bit much for you or you still are having problems you could always go the format route, horrible to have to do a complete format but sometimes it's a last resort...
Good luck.
For a bit of extra added protection you could always run programs like PeerGuardian or if you are using Mozilla/Firefox you can also run No Scripts.


----------



## ronp (Aug 6, 2009)

I just ran this, no problems, thanks.


----------



## tntxajun (Aug 6, 2009)

Pav is a trojan. Suggest a cleaning utility instead of registry manipulations.
Reformat is not necessary except in extreme cases. 
I have removed this and other infections with this as warranted.
It gives a message that the users computer is infected and hi-jacks the browser.
Again, it is not just the single entry as it replicates itself under morphed signatures in the registry. If acted on it can be eliminated.

Jack~


----------



## jirodriguez (Aug 6, 2009)

Sucks to hear the Bilbo 
	

	
	
		
		



		
		
	


	





, computer viruses are never fun. I would second running Malwarebytes first - before going nuts in the registry and what not. I have built a few computers and am somewhat tech saavy, but I rarely feel comfortable mucking around in the system registry.... lol.

If you have a thumb drive you can download the Malwarebytes installer to the thumb drive, then run it on the infected machine. Let us know how you fare!


----------



## tntxajun (Aug 6, 2009)

I am an admin in PC-Tech which is a voice forum on Paltalk for giving free assistance to people with software/hardware issues on windows based systems.
We have seen numerous instances of this specific trojan from all over.
Malwarebytes has a free version that is very effective and we suggest having that program on your system.

That trojan is slipping by many mainstream anti-virus programs and it can disable your resident program, so it is not anything to take lightly.

Again, we strongly suggest not playing in your registry unless you know exactly what you are doing. Not a good idea even for techs unless absolutely necessary.

Jack~


----------



## chisoxjim (Aug 6, 2009)

billbo,  computer problems stink,  good luck getting yours resolved.

also thanks to the computer experts for chiming in with ideas on how to keep computers safe, and to scan for these p.i.a. worms, trojans, and malware.  My home p.c. has been acting weird for a while and I am going to do the free malwarebytes scan posted here.  I have already tried a few things, so far but things just arnt 100% right.  

Its just too bad there are computer folks around that spend their time creating these nusances.


----------



## thundernoggin (Aug 6, 2009)

Most important thing mentioned by Geek With Fire is to reboot into safe mode.  I've used Spybot and Asquared Free for years with very good results and no cash out of pocket.  Get the definitions updated then safe mode to scan.  Avast also has free antivirus with boot scanner.  If you do edit the registry make sure to back it up first.  If using Windows you may also have access to Windows Defender and can try scanning with that.  Various antivirus companies have online scanners and one of them may remove it too although most of them are hit and miss.


----------



## mballi3011 (Aug 6, 2009)

Thanks guys isn't nice to know we have some help here too.


----------



## tntxajun (Aug 6, 2009)

Not at all sure if this is appropriate to post in this forum and I apologize if I am making a blunder.

I am a member of a voice/text forum on a Global Communications Program called 'Paltalk'. This program allows participants to use a mic or use text to convey issues concerning their pcs. There is no charge for either the program or any assistance and there are multitude of specialized forums as well.

I/we are a group of tech guys and many of us specialize in certain areas, mine is security, but there is anything from software problems to some one having difficulty installing a camera or printer.

If any SMF forum admin or members would like additonal information on how to access us, please let me know.

I will be glad to post a link with an admins or moderators permission.

Jack~


----------



## ddave (Aug 6, 2009)

Also a computer tech by trade here in charge of about 750 computers.  We use three programs (in additionto our antivirus program) which are:

Malwarebytes
http://www.malwarebytes.org/products.php

Spybot Search and Destroy
http://www.safer-networking.org/en/index.html

SuperAntiSpyware
http://www.superantispyware.com/

Sometimes it is necessary to run these in Safe Mode.  We run all three and then run them again until all three say the machine is clean.

Lots of malware/adware (like the free screen savers, desktop backgrounds, toolbars, ect) are technically not viruses so they can be missed by antivirus programs.

Registry editng should only be done by *very experienced users*.  The downfall, other than being able to cripple the machine in the blink of an eye, is that most spyware etc does not follow logical naming conventions so a manual search through regedit by a novice user is not likely to be very successful.

