Ave.exe is the main component of each program from fake antispyware group, which includes the following programs: Total Vista Security, Vista Security Tool 2010, XP Security Tool 2010, XP Antimalware 2010, XP Defender Pro , Total XP Security, Vista Smart Security 2010, Vista Defender Pro, Vista Antimalware 2010, XP Smart Security 2010. Ave.exe infiltrate computers through the use of trojans. Once the trojan is installed and started, it will download ave.exe and save it to %AppData% folder (%AppData% is the C:\Document and Settings\[your username]\Application Data). After that, the same trojan will configure ave.exe to run automatically when you start any program by changing the file associations with “.exe” extension.
When ave.exe is started, it will imitate a system scan. Once finished, the malware will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.
While ave.exe is running, it can block execution of other programs as an attempt to scare you into thinking that your computer in danger. The program will also flood your computer with nag screens, fake security alerts and notifications from your Windows taskbar. A few examples:
Virus intrusion!
Your computer security is risk. Spyware, worm and trojans
were detected in the background. Prevent data corruption and
credit card information theft. Safeguard your system and
perform a free security scan now.
Threat detected!
Security alert! Your computer was found to be infected with
privacy-threatening software. Private data may get stolen
and system damage may be severe. Recover your PC from
the infection right now, perform a security scan.
However, all of these alerts, warnings and notifications are fake and like false scan results supposed to scare you into purchasing so-called “full” version of the malicious program. You should ignore all of them!
As you can see ave.exe is very dangerous and can lead to a complete paralysis of your computer, as well as leakage of your personal data in the hands of the authors of the malicious program. Need as quickly as possible to check your computer and remove all found components of this malware. Use the removal guide below to remove ave.exe and any associated malware from your computer for free.
Use the following instructions to remove ave.exe
Step 1. Fix “.exe” file associations.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove ave.exe associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for ave.exe infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove ave.exe. MalwareBytes Anti-malware will now remove all of associated ave.exe files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Ave.exe malware creates the following files and folders
%AppData%\ave.exe
Ave.exe malware creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Jesse, most likely your computer is infected through an exploit in Internet Explorer. Visit Microsoft Updates site to update your system to current date.
DMD, looks like you have downloaded PCTools from a Google ad. Open the page, scroll down and download Malwarebytes Anti-spyware.
Julian, please open a new topic in our Spyware removal forum. I will check your PC.
Brenda, follow the first step above.
Thank you for making it as easy as copying the files and saving them. I was setting aside hours to work on my dad’s laptop, hehehe, five minutes tops. THANK YOU, THANK YOU, THANK YOU (bowing to the master)
Brilliant. Thank you!
Thank u for the solution for getting rid of the menace ave.exe.
I followed the method 1 and it worked like magic.
Dear Admin
Method 1 worked beautifully for me.
It is my experience that these things can always be solved without the need for software downloads and intricate analysis to fix the infection. (It only took me about 4 Google pages to find your site, which is quite speedy given past searches undertaken).
The only thing that I can add to your advice/Method 1 is: I used Restart and the computer wouldn’t reactivate, so I depressed the Off/On button for 5 seconds, and rebooted from there–worked like a charm!
Cheers
Pete
It worked – “ave” is gone. Thank you!
OMG!!! I think I owe you my first born!!! I am an older adult and only barely computer literate. I’ve had this horrid problem in the past and was unable to fix it. I ended up having to reformat the entire hard drive. TY, TY, TY, TY!!!!!!
Excellent!!! thanks.. it finally worked. After googling I tried to remove it using malwarebytes, After running a complete scan (which took more than a hour) 8 infections were detected. The tool deleted all 8 but the annoying pop ups kept comming.
Finally the registry cleaner given avove has worked. I have since run another scan using malwarebytes and all seems ok.
Excellent. Got this annoying virus a few days ago, been searching for a fix which nothing worked, found this website 10mins later shes fixed! Thanks a million
Thank you!!! I think I got rid of the ave.exe file.
Used method 1 and it helped with getting my programs running again. Downloaded and ran MalwareBytes Anti-malware. I hit the removed selected button and re-booted.
So far so good!! Thanks a bunch!!
Mate, you’re a fucking genius!
OMFG I THINK IT WORKED!!!!!!! So far so good! Hopefully this isnt a dirt trick lol but seriously this was the worst virus Ive even gotten and I used method 2 and it worked so easily.
