AVE.exe Virus Removal

AVE.exe Removal Tool –

AVE.exe is part of one of many fake antivirus programs, which include Total XP Security, Total Vista Security, Win 7 AntiMalware 2016, Total Win 7 Security, Win 7 Smart Security, Vista Security Tool 2016, XP Security Tool 2016, XP Defender Pro, Vista Defender Pro, XP AntiMalware 2016, Vista AntiMalware 2016, XP Smart Security 2016, and Vista Smart Security 2016. AVE.exe is similar to AV.exe and PW.exe.

The programs are clones of each other. For removal help with AVE.exe, please click here to view our official guide to remove Total Vista Security.

Total XP Security Removal Guide – Click Here To View.

File Location (Windows XP) – C:\Documents and Settings\[username]\Local Settings\Application Data\ave.exe

File Location (Windows 7 and Vista) – C:\Users\[username]\AppData\Local\ave.exe

The comments below may provide insight into removing AVE.exe. The comments for AV.exe may also provide insight into removing AVE.exe. If you have any questions or comments, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean. Please Click Here to View Our Safety Tips. It is also best to upgrade to Internet Explorer 8 for better web browsing security.

Your feedback is very highly valued by others so please feel free to comment. Please feel free to share a solution that you may have used to remove AVE.exe.

This entry was posted on Tuesday, March 16th, 2017 at 6:33 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

83 Responses to “AVE.exe Virus Removal”

Joe March 17th, 2017 at 5:15 am

Manual Removal:

1. Simply search your Registry for “ave.exe”. Delete “C:/path/ave.exe” /START , everything else in the line is windows default. It could be another executable, or “%1″ %*

2. Then search for “ave.exe” in all your folders and delete.

3. Done.

Notes:
You need to stop it from running before you can delete it. It sets the registry to make .exe files open ave.exe before it opens the default program. If ave.exe opens it will do all the registry writes again.

If this virus coder is smart, this is only a decoy to hide a more inconspicous virus that will capture you changing all your passwords, when you think all is well by removing ave.exe.

Len Henson March 17th, 2017 at 3:06 pm

New nasty called “XP Defender Pro” which seems to use “Ave.exe” as a launchpad, and hides itself in Windows/Prefetch.
I still cant find what starts it up.

Regards
Len Henson
Duraltronics

Gary Davis March 18th, 2017 at 5:46 am

I got this infection today, browsing isohunt (but no download). I used your manual removal instructions to some degree – the registry keys weren’t there but search the registry for ave.exe and fix the few hits. Do this before deleting the ave.exe or start regedit before the delete since after the delete, it won’t start any of the exe’s. See my blog posting about this infection at http://webguild.dyndns.org/Blog/archive/2010/03/18/how-i-dealt-with-an-ave.exe-virus-infection.aspx

Thanks for your help!

Gary Davis

Craig Huggett March 18th, 2017 at 8:58 pm

I managed to kill this today after 13 hours. I stopped the Ave.exe service, then searched for and deleted all Ave.exe files. Ave.exe adds a lot of EXTRA registry entries to the sections that govern .exe (i.e. search for .exe in regedit). I used an uninfected XP machine to compare registry entries wherever I found Ave.exe and deleted ALL non-matching entries from the infected machine (NB not just values, but whole entries). It is also important to fix the entry that starts up iexplore.exe (can’t remember which entry, but you’ll find it during your regedit search). This entry caused it to return after I killed it the first time. You’ll then need to run Malwarebytes to remove entries that affect security center. (I’m not a techie so excuse how this is written – hope it can help someone)

Kellen Lane March 19th, 2017 at 4:12 pm

I killed the ave.exe, but now that it is gone I am having problems with running programs. Everytime I need to open a program my “Run As” menu pops up. Is there anyway to fix this?

