Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Monday, February 8, 2010

How to remove Paladin Antivirus fake security program? (Uninstall guide)

Tell your friends:
Paladin Antivirus is one of many fake (rogue) anti-virus programs. If you’ve got a computer infected by this virus then you probably know how irritating it can be. There can be a bunch of different ways how Paladin Antivirus gets into a computer. However, most of the time, this virus is promoted through the use of Trojans and other malicious software. Usually, Trojans come from rogue websites and misleading online ads. Fake pop-ups may also come up on well know and trusted websites like Facebook and MySpace. That’s why you should always check twice before accepting, downloading and installing files from the Internet.

Paladin Antivirus video: (thanks to rogueamp)

Once installed, Paladin Antivirus will be configured to scan your computer automatically each time Windows starts. Of course, it only imitates a system scan and then reports predetermined system threats just to scare you into thinking that your computer is infected with Trojans, worms and other viruses. Then it will prompt you to pay for a full version of the program to remove the infections which don’t even exist.

Simply ignore those false reports and remove Paladin Antivirus from your computer as soon as possible. Remember, don’t remove any of the reported threats because they may actually be a legitimate Windows files. Read the Paladin Antivirus removal instructions below.

This fake security program is from the same family as Malware Defense. It’s not an exact copy of Malware Defense, but it uses the same misleading methods to protect itself from being removed. When running, Paladin Antivirus will claim that that you must remove currently installed antivirus software in order to avoid conflicts. The rogue program will attempt to remove the following anti-virus software:
  • Malwarebytes Anti-Malware
  • F-Secure
  • AVG8
  • ESET NOD32
  • Norton Internet Security
  • Avira AntiVir
  • Avast!
Furthermore, it will display numerous fake alerts and pop-ups claiming that your computer is compromised or is being attacked from a remote PC.

"Adware module detected on your PC!
Zlob.Porn.Ad adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now."

Just like the false scan results, these fake warnings were designed to make you think that your computer is infected when in reality it’s not. If you find that your computer is infected with this virus, please don’t delay and get rid of Paladin Antivirus immediately.

Paladin Antivirus removal instructions:

1. Download the file and extract it into a folder
2. Execute the file TDSSKiller.exe (NOTE: you may have to rename TDSSKiller.exe to yourself or download already renamed file in order to run it)
3. Wait for the scan and disinfection process to be over. Close all programs and press “Y” key to restart your computer.
More detail TDSSKiller tutorial:
4. Download one of the following anti-malware software and run a full system scan:

Paladin Antivirus associated files and registry values:

  • %UserProfile%\Start Menu\Programs\Paladin Antivirus
  • C:\Program Files\Paladin Antivirus
  • C:\Program Files\Paladin Antivirus\help.ico
  • C:\Program Files\Paladin Antivirus\pav.db
  • C:\Program Files\Paladin Antivirus\pav.exe
  • C:\Program Files\Paladin Antivirus\pavext.dll
  • C:\Program Files\Paladin Antivirus\phook.dll
  • C:\Program Files\Paladin Antivirus\uninstall.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Paladin Antivirus

Please share this information with other people:


Anonymous said...

Thanks so much I really appreciated your help with this. This must be fairly new as I had a difficult time finding information on how to remove this thing. You were the only person who had easy to read instructions that worked!!! Kudos. I think your the best! ;)

Anonymous said...

Thank you a lot. Paladin was a nasty one. Thanks for people like you. My big headache was now subsiding. :-)

Anonymous said...

Thanks a million for the easy-to-read information. Hope it helps everyone who runs into this Paladin virus. You guys rule.

Admin said...

You are welcome!

Anonymous said...

Can't thank you enough for this solution. Great job :)

Anonymous said...

didn't work for me iv'e still got it

Anonymous said...

Dittos, quick and easy, well put together. Also I would add to run Regedit and run find on Paladin to get rid if all traces.

TheEdster said...

Thanks, worked a treat.
Not impressed that I had McAfee installed and it totally failed to stop Paladin from infecting my PC.

Phil M said...

worked great for me, Thank you so much for this. Bloody thing was smart as i wouldnt let view many sites which informed how to remove it.

I downloaded Malwarebytes run a quick scan. Found teh damn thing. Then did a full scan and fingers crossed it removed for good!


Paul C, Ireland said...

Thanks a lot guys for your help. Paladin was my first experience of malware and it was quite an eye-opener. Very nasty indeed the way it blocked access to many websites that offered advice on how to uninstall it.

I used Malwarebytes successfully. Ran a quick scan to get rid of 185 infected files, then a full scan to find another 35.

The evil geniuses behind this sort of thing make the blood boil, but then faith in human nature is restored when I come across a site like yours.

Thanks again,

iYogi Reviews said...

Such a nice post, what a graphical representation. I appreciate the effort.

Anonymous said...

Terrrible Palddin causes me a lot of inconveniences. Atleast you guy post this makes me feel better.

Wally said...

Thanks for the help. But I keep getting apps in my Application Data folder trying to perform an outbound connection. They're exe type and have odd file names like adfhu475.exe or akjsadf838.exe and the like. Outpost Firewall prevents them from connecting but they keep trying. Unrelated perhaps?

Admin said...

adfhu475.exe or akjsadf838.exe, these are very suspicious. It could be that these files try to download additional malware onto your computer. Remove them.

Wally said...

I'm at a loss. Malwarebytes antimalware says my pc is clean but an app named qvfmw.exe just requested online access. I've prevented this from happening of cause. Any advice would be appreciated and I've deleted those other funny apps but they keep appearing. Thanks.

Admin said...

It could be a rootkit infection. Download Hitman Pro 3 and scan your computer. It sends the suspicious file to its database and uses 5 different antivirus programs to decide weather the file is infected or not.