Ave.exe is the main component of each program from fake antispyware group, which includes the following programs: Total Vista Security, Vista Security Tool 2010, XP Security Tool 2010, XP Antimalware 2010, XP Defender Pro , Total XP Security, Vista Smart Security 2010, Vista Defender Pro, Vista Antimalware 2010, XP Smart Security 2010. Ave.exe infiltrate computers through the use of trojans. Once the trojan is installed and started, it will download ave.exe and save it to %AppData% folder (%AppData% is the C:\Document and Settings\[your username]\Application Data). After that, the same trojan will configure ave.exe to run automatically when you start any program by changing the file associations with “.exe” extension.
When ave.exe is started, it will imitate a system scan. Once finished, the malware will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.
While ave.exe is running, it can block execution of other programs as an attempt to scare you into thinking that your computer in danger. The program will also flood your computer with nag screens, fake security alerts and notifications from your Windows taskbar. A few examples:
Virus intrusion!
Your computer security is risk. Spyware, worm and trojans
were detected in the background. Prevent data corruption and
credit card information theft. Safeguard your system and
perform a free security scan now.
Threat detected!
Security alert! Your computer was found to be infected with
privacy-threatening software. Private data may get stolen
and system damage may be severe. Recover your PC from
the infection right now, perform a security scan.
However, all of these alerts, warnings and notifications are fake and like false scan results supposed to scare you into purchasing so-called “full” version of the malicious program. You should ignore all of them!
As you can see ave.exe is very dangerous and can lead to a complete paralysis of your computer, as well as leakage of your personal data in the hands of the authors of the malicious program. Need as quickly as possible to check your computer and remove all found components of this malware. Use the removal guide below to remove ave.exe and any associated malware from your computer for free.
Use the following instructions to remove ave.exe
Step 1. Fix “.exe” file associations.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove ave.exe associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for ave.exe infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove ave.exe. MalwareBytes Anti-malware will now remove all of associated ave.exe files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Ave.exe malware creates the following files and folders
%AppData%\ave.exe
Ave.exe malware creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Brilliant, most useful post I ave ever found. Thanks very much
Now I have used fix #2 and still have to find and delete ave.exe daily….and add the new : del {location of ave.exe} to my batch file. I’m not saying that your fix doesn’t work …I just want to get rid of this for good .Do I have to manually delete all the registry entries? Where does this file really hide? and how is it created over and over ? Does it actually execute from the prefetch folder ? Thank you in advance for any suggestions. Scott
Scott, probably your computer is infected with a trojan that reinstall this malware. Open a new topic in our Spyware removal forum, I will check your PC.
Thanks Patrik.. I’ll do that later today after work.
awesome work ! thought it was curtains for the computer but it is now working perfectly. used method 1.
again thanks !
I though I had removed this virus in safe mode, deleted the registry keys and terminated it with 3 seperate virus scanners, I went to thepiratebay the other night, and it popped back up on my computer, somehow avg put AVE.exe on the ALLOWED list and it ran rampant, it disabled my stuff like everyone else, however I was able to avoid my programs being disabled, all I had to do was right click the program I wanted to use and click start or run as administrator and it started right up with no problems, so if anyones unlucky enough to be able to do anything on their comp you can try that to at least download and run virus scans, hope that helps. (got rid of it a 2nd time for good I Hope this time.
Thank you! Thank you! Thank you!!! Thought I was done for, but used method one and Knock on wood, it looks good! Saved my life!!!!
Quick scan found nothing for me. I’m trying a full scan now.
I \Think\ you helped me fix this. i have been hacking away at my computer since 3-30-10 with this.
I followed your steps and it seems as though the virus is removed. I then created a new user on my computer and made it admin. First thing I tried was turning on I.E. to update windows. It then wanted to install WindowsXPpro suite. And it is telling me that I am missing the SKU111.cab file. (My cd-rom doesn’t work(hasn’t worked for years.)
