Comodo and the malware known as 'personal antivirus'

[Guest]

[GiGaBaNE]

Hi guys, i did a search but couldnt find a topic.

I am a big fan of Comodo and have used it for a long time, i persuade all of my friends to install it and one such friend is a bit of a muppet when it comes to safe surfing.

his previous set up was avg and comodo firewall. at some point during this time he has been infected by the 'personal antivirus'. i have updated him to the latest all in one comodo, but have as yet failed to remove this app.

had anyone else caught this malware and successfully removed it only using products supplied by Comodo?
both my own and comodo's rep are on the line with my friends at the moment.

to be fair i did say ' comodo is the only security you will ever need' so im feeling a little silly atm.

[Matty_R]

This is one of things that is going to happen as AV software can only detect so much, these things change and evolve quite quickly so keeping up is not easy.

Anyway there is a good removal page here http://www.bleepingcomputer.com/virus-removal/remove-personal-antivirus which asks you to use Malwarebytes-AntiMalware, i suggest you forward the link to your friend.
Any software has limitations and used incorrectly infections can and will allways occur.

[GiGaBaNE]

Many thanks. ill use that to fix the problem.
Hopefully comodo will have a blacklist of these things in the future.
Even just a text pop up telling the user that 'the currently installing application is reported to be malware'

we love you comodo, but please just remember no matter how idiot proof you make your software, someone will always make a better idiot

[tomr7]

I agree with the previous post, with a one step more: that this "malware" should be stopped by any product that claims to provide "Internet Security".  I really appreciate Comodo, and have recommended to many (I use the CIS), including a few small businesses, but lately I am biting my tongue on this one.  It is amazing to see that one's browser (IE or FF) can be aggressively hi-jacked by such a malware intruder (it tried to invade onto my PC through an infected site, to which I denied the installed, shutdown the browser via Task Manager, deleted all private browser files, and put its URL in the blocked list),

but today I helped a Senior Citizen (not a relative), who has the same one yr old PC model/ops that I have, get hit through an infected email from a friend (and he is running CIS).  In his case, the solution to his infected PC was to install MalwareBytes product, which indeed worked.  It just seems kind of pathetic to me, that we have to install yet another program to stop such malware.

For any infectious program to throw your current application basically off the screen (browser or email program) to the upper left corner and to substitute its own fake window pane up front and center, stating that AV-doctor, Personal AV (or whatever name it uses) has detected a virus on your system and you need to send them money, I would say that primary Internet Security software should stop this one dead in its tracks, not to mention the FCC should get authors behind bars.

Can't imagine the number of senior citizens getting takened in on this scheme in past few months.  Please get a prevent in the CIS package for them.  Thank you.

[hailong.wang]

Hi,

If you can find the samples,you can submit through this link:http://internetsecurity.comodo.com/submit.php.Then we can go to have a look at it.And blacklist is not exist for now.Thanks for ur suggestion.

Thanks and Regards,
hailong.wang

[SinchuHaneefa]

Hi,
    Personal Antivirus is a rogue anti-spyware created by company named Innovagest 2000 and is a clone of General Antivirus and Internet Antivirus Pro. This program is advertised through the use of Trojans that display fake security alerts on your computer.I have trouble shooted many computers infected with PAV, which also contained ( installed) with latest Symantec's Norton AV,NIS and N360 editions, as well as Mcafee , Trendmicro etc..avast, kaspersky etc..None of it has detected or able to quarantine it.

You guys will download and install Malware- Anti malware and it removes the some of the following entries , PAV had created. But it cannot remove those hidden malware setup files, that will executed later..

So a manual fix is needed some times..

Once get installed it creates the following entries..

c:\Documents and Settings\All Users\Desktop\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Personal Antivirus.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Personal Antivirus\Purchase License.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus
%UserProfile%\Application Data\Personal Antivirus\settings.ini
%UserProfile%\Application Data\Personal Antivirus\uill.ini
%UserProfile%\Application Data\Personal Antivirus\unins000.exe
%UserProfile%\Application Data\Personal Antivirus\Uninstall Personal Antivirus.lnk
%UserProfile%\Application Data\Personal Antivirus\db
%UserProfile%\Application Data\Personal Antivirus\db\config.cfg
%UserProfile%\Application Data\Personal Antivirus\db\Timeout.inf
%UserProfile%\Application Data\Personal Antivirus\db\Urls.inf
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe
c:\Program Files\Personal Antivirus
c:\Program Files\Personal Antivirus\activate.ico
c:\Program Files\Personal Antivirus\Explorer.ico
c:\Program Files\Personal Antivirus\PerAvir.exe
c:\Program Files\Personal Antivirus\unins000.dat
c:\Program Files\Personal Antivirus\uninstall.ico
c:\Program Files\Personal Antivirus\working.log
c:\Program Files\Personal Antivirus\db
c:\Program Files\Personal Antivirus\db\DBInfo.ver
c:\Program Files\Personal Antivirus\db\ia080614.db
c:\Program Files\Personal Antivirus\db\ia080618x.db
c:\Program Files\Personal Antivirus\Languages
c:\Program Files\Personal Antivirus\Languages\IAEs.lng
c:\Program Files\Personal Antivirus\Languages\IAFr.lng
c:\Program Files\Personal Antivirus\Languages\IAGer.lng
c:\Program Files\Personal Antivirus\Languages\IAIt.lng
c:\WINDOWS\system32\log.txt
%UserProfile%\Application Data\Microsoft\Windows\winlogon.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\log.txt
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe

Associated Personal Antivirus Windows Registry Information:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Antivirus_is1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ITGRDENGINE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PrS"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Antivirus"

These are files related to it, many variations are available.. most of them are hidden and can remain inactive for long time..

AntiVirus_Pro.exe
Uninstall Internet Antivirus Pro.lnk
Internet Antivirus Pro Home Page.lnk
Internet Antivirus Pro.lnk
InternetAntivirusPro.exe
ska.exe
ska.dll
IAPro.exe
Internet Antivirus Pro
%PROGRAMFILES%\Internet Antivirus Pro\IAPro.exe

CIS pro package has Live PC Support service available...this service includes manual removal of Virus or malwares by expert comodo techs. It helps not only senior citizens but people of any age in computer trouble shooting..Comodo is always one step ahead in providing security!

[Tags:]