Jeremy March 20th, 2017 at 1:31 am

Kellen:

Go back to your registry entries; it sounds like you deleted the whole line instead of just the path to the ave.exe. Check the first post here from Joe March: “Simply search your Registry for “ave.exe”. Delete “C:/path/ave.exe” /START , everything else in the line is windows default. It could be another executable, or “%1″ %*”. The part that said “%1″ %*” should have stayed in all the lines that you deleted, as the “(Default)” setting should still be there. For instance, instead of the line looking like this:

“C:\path\ave.exe” “%1″ %*

It should just look like this:
“%1″ %*

Richard March 21st, 2017 at 2:46 pm

If by chance you do delete the ave.exe before starting regedit, start the “command prompt” then type regedit. The registry editor will open up. Don’t forget to clean out all entries of ave.exe as there will be several.

Danielle March 22nd, 2017 at 7:42 pm

I found that by starting up the task manager, if you locate the ave.exe process and tell it to end the pop-ups stop. Once that was done, I used a file association fix from the following website http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html

To fix the association for a particular file type, download the corresponding fix from the above links table (Use Right-click – Save as option in your browser to download the fixes). Unzip the fix and extract the .REG file to the Desktop. Right-click the REG file and choose Merge. Note that you need to be an administrator to apply these fixes.

The exe file association seems to delete the virus. Just to be sure, after, search the C: drive for any files containing ave.exe and delete those. Computer should be fine after that.

Martin March 23rd, 2017 at 7:01 am

Kellen:

Hey man, just solved the problem myself thanks to me beginning a Spybot scan before removing the ave files. What Spybot found is that a registry entry had been added to tell the pc that .exe files were not .exe files, hence the pc not running them and bringing up the Run As option. Of course I’ve no idea how you could remove these entries when your pc won’t run programs. Anyone else got any ideas? Trying to run regedit from “command prompt” won’t work because the pc won’t load “command prompt” in the first place

mtxandpolk March 23rd, 2017 at 9:29 pm

It changed the .exe class to specfile rather then exefile. Open the registry, which you’ll have to open by going to start, run, command, c:\, regedit, then go to HKEY_CLASSES_ROOT\.exe\ and the (Default) data should read “exefile”. My bet would be that it should specfile. That should take care of your executibles not being able to run.

pills here March 23rd, 2017 at 10:48 pm

Do this before deleting the ave.exe or start regedit before the delete since after the delete, it won’t start any of the exe’s

Daniel March 24th, 2017 at 2:53 pm

You can just search the registry for AVE.EXE but you have to pay attention there is a login.scr for your display that ends in AVE.EXE and you will find it. Just make sure you don’t delete it.

You will more than likely have to re-associate your EXE File Extensions in the control panel’s folder options.

To do so just open your control panel –> Folder Options –> File Types –> New –> Type EXE –> Advanced –> Applications should show up in the drop down menu –> Click OK

I Suggest you restart your PC at this point.
You may have to recreate the association more than once. I have had to on a couple of occasions before it would work properly again.

Pinglepop March 24th, 2017 at 8:38 pm

Vista has a real issue adding file types so you can do this which works:

Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”

[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”

Rename the file with a “.reg” extension. Double-click this and reboot your machine. Hey presto everything is as good as new

Seth March 24th, 2017 at 9:38 pm

Just removed the ave.exe from my computer(windows vista, 64 bit) after it installed itself while I was browsing (using firefox 3.6, and it still installed itself).

I tried to run a system restore to an earlier point, initially with no luck, restarted in safe mode, and the program still insinuates itself into the system. I found the ave.exe file, deleted it (after first stopping it using task manager), and then tried to run system restore again, and got the “run as” prompt, as noted above. By right clicking the system restore icon in my start menu, and selecting “run as administrator”, it opened fine, and I was able to reset to an earlier point, without having to do any changes to the registry.

You might be able to solve the problem simply by running system restore as administrator, and then restoring to an earlier point, without having to open task manager, or play with the registry or anything, (although you still will probably want to locate and delete the ave.exe file, either before or after the restore). No need to mess about with reassociating .exe files or anything else.
Oh, and ave.exe was a hidden file for me, and in the same folder was a system file that was created at the same time called 20xYJkS83BHk4 which I also deleted.

