Ave.exe is the main component of each program from fake antispyware group, which includes the following programs: Total Vista Security, Vista Security Tool 2010, XP Security Tool 2010, XP Antimalware 2010, XP Defender Pro , Total XP Security, Vista Smart Security 2010, Vista Defender Pro, Vista Antimalware 2010, XP Smart Security 2010. Ave.exe infiltrate computers through the use of trojans. Once the trojan is installed and started, it will download ave.exe and save it to %AppData% folder (%AppData% is the C:\Document and Settings\[your username]\Application Data). After that, the same trojan will configure ave.exe to run automatically when you start any program by changing the file associations with “.exe” extension.
When ave.exe is started, it will imitate a system scan. Once finished, the malware will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.
While ave.exe is running, it can block execution of other programs as an attempt to scare you into thinking that your computer in danger. The program will also flood your computer with nag screens, fake security alerts and notifications from your Windows taskbar. A few examples:
Virus intrusion!
Your computer security is risk. Spyware, worm and trojans
were detected in the background. Prevent data corruption and
credit card information theft. Safeguard your system and
perform a free security scan now.
Threat detected!
Security alert! Your computer was found to be infected with
privacy-threatening software. Private data may get stolen
and system damage may be severe. Recover your PC from
the infection right now, perform a security scan.
However, all of these alerts, warnings and notifications are fake and like false scan results supposed to scare you into purchasing so-called “full” version of the malicious program. You should ignore all of them!
As you can see ave.exe is very dangerous and can lead to a complete paralysis of your computer, as well as leakage of your personal data in the hands of the authors of the malicious program. Need as quickly as possible to check your computer and remove all found components of this malware. Use the removal guide below to remove ave.exe and any associated malware from your computer for free.
Use the following instructions to remove ave.exe
Step 1. Fix “.exe” file associations.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove ave.exe associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for ave.exe infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove ave.exe. MalwareBytes Anti-malware will now remove all of associated ave.exe files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Ave.exe malware creates the following files and folders
%AppData%\ave.exe
Ave.exe malware creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Jaqs, scan your computer with SuperAntispyware, or open a new topic in our Spyware removal forum. I will check your PC.
Pablo, try repeat first step. If it does not help, than ask for help in our Spyware removal forum.
the question remains how does this infect when a system and it’s software are all patched up to date, including third party apps like acrobat, flash, … which the hackers have been using lately. what is the open window that this virus is coming from, that’s the frustrating part, sometimes you are helpless when they are using an exploit to infect and there’s no patch for that exploit. you will get infected no matter what protection you have.
Thanks, Cain
Well, I’ve been hacking at this virus all night, and while I seem to have gotten rid of the ave.exe instances, my regedit is still locked. I looked in task manager and ave.exe is not running, but I still can’t get regedit going for the life of me. To answer your question in advance as to how I was able to initially clear the registry stuff up, I used a boot CD with regedit- I still can’t seem to get it unlocked on the system normally however! Help!
Shawn, you have tried run Malwarebytes ? It should fix your trouble.
Hey Patrik,
Thanks so much!! The two easy steps worked and everything looks to be normal again. However I don’t want to be lulled into thinking everything is fine when its not…
When I ran the Anti-malware, it only brought up 1 infected file: the original ave.exe file. Should I be concerned that it didn’t bring up any (possibly) corrupted registry files?
Just a concern!
Thanks,
Aneeth
Aneeth, its ok.
Thanks! When all I had was my iPhone to search the web, you got me going again.
It didn’t completely remove everything, but it was a big help. VMA came back after a day or two…
First it installed VMA.EXE in a documents directory, then changed the iexplore registry entry to point to that. At some point it also changed the .EXE registry entry and pointed it to VMA.EXE. When I deleted VMA.EXE, no more programs worked – I was sweating bullets until I got the .EXE file association fixed, which isn’t that difficult, but I was just guessing at it.