Reformatting will fix the problem but should only be done as an absolute last resort and is usually not necessary -- regardless of what the guy from the computer store might say.  If you have a light switch in your house that won't work because of a short circuit, you can tear down the house and rebuild it from the ground up.  It will fix the problem, but there are other more exact ways to fix it.

Good luck, Bilbo.

Dave


----------



## tntxajun (Aug 6, 2009)

Double ditto what Ddave said with emphasis attached.

Jack~


----------



## bassman (Aug 7, 2009)

I just ran the malwarebytes free program.  It found quite a few "problems". I told it to remove the problems but it would only do some, not all.  I guess you have to purchase the full program to get it to remove all problems.


----------



## rickw (Aug 7, 2009)

I tried it and it took care of the 10 things it found. Pretty nice program.


----------



## ddave (Aug 7, 2009)

Should be completely free.  Go to this website

http://www.malwarebytes.org/products.php

and click on the Download Free Version button.  It will take you to a CNet download site.  Click the Download Now link and you should be good.

Dave


----------



## helljack6 (Aug 7, 2009)

www.helljack6.com

My personal website. IT for over 10 years, been part of all the major stupid rip you off and make you pay out the @ss computer repair chains, now work maintain network infrastructure for the military. Enjoy, comments welcome.


----------



## billbo (Aug 7, 2009)

Thought I would give an update. TnTxajun was kind enough to offer his help. Thank you Jack!! He, my wife and I were up to 1am last night working on this via Skype. I am a PC dummy but I can tell you this malware is nasty. Still not fixed yet but we are working on it. 

Another example of how great SMF and it's members are. I really didn't expect to get any help here I just wanted to let you all know why I hadn't been around. The wealth of knowledge of our members is tremendous. 

Thank you for all the suggestions and I will keep you updated. 

Jack you rock!


----------



## bassman (Aug 7, 2009)

Dave, I downloaded it okay the first time.  Ran the update then did the full scan.  That's when it couldn't remove all the infections.  This morning I ran the minimum scan and it didn't find any problems.  I'll try later to do the full scan and see what comes up.


----------



## jirodriguez (Aug 7, 2009)

What works best is to run the program or programs you use. Fix and/or quarantine what they can. Shut down the computer, restart, run programs again.

Repeat this process till all the programs you use give you a clean bill of health. Sometimes it takes 2 or 3 complete scans to get it all 
	

	
	
		
		



		
			






.


----------



## bassman (Aug 7, 2009)

Thanks, I'll give that a try.


----------



## billbo (Aug 8, 2009)

Hey guys & gals! I'm back on at home. Not done with the whole deal yet but getting there!


----------



## helljack6 (Aug 8, 2009)

I have to disagree with this statement because that's what the kids at Geek Squad or another entry level computer repair store are taught. That's what you're paying them for, the learning experience.

Outside the military, I specialize specifically in home user virus and spyware remediation. What DOES work the best, is booting the computer into safe mode with networking by pressing F8 on your keyboard during the boot sequence, and logging into your account via safe mode THEN running all your installed programs, updating as needed or necessary. The primary reason for this is because most features or functions or services that virus and/or spyware attach themselves to are rendered inert during safe mode (because safe mode ONLY loads essential functions to be able to produce the operating system interface and nothing else) thus they are never able to lock a specific part of the system memory which normally requires a reboot to remove. Repeat the scan and removal process for each user account on the machine as infections can and will cross infect other user accounts.

Take heed when accessing your computer in safe mode as the built in Administrator account is also available from the log in screen. This is the utmost powerful profile that basically can and will access every part of the system without restrictions whatsoever.

Finally, if you're tired of doing it over the phone, you can always use the already built in software for remote assistance and ask a buddy for help. However, it should be noted that if you have home networking (modem, router, computers hooked up wireless) the built in software can't pass through a router. So MS took it one step further and made connection through a router possible by using the remote assistance request that's built in to Windows Live Messenger.

I worked on Irishteabear's computer tonight doing just that via remote, it wasn't bad but we still made it better using steps from my website, tried and true practices. If you have further questions, don't hesitate to ask.

FWIW, i've been a part of all the major ISPs and their tier two and three tech supports as well as the black tie guys for a very long time. I know the major software companies and deal directly with them on a regular basis because of what I do now. Most of the infections that come out are being picked up by a combination of Malwarebytes and Spybot S&D and a heavy hitting stand alone antivirus software. If they aren't the major A/V companies like Symantec (Norton for home users) and McAfee are releasing infection specific removal tools (such as McAfee's Stinger).


----------