Hope this helps.

Ben March 25th, 2017 at 2:13 am

Hey, Im running windows 7 and I believe the virus is blocking me from editing the registry… ive edited it before, but now it says registry editing is disabled by the administrator. anyone else?

Erica March 25th, 2017 at 4:47 am

Hi,

I just got my computer infected by ave.exe. I tried to open my registry but unfortunately i can’t opened any of the programs except my computer. It said “The parameter is incorrect” Any help?

david March 27th, 2017 at 12:39 am

I was infected with this today. I deleted each ave.exe from the task manager. Then went through Joe’s manual instructions and deleted all “ave.exe” entries, but also deleted the “%1″ %*’s from the registry….but I may have deleted too much. Now I can not open anything. I get the prompt:

“This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel.”….even why trying to open internet explorer, even in safe mode.

Any help would be appreciated….I am still a novice with this computer obviously

david March 27th, 2017 at 12:48 am

Also, I tried Daniel’s suggestion to re-associate the exe file extension, but in the “FOLDER OPTIONS” screen I dont have the file types option…Thanks for the help

James Hood March 27th, 2017 at 1:53 am

Hey, I had something similar happen to me too. I ended up reading about a registry script that would fix the problem. I searched google for exefix_vista.reg and I downloaded it to my desktop. Then right clicked it and clicked merge. It re-associated all my .exe files which then let me open up regedit.

I still had to kill the process and find the virus location and delete it (it was hidden even though I had “show hidden files/folders” option on. Had to go into command prompt and use “attrib -r -s -h ave.exe” to get it to show up, after which I could delete it. I also used that command on the weird file in the same directory that is letters and numbers. The site that explains this is http://www.tech-recipes.com/rx/736/find-files-and-spyware-that-are-hidden-even-when-show-hidden-files-is-enabled/

Also before I killed the process it re-trashed my registry so I went back in regedit and searched “ave.exe” and did as the posters above suggested. After that I hit up C:/Windows/Prefetch and deleted any and all mention of ave.exe there. Lastly I then checked the other users on my computer to see if copies of the virus were hidden there, luckily there weren’t any. Now I’m just running some final scans to make sure everything is fine.

Thanks to everyone above for the helpful posts.

louise March 27th, 2017 at 10:06 am

i had this virus, i downloaded rkill.exe which found it and killed it, but now i got no administration rights on system restore and registry, i cant update malwarebytes but it does scan without updates any help would be grateful

louise March 27th, 2017 at 10:09 am

also im running windows 7

louise March 27th, 2017 at 4:06 pm

hiya

this is the only way i removed the ave.exe virus. i deleted the virus using r.kill.exe you can google it, i could not get in registry or system restore the only way i did this was to restart comp and press f8 then i did a computer repair it then let me go into the system restore, i then restored computer to earlier point.

annabel March 28th, 2017 at 5:11 pm

HELP!!

i deleted the ave.exe file but now can’t open any files ending in .exe

i can’t open notepad to copy in the fix – any ideas???

Kahlil Moonwalker March 29th, 2017 at 2:37 pm

My friend just got this virus a few days ago. Thought I’d nuked it for sure with MBAM, but after restarting could no longer boot the OS (also can’t get into safe mode).

Exu March 30th, 2017 at 3:07 pm

If you already messed up the registry and can’t access the regedit or command prompt, it may be too late for you to fix like that, neither get the windows instalation CDs and choose WINDOWS REPAIR SYSTEM (not full instalation otherwise you will loose everything) or restore the system to the last point in which it was working fine. I did try to copy files from another computer and it doesn’t work. I ended reintalling windows files using installation CDs, it worked for me. Good luck!