Once I got the .EXE association working again(open My Computer, then Tools | Folder Options | File Association | File Types | New, enter EXE and set to “application”), I went through the registry (twice!) to make sure it wasn’t still there.
What pisses me off is that Norton 360 fails to catch this, and then they want to charge $150 to clean the virus from your computer (and break things along the way, like the hibernate function). They charge you $20-30 for the virus protection, and use it to market their virus removal service (which they charge a lot more for). I think Symantec has a “new virus team” secretly hidden in Bulgaria that releases new viruses every few months…
Fantastic instructions. followed it and got rid of XP defender pro 🙂
Thank you so much. you made my day. I cannot express the utter extacy I am experiencing at the liberation of my soul from the foul clutches of the beasts called hackers.ymmd
Work like a charm!
I have Vista Home Premium SP2
Thanks a ton! I used method 1 and it works fine as a quick solution. I hope nothing comes back. Either way, we need more people out there like yourself. Thank you
I used method 2 to remove get rid of ave.exe…I then installed the malwarebytes…and though it shows it has installed on my computer…it won’t open to do a scan…I’ve tried renaming the file…I’ve even tried redownloading it…what am I doing wrong…can someone please help me!!
Thanks!
hi patrick,
as for method #1, I get an error stating the file is not a registry script, “you can only import binary files from within the registry editor.” suggestions?
thanks
Thanks for your instructions, it has very useful !!!
Greetings from Italy.
Bye.
Thank you for saving my laptop from certain death! Method one worked perfect and the malwarebytes removed 8 infected files associated with ave.exe. its nice to know there’s good genuine advice still out there. Thanks again!
Thanks babe! It really cleaned up my machine so that it is up and running. Back to the porn sites.
Angela, boot your computer in Safe mode, after that try perform a scan once again. If it does not help, then open a new topic in our Spyware removal forum. I will help you.
Christian, try method 2.
I fixed internet explorer by my self but fire fox was stubborn as all hell lol. That fixed firefox, thanks. Having damnest time trying to figure out where else i missed removing =\ Thanks again
Thanks so much. I’m a pretty advanced user and luckily I’m on XP so this was not as bad for me as some others. The second I saw the scan starting I knew it was a fake and end-tasked it, and went and deleted the culpret.
The .exe extension redefinition was a 1st for me. But my pc seemed to find a way around it somehow. When I got the message \cannot open firefox no program is associated with the extension .exe\, I used firefox to \open\ firefox. and then after a couple of error messages it opened about 3 firefox windows. The same worked for me with notepad (open notepad with notepad).
After that I just followed the steps above with the .reg file.
Thanks again!
Christian, I got that message too (using fix 1). But I forgot to include this “Windows Registry Editor Version 5.00” at the top of the text file. Try it again, with that at the top of your code. If you’re on XP I bet that’s the problem.
Thank you so much man! This helped!
I want to say thanks!!! Method 2 works!!! Before I wasn’t able to install run ANYTHING and could only copy/paste links in to a messed up Firefox, but now I can run all my diagnostic programs. Again i give my thanks!!!!
THIS IS AMAZING. Thank you soo much I don’t think you understand how much of a GENIUS you are! x
Thanks mate. Tried Method 1 after many previous attempts to clear and it work first time.
Pox on the author of this Trojan.
Thanks for the valuable info. on system recovery after vma.exe infection. Worked a treat. Thanks again.
I had run into this little nasty before, and it was a royal pain. Ended up doing a system restore from my Toshiba CD. This time around, I thought “Oh no, not again!” But your clear, step-by-step directions fixed things up in short order. No restore needed. Worked like a charm! A LOT less grief for me. You have my sincere, heartfelt thanks.
I DON’T KNOW WHO YOU ARE THAT PUT THIS FIX ON HERE BUT…YOU ARE THE MAN (OR WOMAN) THANKS ALOT!!
Incidentally, here’s a recent Reuters article, “Inside A Global Cybercrime Ring”, that tells the story behind the folks who put this little bugger together:
http://www.reuters.com/article/idUSTRE62N29T20100324?type=technologyNews