Ave.exe is the main component of each program from fake antispyware group, which includes the following programs: Total Vista Security, Vista Security Tool 2010, XP Security Tool 2010, XP Antimalware 2010, XP Defender Pro , Total XP Security, Vista Smart Security 2010, Vista Defender Pro, Vista Antimalware 2010, XP Smart Security 2010. Ave.exe infiltrate computers through the use of trojans. Once the trojan is installed and started, it will download ave.exe and save it to %AppData% folder (%AppData% is the C:\Document and Settings\[your username]\Application Data). After that, the same trojan will configure ave.exe to run automatically when you start any program by changing the file associations with “.exe” extension.
When ave.exe is started, it will imitate a system scan. Once finished, the malware will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.
While ave.exe is running, it can block execution of other programs as an attempt to scare you into thinking that your computer in danger. The program will also flood your computer with nag screens, fake security alerts and notifications from your Windows taskbar. A few examples:
Virus intrusion!
Your computer security is risk. Spyware, worm and trojans
were detected in the background. Prevent data corruption and
credit card information theft. Safeguard your system and
perform a free security scan now.
Threat detected!
Security alert! Your computer was found to be infected with
privacy-threatening software. Private data may get stolen
and system damage may be severe. Recover your PC from
the infection right now, perform a security scan.
However, all of these alerts, warnings and notifications are fake and like false scan results supposed to scare you into purchasing so-called “full” version of the malicious program. You should ignore all of them!
As you can see ave.exe is very dangerous and can lead to a complete paralysis of your computer, as well as leakage of your personal data in the hands of the authors of the malicious program. Need as quickly as possible to check your computer and remove all found components of this malware. Use the removal guide below to remove ave.exe and any associated malware from your computer for free.
Use the following instructions to remove ave.exe
Step 1. Fix “.exe” file associations.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove ave.exe associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for ave.exe infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove ave.exe. MalwareBytes Anti-malware will now remove all of associated ave.exe files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Ave.exe malware creates the following files and folders
%AppData%\ave.exe
Ave.exe malware creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Thank you A MILLION!!!!!!!!!!
Would love to pay you back somehow.
Thank you again.
JD
Man, you’re a genius. Last time I got a virus, it took me 2 weeks to get rid of it. Amazingly enough, I was just about to help other Firefox users by sharing a workaround for FF 3.6 slow loading when I got infected. I’m like “Oh man!”.
It took me about 10 mins with your fix because AVE was blocking both IE and Firefox.
Thanks a million.
Richie
I am not too sure if I am out of the woods just yet, but so far it appears that this fix has worked! ::knocks on wood:: I had to use my sister’s computer to look up all this information and I used Method 1 (writing everything down very carefully by hand) and then was able to type it out in Notepad and reboot my system. After that I updated and ran Malwarebytes and it found three things that were infected, so I removed all three items. I believe I picked mine up through one of those free makepbb forums (I think that’s what they are called?). At any rate, this morning my Avast identified that there was a trojan on my computer and that it was blocked. I then ran a scan and it says it found something called JS:Prontexi-AB (WHO[1].htm). I sent that to the virus chest and after that I went to start up Internet Explorer and thats when the XP Defender Pro pop-ups started. I was able to use Task Manager to keep killing the ave.exe process but I couldn’t get online or open anything else except Avast (which didn’t find anything else). I’m not sure if I should keep the fix.reg file on my desktop or if it can be used with a possible future infection by this same bug or not? I am remaining cautiously optimistic because I’ve never encountered anything like this before and am not sure if it’s truly gone. But for right now at least, it appears your fix did indeed work and I sincerely thank you for sharing your tech knowledge skills that I (unfortunately) just was not blessed with.
aww man didn’t work for me. Does anyone else know of any antispyware programs that can help?
Jack, you can remove fix.reg.
Ureter, open a new topic in our Spyware removal forum.
Big thanks! Used my laptop to make the fix.inf file and download Malwarebytes. ave had locked all my programs and IE. I was just in the process of moving files around to reinstall windows when I came across your site. Saved me tons of time, thanks so much!!
No matter what I try with the fix.reg and fix.inf items it just won’t work. All it does is open up a text file under notepad. Yes I’ve saved it with .reg or .inf, yes I’ve saved it under all files. It still doesn’t work. I’m going insane with all of this it’s so annoying.
Thanks so much for the help, I’m all fixed now it seems! One of the easiest ones i’ve actually removed thanks to your help.
Please download HostsXpert from here.
Unzip HostsXpert.zip to your desktop.
Double-click HostsXpert.exe to run the program.
Click “Restore MS Hosts File”. Note: if you get an error message, click first “Make Writeable”.
Click OK at the confirmation box. Click the X to exit the program.
I actually had to take my hard drive out of my computer and put it into another computer. Then I have scanned it with Malwarebytes. Now everithing seems o.k. Thank You Patrik!
You are the Man!!!!!!