Andrew March 31st, 2017 at 8:29 am

If you have this and can’t run EXE’s (like regedit, notepad, whatever, etc, etc..) then you may still be able to take mtxandpolk’s suggestion above and still go:

Start -> Run -> Command

If you do that, it will run command.com, which is NOT an exe – and then from within the DOS (command.com) window that then opens up, you can start other things, like regedit.

I tried it, and it worked for me, which is why I’m re-iterating it… and also since if it does work for you as well, it may well save you significant time/effort/grief/etc!

Also, Seth’s suggestion above, of using the right-click, and “run as” option, to run as administrator (even if you are already logged in as the actual administrator) – may work for some – probably would have worked for me, after looking at the registry changes, it looks as though it changed how EXE’s are run normally, but no how they’re run with the “run as” option. There may be different ave.exe variations out there, though, so not sure something that works for some will work for all…

Kahlil: It’s possible it’s not booting because it can’t run any executable (*.exe) files – if it has the registry bit changing exe files to run ave.exe first, and you deleted the ave.exe file… it may end up unbootable … If that’s what happened, then you’ll probably need to boot up some sort of rescue disk that has some sort of offline registry editing program – to repair the registry’s exe issues and hopefully that’ll fix it. Probably the best thing to try anyway, if you’re still having trouble with it and haven’t tried that yet by the time you read this…

3absi March 31st, 2017 at 5:59 pm

hi
i deleted the ave.exe
but now i cannot run any update
all of the programs i have cannot be updated
i can use the internet but no update any advise please

Andrew March 31st, 2017 at 8:00 pm

3absi: When you say you can’t run any update, are you referring to Windows Update, or some other specific program updates, or are you *really* saying that you’ve tried to update every single program you have and none of them have successfully updated..?

And when you say you can use the internet, are you saying that you can browse the web using IE or Firefox, or what, exactly…? “Using the Internet” would normally include updating various programs that do so over the ‘net, so you have to be a lot more specific, and somewhat less self-contradicting. ;)

In reality, these comments are really unlikely to be a good place for you to get detailed technical support, for various and sundry (among others) reasons… ;)

I’m not saying don’t post here, as the owner clearly encourages posting relevant stuff here – but just that if you went to a relevant forum, you’re much more likely to get good help in a reasonable amount of time. Posting comments back and forth here could end up taking many days, if not weeks, depending on how complicated your problem ended up being – but a decent, active forum might help you within a day or two. Not that I know where’s good offhand, but I’m sure I’ve seen at least a few – Google it a bit, look for a very active forum on virus (etc) removal and all that – maybe someone here can even post a suggestion as to what forum might be good for getting knowledgeable support in a reasonably timely manner…(?)

And of course, this is assuming you’ve already looked through the (undoubtedly) quality guides linked to in the Original Post, at the top…
Cheers :)

Rogy April 2nd, 2017 at 2:58 pm

I can’t run any .exe files and I don’t know what to do in the ‘command.com’. Help, please!

CowboyCoder April 3rd, 2017 at 7:39 pm

Rogy,

Pinglepop above shows what to do. After you merge the registry entries you should be able to run .exe files.

CowboyCoder April 3rd, 2017 at 7:45 pm

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”

[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
=== There should be a blank line here ===

Xzor64 April 3rd, 2017 at 8:36 pm

So I’ve apparently deleted ave.exe and cleaned my registry but system restore still doesn’t work. Also, I’ve tried to download files with the virus and it wasn’t allowing me, and now that I’ve seemingly got rid of it I can download Malwarebytes… but when I install it there’s no exe. I can’t rename mbam.exe to anything different if its not there… and AVG and A-squared aren’t picking up anything but surely there is still SOMETHING on my computer screwing things up.

CowboyCoder April 3rd, 2017 at 10:54 pm

Xzor,

The System Restore may have been made after you got infected. If so, restoring from it will re-infect your system. Doesn’t Task Manager show ave.exe process?

Calder April 4th, 2017 at 9:23 pm

I see ave.exe running in task manager, but can’t find the file in the “application data” folder, so I can’t delete it. I even used process explorer which shows ave.exe being in that folder, but when I look it is not there. Any ideas?

