Ave.exe is the main component of each program from fake antispyware group, which includes the following programs: Total Vista Security, Vista Security Tool 2010, XP Security Tool 2010, XP Antimalware 2010, XP Defender Pro , Total XP Security, Vista Smart Security 2010, Vista Defender Pro, Vista Antimalware 2010, XP Smart Security 2010. Ave.exe infiltrate computers through the use of trojans. Once the trojan is installed and started, it will download ave.exe and save it to %AppData% folder (%AppData% is the C:\Document and Settings\[your username]\Application Data). After that, the same trojan will configure ave.exe to run automatically when you start any program by changing the file associations with “.exe” extension.
When ave.exe is started, it will imitate a system scan. Once finished, the malware will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.
While ave.exe is running, it can block execution of other programs as an attempt to scare you into thinking that your computer in danger. The program will also flood your computer with nag screens, fake security alerts and notifications from your Windows taskbar. A few examples:
Virus intrusion!
Your computer security is risk. Spyware, worm and trojans
were detected in the background. Prevent data corruption and
credit card information theft. Safeguard your system and
perform a free security scan now.
Threat detected!
Security alert! Your computer was found to be infected with
privacy-threatening software. Private data may get stolen
and system damage may be severe. Recover your PC from
the infection right now, perform a security scan.
However, all of these alerts, warnings and notifications are fake and like false scan results supposed to scare you into purchasing so-called “full” version of the malicious program. You should ignore all of them!
As you can see ave.exe is very dangerous and can lead to a complete paralysis of your computer, as well as leakage of your personal data in the hands of the authors of the malicious program. Need as quickly as possible to check your computer and remove all found components of this malware. Use the removal guide below to remove ave.exe and any associated malware from your computer for free.
Use the following instructions to remove ave.exe
Step 1. Fix “.exe” file associations.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove ave.exe associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for ave.exe infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove ave.exe. MalwareBytes Anti-malware will now remove all of associated ave.exe files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Ave.exe malware creates the following files and folders
%AppData%\ave.exe
Ave.exe malware creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Thank you so much for your help! Your awesome!!
Mister_moose It is not because Microsoft makes it too easy it is because end users make it easy. Anyone that has a mac can get viruses just as easy if someone wanted to take the time in infect 10% of the users out there. What is more fun? Hit 10% of the end users or 90% of the end users?
Anyway I had to use the TDSSKiller and then Malwarebytes after that and so far it might be fixed. I will update if I see any more problems.
Thank you, thank you VERY, VERY much! A simple and effective cure for which I am greatly indebted to you!
I had MalwareBytes downloaded onto the infected computer previously before it became infected. It obviously wouldn’t let me open it, so I tried your trick of renaming it (including that randomly generated file name link) and those all didn’t work. I also tried to download that thing that removes TDSSKiller and no avail. Whenever I try and run an installation, it comes up with:
Windows cannot open this file:
File: mbam.exe
to open this file, windows needs to know what program created it. Windows can go online to look it up automatically, or you can manually select from a list of programs on your computer.
What do you want to do?
and then it gives me the option of using the web service to find the appropriate program or selecting the program from a list.
it does this with everything. it also won’t let me run the properties of the my computer tab. HELP PLEASEEE! 🙁
i tried to dowonload tdsskiller* not “the thing that removes it”
i tried method one before and i ran malwarebytes, it detected just 4 viruses and deleted them. however, i did another scan afterwards with another antimalware software and it told me the ave.exe file was still there, i did method 2 and ran malwarebytes again but it didn’t detect any viruses. does that mean im safe?
thanks!
Hannah, try the first step above.
maryam, try update Malwarebytes and perform a scan.
Hands down the simplest explanation of how to fix a very frustrating situation. I have already formatted two computers with this exact same problem. So glad to have found your solution. Cheers!
THANK YOUU. AMAZING
thank you this is the worst virus i have had in years and i have no idea where i picked it up from. could it of been dormant? i did get a msg from pc tools firewall saying that ave.exe wants to acess an i p address but i cant rememeber it. and i tried to deny the acsess but it looks like it was overrided think i might consider boosting my security yet again. cos ”avg’ ‘asc’ and pctools firewall all missed it. thank you agian. one last thing who the hell are ‘Russian fed’ any way? what c***’s cheers
Wow, this helped a lot. I was going to freak out if I couldn’t remove this thing.
THANK YOU!!!
You’ve prolly got my ex GF’s thanks worked wounders so far. still scanning the comp thought
Hey guise, just scan with:
Malwarebytes’ Anti Malware
Spybot Search & Destroy
Them two and you should be fine. SS&D detects things like the registry changes it does and fixes them up while malware fixes the rest.
Both freeware programs.
I followed your instructions.
First step one. Double clicked it. Restarted.