Unfortunately I spoke too soon. I’ve installed Norton 360 and I keep getting messages saying it’s blocked a HTTPS TidServ Request and keeps on referring to a SVCHost.exe (in Task Manager there is one that uses up a lot of CPU usage it seems when ever I get these alerts…in fact right now as I type there is one starting to soak up my CPU Usage and I can hear my harddrive running). When I go on Internet Explorer and go to websites (even through Norton’s safe search toolbar) I’ll sometimes get another window popping up that tries to take me to some crazy site completely unrelated to what I was trying to go to. Then either Norton or Avast tells me an intrusion has been blocked. Yet when I run scans (fully updated no less) on Norton, Avast or Malwarebytes, they never find anything. This is so frustrating. I am thinking it’s related to that XP Defender Pro thing because that’s when all this misery started. I really had hoped I was rid of everything for good. On the positive side, I’ve never seen anything else with ave.exe running in Task Manager. I am guessing I have some kind of a “browser hijacker”.
Thanks heaps. It worked a treat. The only thing I noticed is when I clicked install on the fix.inf file there was no indication that anything had happened. It did work, though, and on restarting my computer I had no more fake virus scans
Jack, try these steps to remove TDSS (TidServ) trojan.
tried both steps and it still pops up with xp antispyware hijacking my browser, causing havoc with my .exe files and slowing my puter. I’m writing this on my non-infect laptop. I went to the registry and deleted ave.exe, av.exe, vma.exe and file searched(hidden files too) and deleted thirteen ave.exe 199kb files with no results. I also (taskmanager) stopped any processes with ave,vma,or av. still no success. This virus is like herpes that don’t go away. I’d like to take a bat to the persons who make viruses/ hijackers/ trojans etc.
Thank you so much! you saved my life! And computer!
🙂 It took me two days to remove ave.exe!!! .May you stay safe and please keep up the good work! Contact me anytime! 🙂
thank you so very much i was going to freak out if i couldn’t delet this virus……i would kiss you but i cant 😉 thank you thank you thank you thank you…. guys this really works
I tried this, it worked straight away after picking up the infection on a file-sharing site (should have known better) I was lucky as I had already downlkoaded and installed Malwarebytes Anti Malware, but found I couldn’t run it after the infection, and also many other programs.
ctrl-alt-del
Start task manager
right click ‘ave’ and select open file location
rename ave to something like ‘avent’
stop ‘ave’ in task manager
close task manager
run malwarebytes anti malware and update it online
run scan and after a few minutes it will fid the culprits
Follow instructions and reboot
Computer should now be OK
method 1 worked for me; had to access this website via blackberry using google search for “remove ave.exe”. then copy/paste to email steps to myself (the malware wouldn’t allow my browser to go anywhere other than their ‘purchase’ screen); ran fix.reg and rebooted – all good. funny thing: my expensive, well-known commercial AV from one of the top AV companies in the world didn’t prevent nor could it clean the infection. hmmmm, maybe not so good after all
Just wanted to give my thanks to you. Kudos for the registry commands~ it worked like a charm! Thanks for everything~
Patrik, how might my computer have gotten infected with this “ave.exe”?
(It popped out of nowhere today – and I hadn’t done any downloading/installing/etc.)
Is there a chance that exploring/opening a data DVD’s contents could have caused the infection?
I carefully followed all the steps, ran the scan, and when I tried to remove the infected files, it said I had to BUY a registered version 🙁 Why not tell people this upfront so they don’t waste an hour+?
This has helped me HUGELY!!! – well done!!!… and thanks…
It is all well and good finding a fix, but how did it get there in the first place? – can you please advise how it might have got on the PC?
And also the best applications to not get them again..
I finished quick scan and no ave.exe virus was found. I followed all the steps correctly.
the reason i know i have this virus is because of other anti-virus programs have told me so. should i trust malware anti-malware and pertend i dont have this virus??
Let me know,
Thanks
Thanks much … ave.exe has been kicking my butt. This seems to have killed it.
Hello, and thank you to the author for this guide. This virus took away my registry editing permissions, so the .inf solution was great. I still have a problem though: when scanning with Malwarebytes’ Anti-Malware, it freezes after finding 2 infected objects. Any additional help would be appreciated. Thanks.
Thank you very much! Method 1 didn’t work for me (is it because I’m using Vista?) but Method 2 worked (so far), so I’m really grateful for your information!
Will this work if we have already run the malwarebytes and removed the virus? We cannot do anything on the computer in question since removing the ave.exe file with the malwarebytes. It will not run any executables. HELP!
Also, please answer on the forum comments as I cannot get into my email for same reason.
Ace!!
worked a treat…*knocks on wood too*
this thing annoyed the **** out of me and was killing me that I couldnt figure it out…
thanks a million!!
Thank you very much. I used step 1 method 2, then malwarebytes, and the issue was resolved. Other than the scan which can take a while, the process took ten minutes. Fortunately I had a another PC and a usb flash drive to transfer the malwarebytes program and the notepad file to the infected PC since it was un-usable. My variant was the axe.exe process running which was creating the bogus \Antivirus XP\