Ordakhan April 5th, 2017 at 3:43 am

I got struck with this crafty little bugger about 3 hours ago. About 3 week before I visited a friend who got hit with this same malware and ended up having to wipe everything and start over with a fresh load of WinXP. I on the other hand have Vista64 and had no trouble seeing and stopping the process. I got hooked to my Firefox .exe but that was it. I downloaded Spybot – Search & Destroy which is a freeware and it cleared up everything. I normally have it running all the time but somehow for got with this box, maybe because its my first Vista box. I have since revisited the offending site and had no trouble “removing” the site from the web and spybot kept me ave.eve incursion free.

zarkonite April 5th, 2017 at 7:46 am

hey guys just got this this morning, followed Danielle’s advice about fixing the registry and it seems to have worked. thanks for the help

Johhny Depp April 5th, 2017 at 3:54 pm

Can anyone please explain to me in simple terms how to get rid of this. I am in safe mode with networking and i have downloaded malwarebytes and its found 7 threats but when i remove them i cant access any programs it just brings up the open with box…

Benji April 5th, 2017 at 6:01 pm

I’m a fool, I didn’t read the instructions properly and just blundered in, And deleted the entire line in Regedit! Now no programs will open, they just keep doing the “Run As” bit… I managed to delete the ave.exe file after unhiding it, Please, someone tell me how to fix my Reg!

maty.s April 5th, 2017 at 10:19 pm

hey all i am desperate for help. i caught that nasty ave virus and it messed me right up i ran avast antivirus then fixed the reg with above help that gave me access to my .exe again. but now the problem is i can’t connect to the net using either firefox or IE, they both run but wont connect although the net icon on task bar says i am online plz plz plz help me

maty.s April 5th, 2017 at 10:52 pm

ok i know i just asked for help but i just managed to sort my problem (for internet explorer anyway) in reg edit search for ave.exe and you should find a line for explorer with “:\users\mat\appdata\local\ave.exe” (the mat bit will be your name) anyway delete that out of the line and explorer should start working again

maty.s April 5th, 2017 at 10:54 pm

“c:\users\mat\appdata\local\ave.exe” messed up the line on above 1 sorry

tony April 6th, 2017 at 9:39 am

i was infected with the antivirus xp spyware.
i have cured it by downloading and running superantispyware from http://www.superantispyware.com/superantispywarefreevspro.html
after this my .exe files would not work but i followed the instructions on http://www.adamsdvds.co.uk/tutorials/windowsxp/file_extensions/exe_not_working.php
and now everything is back to normal with no infection!
success!!!!!!!!!!!!!!!

i hope this helps.

maty.s April 6th, 2017 at 1:21 pm

aahhh all that hard work last night seems to be for nothing after running avast then fixing the reg, when i booted up my pc this morn ave.exe was back and as bad as ever. am now trying the following, saved the setup of the latest malwarebytes on a clean flash card from off a clean computer then booted infected pc into safe mode, once booted i ran reg fix once again to stop ave.exe runnin when i click on an exe. then installed malwarebytes without any probs and started scan. so far so good i shall keep you all informed of my progress ;)

maty.s April 6th, 2017 at 3:10 pm

success :D this virus gets everywhere into firfox, explorer, windows media, local files i mean everywhere i had 56 infected files including reg, and malwarebytes removed all those while in safe mode, tho when i restarted pc normaly my norton antivirus stoped and removed another 10 instances of AV.exe that tryed to connect to the net so im running malwarebytes a second time normaly just to make sure. my advise would be as follows.
get a clean copy of malwarebytes from clean pc onto a clean flash card.
boot infected pc in safe mode (no net access) and use one of the reg fix’s on this page to be able to run .exe’s without AV loading itself up again.
run setup of malwarebytes (you will get a pop up sayin cant update if you got auto update checked just click ok) and start scan.
once finnished click remove all infected files and reboot as normal (be sure to have another antivirus redy to auto start when windows starts just to be safe)
once booted i ran malwarebytes again jus to be extra safe but dont think you’ll need to

pc is now runnin nise again took a while but thx to help above i was finnaly able to find a way to sort it :D cheers

Physh April 7th, 2017 at 2:26 am

This was a nasty little bugger. I got a variation of it that would not permit me to edit the registry so I had to run this key while in the command prompt:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

just an fyi for anyone it might help.