THANK U SOO MUCH THIS VIRUS WAS DRIVING ME NUTS.
My ave.exe infection was caused by TDSS rootkit in ATAPI.SYS and as the consequence infected again and again. Ran TDSSKILLER and had it replace atapi.sys and so far so good.
Note: Had tdsskiller replace atapi.sys on reboot. Problem was on reboot my computer locked up. Rebooting in Safe Mode also locked up. Luckily there was \The last working…\ option and that rebooted. Searched for \tdss rootkit atapi.sys\ and there are many reports of lockup in replacing atapi.sys.
I just removed ave.exe from a buddy’s computer and noticed that all exe files weren’t working correctly. I used Ccleaner (Crap Cleaner) to remove the bad exe redirects which helped somewhat. Your REG fix is great, thanks, that did the trick.
On another note I can’t even describe the amount of pain I want to inflict on the creators of this crap! Microsoft makes it way too easy for even mediocre buttheads to write this type of software to infect a system. When are we going to stand up as a community and demand payment from Microsoft for this kind of crap?
To Mister_Moose
I understand your frustration – really I do – but blaming Microsoft for you getting infected is lame – I am an IT Manager and see infected computers from time to time – most viruses are installed on accident by users that aren’t computer savvy – this one in particular comes up as a webpage pop-up when you are browsing a hacked website (most websites are UNIX based! and are very easily attacked when not maintained by professionals) The way to avoid this one while browsing the web is to press F4 to kill the webpage – There is nothing Microsoft can do to stop people from clicking a page that installs a virus. I’ve had some employees click the X to close the webpage and BAM it installed the virus anyway. So please before bashing Microsoft I would take a long hard look at how much of this was your own fault – after all – you were duped into believing the webpage message stating your system was infected – Right?. The real blame is the hackers and virus code writers – everyone keeps trying to blame Microsoft which takes the focus of the hackers and VCW’s.
– Frank
Update:
The way to avoid this one while browsing the web is to press ALT F4 to kill the webpage…
I wasted half a day unsuccessfully till I came across your malware removal site. I used method 1. and it helped me resolved the infection. Thanks for the fix.
Excellent help, Patrick!
Jesse and others struggling with this, Patrick’s advice to make sure all your patches are in place is also top notch. Turn on Automatic Updates!
A lot of these types of malware may come from advertisments running in the sidebars of legitimate pages. I’ve used AdBlocker Plus to block those ads, and it has kept me safe on my other systems. I hadn’t put it on my kid’s system, and lo and behold, I got me a case of ave.exe.
Hey im not a pro at this kind of thing just a student trying to save a big bill!
managed to stop the virus from coming up and finally ran the anti-malware program, it said it successfully deleted everything however my standard windows defender (vista) will not turn on. any ideas why??
Thank you SO much!! Seems to have done the trick
Thank you !!! excellent
You are public benefactors of the first rank. Thank you!!!
Omg! YOU ARE THE Best! THANKS SOOO MUCH!
🙂
JP, what you mean “will not turn on” ? It shows an error ?
I was able to get to my friends’ desktop using Teamviewer. Luckily she had firefox on her PC, so she could download Teamviewer and I got in and download Avast, then scan and it was able to remove Ave.exe after a reboot. I could not open notepad nor “cmd.exe”. I could not install Malwaresbyte. Only Avast was able to install. After the removal, now all the executables won’t work. What should I do at this stage? The pop-ups aren’t there anymore after Avast removed ave.exe.
Hien Pham, follow the first step instructions above.
First I went into folder options ,file types and created exe as application. That was ok for running some scan programs… Including Mbam.exe … Still There!!! Used method 1 rebooted and , Ran Malwarebytes again, and again and came up clean! Ran several others AVG 8.0, Iobit 360 , AWC, Spyware Terminator , Adaware, etc. and still came up clean! I open Internet Exploder and there it is again? So I wrote a batch file. I edited Autoexec.bat
del c:\windows\prefetch\ave*.*
del c:\ave*.*
del c:\windows\ave*.*
And this worked for two days, but it is back again, so I looked to see when it was created? and found another file created at the same time just seconds prior. The other file is called ocrx.exe. also in the prefetch folder. What is that ? Nothing on the web about it? Should I del it in autoexec.bat also? Please Help! I am missing something aren’t I?