I ran Norton utilities without an update because it says I can’t update without the SKU111.cab file. It found 159 registry errors! Should I run tdsskiller in safe mode w/ admin abilities? Hoping these are cpu problems that can be fixed and not some other virus.
Thank you in advance! sry for being a noob 🙂
Thanks Patrik. Your method worked well and looked the easiest and most thorough of all fixes on the google search.
THANK YOU!!!!!!!
you are the man!!! worked like a charm!!!!
Thank you sooooo Much. This whole day I ran everything and at one point I thought I got rid of it but it came back. Then I used Method 1 and as of right now, using malwarebytes to scan my pc. Thanks again.
Thanks man,
Awesome fix. had the same thing as Droknam where i could still open programs if i ran as aministrator (right click the choose run as admin, for anyone that doesnt know how to do that) so you might be able to give that a try to download the stuff you need
Nolwe, why you want run TDSSKiller ? You have any troubles except registry errors ?
Patrik,
We have tried Method 1, 2, but cannot run anything. fix.inf; fix.reg or any of the files with .exe estension would not open. What should we do?
Thank you very much! those pop up warning give me the chill up my spin O.O; first time i ever get those kind of stuffs and i thought i need to reinstall window but thanks to you Patrik!
We all should purchase Patrik app for his wonderful support.
ps. When i done scanning with your mawarebytes, my firewall asked me to send the info to you. Are those info safe?
and finally when our PC got intruded, will our personal info be safe Mr. Patrik? should we change our password etc on important stuffs?
thanks again for your wonderful works Patrik.
/kiss
Lyuda, probably you have made a mistake. What shows computer when you trying twice click to fix.reg ? right click to fix.inf and select Install ?
Condor, Malwarebytes only sends statistics (whats found, how many…). You can disable it, Run Malwarebytes, Open Settings tab, uncheck “Anonymously report statistics to Malwarebytes` threat center”.
Thank you! Option #1 worked great for me.
Ok downloaded malwarebytes and its picked up about 7 threats/infections but when i delete them i cant use any programs it just brings up a box saying opn with…
can anyone help
I seem to be having the same problem as Scott, i remove the malware but it continues to reinstall it self a couple days afterward, please help.
Pablo, repeat first step.
Joel, open a new topic in our Spyware removal forum. I will check your PC.
i was infected with the antivirus xp spyware.
i have cured it by downloading and running superantispyware from superantispyware.com/superantispywarefreevspro.html
after this my .exe files would not work but i followed the instructions on adamsdvds.co.uk/tutorials/windowsxp/file_extensions/exe_not_working.php
and now everything is back to normal with no infection!
success!!!!!!!!!!!!!!!
i hope this helps.
that was a mother of a virus. had to delete the file ave.exe manually from c:\Documents and Settings\[username]\Local Settings\Application Data\
in the following way:
DIR/AH/OD
del/AH ave.exe
and also delete the dll file which has a number in its name ( should have the same timestamp as the ave.exe)
then i fixed the registry and ran Malwarebytes Anti Malware program
now i can go back to watching porn again without the annoying popups
I also tried method one and it seemed to successfully stop ave from hijacking everything, but I can’t for the life of me get malwarebytes or any other anti-virus or anti-spyware to pick up anything. Everything seems to be working fine since yesterday, but I’m not convinced it’s actually gone. I keep updating Malaware and avg and reruning them in the hope they’ll pick it up… but nothing. I’ve also tried method 1 agian with no difference and tried method 2 as well but when I clicked installed it just said “installation failed”. What should I do? Cheers for all the fantastic help!
Hey patrick tried to do that with no success.
just to mention i am stil in safe mode with networking if that makes a difference. when i do the first step and reboot it just brings up the open with box everytime i try and open up a program.
i can still access the internet programs and the internet when i am in safe mode though…
So far so good! Method 1 did the trick, it seems. And …….. yes! I just rebooted the infected PC and that damn ave.exe is gone! Thanks a lot!