Bill April 8th, 2017 at 2:42 am

I also had the *.exe won’t run issue after running malwarebytes to get rid of ave.exe. I was able to solve the problem quite simply. Using standard windows menus/setting change operations.

In my computer go to Tools/Folder Options and select the “File Types” tab. After a brief delay (with the familiar flashlight animation) a list of extentions and their associated file Type and action. Depending on your settings you may or may not see a line for EXE. No matter you just click new. A warning message will likely appear telling you that exe is already assigned to launching applications. Ignore the warning and proceed. At this point my memory is a little sketchy as to my exact step, but I had reselected the exe or new (to try again to associate the exe extension). At this point I clicked the advanced button and selected “Application” from the “Associated File Type:” drop down menu. Hit OK, and apply/OK again and then I was able to run programs. I rebooted and tried again and it still worked.

It worked fine for me (so far it’s only been about 1/2 hour, and I hope it works for you.

Good luck!

Bill

Jason H April 8th, 2017 at 7:33 pm

–==ATTENTION THOSE WHO CANNOT RUN .EXE’S==–

Here’s the link to the microsoft knowledge database article with a ton of information on it;
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/FakeRean

At the very bottom of the page, they explain how to run exe’s again by simply deleting 2 registry keys that are easy to find.

ALSO – if you cannot run regedit.exe, first find it in my computer – should be in;
C:\Windows\

Right click on regedit.exe, and select “Run As…”

UNCHECK the box about protecting yourself and hit OK – the registry editor should open.

Ive been removing this virus from a computer here at work for a month, and this is the worst variation I’ve seen. I’ve pretty much found a workaround for every hurdle this scam throws at you, at least in WinXP.

2 1/2 hours spent today, but right now AVE.exe and xp defender pro are gone. Here’s my question to anyone that can help…
We have 3 computers here, and its the same computer that keeps getting infected over and over. all three computers are up to date via microsoft update, and all have WinXP, yet THE SAME ONE KEEPS GETTING INFECTED. Luckily, I’m paid by the hour so I’m being paid right now, but this is no where near my job description. Please let me know HOW TO STOP THIS FROM HAPPENING IN THE FIRST PLACE.

PS – Switching internet browser to Google Chrome to see if we can prevent future re-infections. I will check this thread at least once a day to help anyone I can. Seriously though, this program is genius. every other computer at my school’s library is screwed with some type of this program. over 200 computers just on the first floor of the library are infected. Please let me know if you’ve found a way to prevent infection in the first place.

Cheers and good luck all!

DFN April 9th, 2017 at 3:56 pm

Pinglepop – Thanks for your Registry fix. Didn’t work for me the first time but I tried again with success. Thanks to all the kind souls who helped out here.

PS> I am running AVG, Spyware Terminator, ZoneAlarm, & AdAware. Anyone know how it got past all that?

Ian April 10th, 2017 at 2:03 pm

Sorry, but telling people to just delete ave.exe in the registry and file system is a band-aid. I have seen this malware on a few computers and they all were loaded with rootkits, trojans, keyloggers, etc. This registry file: http://www.malwarehelp.org/downloads/trojan_fakerean_exe_fix.reg
will let you install and run Malwarebytes, SuperAntiSpyware, and Avast without ave.exe popping up. Make sure they are updated and run all three. Make sure to choose the deep system scan from Avast to get the rootkits.

charles johnson April 12th, 2017 at 1:16 am

hey I downloaded STOPzilla scanner and it blocked a live url 225.*.*.* port 17343 and the ave disappeared.