Then step two. Double clicked it, nothing happened. Of course, upon reading again I see that I should have right clicked and install. So I did.
Restarted and I am extremely pleased to say that the bug screens had gone.
I then donwloaded your Malwarebytes programme and ran a fast scan. 5 problems found. Deleted them. All seems ok now, just I will remain paranoid for a bit.
Thank you so, so much. I like many others are very grateful to you ‘intelligent guys’ who offer their help and wisdom.
Personally, I would like to see the people who create the harm crawl away and die. … Or is that too right wing?
Thanks again guys. Michelle UK.
Hiya –
I keep getting these trojans (three times! from three different non-pr0n sites!)…a friend was removing by doing the old take-my-hardrive-and-clean-from-another-system trick, but he’s out of town and I haven’t the equipment.
I’ve followed all the steps outlined here – rkill, safe mode, MalwareBytes, Superantispyware, and they come up clean, but as soon as I restart the damn thing reappears in my double-check run of Malwarebytes (including the ave.exe registry thing).
WTF? Why am I having such trouble with this?? (I’m running XP Pro, Avast!, and Windows Firewall…all fully patched). Please advise – I’ve never done registry editing myself, so steps appreciated!
Thanks…
Installed and ran well, waiting to see results and now how do I keep this application dormant..
uninstall?????
Option #1 worked great make sure you copy even the first line with the text!
I kept making the same mistake and it finally worked.
Vista Home premium
Hi –
I have been getting this virus repeatedly, on my fully-patched XP pro machine running Avast! and Windows firewall. The first two times a friend fixed by doing the remove-harddrive and slave it to clean and rewrite MBR, etc. trick, but (a) he’s out of town and (b) he’s sick of doing it. Me too.
I don’t get why I’m having this trouble – I follow all the steps here (rkill, superantispyware, malwarebytes, safe mode, repeat until clean), but every time I reboot, the damned thing comes back!
I see the ave.exe key in my registry, but it won’t let me delete it (or I’m not sure how…not experienced in regedit).
Also, I have no XP disk, because it’s one of the laptops with the stupid ‘recovery sector’ on the HD instead.
Any hint/help much appreciated!!!
Thanks,
~M
I tried both of these steps, and after I restarted it wouldn’t find the correct way to open anything. It kept saying things like, ‘windows cannot find the correct program to open Iexplore.exe.’ and such things… Help?
Michael, please open a new topic in our Spyware removal forum. I will help you.
This worked but there’s a bit of a trick to it because how can you copy and paste if you can’t open your browser or for that matter if you can’t open your browser how can download Malware Bytes if you can’t open your browser? If you had trouble, I hope these tips help you.
First, before you do anything, open your task manager, right-click on ave.exe and select “end process tree” and confirm. Keep task manager open at all times during this process and then try to open up FireFox.
Now, you’ll immediately get all of those BS messages from ave.exe but when that happens, go to ave.exe in the task manager AGAIN and end the process tree AGAIN. It may take a few seconds BUT Firefox will open up.
If it doesn’t work right off the bat, keep double-clicking the Firefox icon on your desktop so you open it up like 7 times (again it may take a few moments before you see the Firefox windows), then go back to task manager and end ave.exe process tree AGAIN as it will only show up once. Now close all of the Firefox windows but one and find this page.
Now, follow the instructions EXACTLY as described (I used method one).
Copy this whole text (and keep Firefox open), in its entirety INCLUDING “Windows Registry Editor Version 5.00″:
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”
[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
Paste it into the notepad. Click the drop-down menu for the file type and select “All Files.”
Save as “fix.reg” period… DO NOT have the extension .txt on the end!
Close, the document, double-click it and select “yes.” Now, find the download for Malware Bytes, download it and follow the instructions as noted above.
Tyler, try the following:
Click Start, Run, type regedit and press Enter.
Registry editor opens.
Navigate in the left panel to HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ IEXPLORE.EXE \ shell \ open \ command
I the right part of window click twice to “@”. You will see a screen with the contents like below: “C:\Documents and Settings\user\Local Settings\Application Data\ave.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
Remove left part, leave only “C:\Program Files\Internet Explorer\iexplore.exe”.
Reboot your PC and try run Internet Explorer.
Just want to say thank you from my heart.
I struggled with 2 days and landed on your site.
Method2 works for me.
Finally can have a good night rest.
“May you be showered with more Good Years”…
C:\Windows\regedit.exe
Application not found
is what I get when I try to run regedit. Any suggestions?
Hello sir please tell me how to remove autorun virus from my pc
Tyler, why do you need run regedit ?
kamaldeepdung, try the instructions.
Thanks Patrik!
I’ve opened it here:
http://myantispyware.com/forum/recurrent-lingering-rogue-antivirus-infection-t3387.html
Because you told me to, Patrik.