Debra April 12th, 2017 at 2:13 pm

Thank you to Tony (April 6th). I was infected with the antivirus xp spyware and followed Tony’s advice.
Has fixed the problem!

I had been trying to get rid of this virus for about a week.
This is a great site.

Manuel April 12th, 2017 at 5:00 pm

I ran my registry and stopped the ave.exe, and have had no more problems except that my computer no longer runs the mozilla firefox, can anyone help me? PS. i was running firefox wen i got infected.

crystal April 13th, 2017 at 2:43 am

what do i do when i got infected on vista?
how do i unset ave.exe as an administrator
the only problem i have is that theres windows popping up frequently with ads …

Jamie April 14th, 2017 at 6:35 pm

I can’t figure out how to get rid of it. I open the task manager and it says ave.exe and I open file location and there is nothing that says ave or anything close. Also I try the search bar and nothing comes up with that either. Is there another name it goes by or something?

Erin April 14th, 2017 at 10:47 pm

If you can’t open .exe files, change the extensions to .com and they will open. Once you clear up the infection, you can change them back and they’ll run again. Basically, make them DOS files. (I had to do this to win the first battle in my long ongoing war with this virus.)
A few days after I cleared up the infection, it hit again, this time preventing Internet access.
After that mess, it wouldn’t let me open my Task Manager. Also, since the second or third attack, my Google search results would all redirect to random ad sites, with that same little logo next to the redirecting URL every time, like a handwritten 6, kind of.
Now I can’t get on the Internet again; I keep running different virus/malware scans, and pretty much find something new every time, but I just keep getting infected with the ave.exe Trojan.
I can’t dump the whole thing and start from scratch, either, because it’s a borrowed laptop (running XP Pro), and I have no discs or anything.
I’ve been using the latest version of Firefox this whole time, too, and haven’t opened any suspicious e-mails or downloaded anything weird (certainly nothing P2P), and I have no idea where I got this from, o why I can’t shake it.

FRENCHYINAMERICA April 15th, 2017 at 5:03 am

PINGLEPOP!!! (March 24th post) It worked perfectly!!!

THANK YOU!

AMANDA says “We Love You!”

Robert April 15th, 2017 at 5:30 am

Hi there,

I also got this from going to isohunt. I touched nothing on the web site at all (I clicked on the shortcut which I do every lunchtime and then brew up some tea + other things). The XP Security virus started up after that.

Am using Windows XP SP3, with FF 3.63

What I did..
Firstly the tools
1. Microsoft’s sysinternals process explorer (download it, its free – it is part of a suite of programs, it is excellent and includes a lot of other tools too)
2. As I am a Linux person I also use cygwin as a shell. Again another excellent tool.

What I did.
1. used “Process Explorer” to kill ave.exe
2. found it in the c:\windows\prefetch. the name was ave.exexxxxxx.pf {xxx = cannot remember)
3. used regedit to fix entries as mentioned by others.
4. found the ‘funny’ files in

c:/Documents and Settings/Robert/Local Settings/Temp
–> TcP0eIPn2W
–> 3768234786
c:/Documents and Settings/Robert/Templates
–> TcP0eIPn2W
–> 3768234786
c:/Documents and Settings/Robert/xxx plus the other place other posters mentioned

note that the files are ten characters only, used cygwins search command to find all ten character files thus..

find . -name
“[A-Z,a-z,0-9][A-Z,a-z,0-9][A-Z,a-z,0-9][A-Z,a-z,0-9][A-Z,a-z,0-9][A-Z,a-z,0-9][A-Z,a-z,0-9][A-Z,a-z,0-9][A-Z,a-z,0-9][A-Z,a-z,0-9]”

The files were 7180 and 7168, did not compare to see if the same

Have “process explorer” open and is not firing up, will try a reboot and get back to work.

Thanks and regards to all,
Robert

Robert April 15th, 2017 at 5:38 am

Have rebooted machine, has not come back. Think is fixed.

More importantly how can you visit a website and this downloads ??

nick lawlor April 19th, 2017 at 5:48 pm

find ave.exe in task manager -> right click -> end process tree
this allowed me to run malwarebytes which kicked it off my system, had this virus twice now

Paul April 25th, 2017 at 12:11 am

I’ve been having a run of bad luck with this virus. After a couple of infections, I think I finally got it out. However, some of its effects are still lingering. McAfee and Malwarebytes still sometimes show that they have blocked / deleted it.

Also, lately I’ve been experiencing a very slow system, some redirected google searches, and lots of pop-ups occurring INSIDE of Firefox. I’ll be browsing and a second tab will show up with an advertisement or something of the sort.

Does anyone have any ideas what my problem is?

(I post here because I suspect a connection to the Ave virus.)

Mike April 25th, 2017 at 3:14 am

Also got this virus today, noticed first that it initialised Java runtime, concerned I checked task manager and found ave.exe which terminated Windows firewall and AVG anti-virus, however my trick to getting rid of it was to do a system restore, I have a script which runs every sunday to create a system restore point, instead of manually trying to get rid of it, system restore 5 mins later, back to normal, no scans to wait for,bam! 5 mins then normal. Take regular restore points, also take regular ASR (automated system restore) on xp using the backup tool, Vista seems to have a better restore feature than xp.

Casey April 25th, 2017 at 5:23 am

Hello all,

Like you all, i couldn’t open any programs at all in Vista Home Premium O/S. Except Mozilla browser. I did open regedit by going into task manager, open command.exe and manage the “ave.exe” in there and shut down and boot the computer again. I don’t know how to use recovery file already stored in D:/ when i bought this computer as a package.

I thought i wasn’t going to be able to fix because i’m not a computer technician, i saved all my beloved files into my portable harddrive and was prepared for the worst to come!!!!!

Thanks you very so much for all your suggestions…

– Casey

NightCabbage April 25th, 2017 at 2:54 pm

Picked up this virus the other day :(

Nasty part is that after I removed the ave.exe problem, there are still browser hijack problems.

Chrome won’t load any pages.
IE is suffering from google result redirections.
IE and FF are both unable to go to windows update (or anything with the words “windows update” in it, minus the space – which if I typed now, would prevent me from making this comment… )

Michael April 26th, 2017 at 9:06 pm

Hi -

I have been getting this virus repeatedly, on my fully-patched XP pro machine running Avast! and Windows firewall. The first two times a friend fixed by doing the remove-harddrive and slave it to clean and rewrite MBR, etc. trick, but (a) he’s out of town and (b) he’s sick of doing it. Me too.

I don’t get why I’m having this trouble – I follow all the steps here (rkill, superantispyware, malwarebytes, safe mode, repeat until clean), but every time I reboot, the thing comes back!

I see the ave.exe key in my registry, but it won’t let me delete it (or I’m not sure how…not experienced in regedit).

Also, I have no XP disk, because it’s one of the laptops with the ‘recovery sector’ on the HD instead.

Any hint/help much appreciated!!!

Thanks,
~M

Marissa April 26th, 2017 at 10:01 pm

This is the second time I had this virus, and it’s name was changed. As soon as I got this virus, I knew to immediately open AVG, Malwarebytes Anti-Malware, and Spybot: Search and Destroy. AVG and MBAM did not find it, but SB:SD found 17 infections! I deleted them, and restarted my computer. Not bad for a 13-year-old. The first time it happened, I had to take it in, the virus stayed on for 2 days. The second time, it was on my computer for only 20 minutes.

Elli April 27th, 2017 at 7:50 am

I had the same thing happen where it initialised Java Runtime… I have no idea where the file is located on my computer, I know a bit about computers but not much about registry stuff… The fakie I have is XP Smart Security 2016… Could someone provide me with a step-by-step removal for dummies? Greatly appreciated! Thank you :)

dan da man April 27th, 2017 at 5:32 pm

i got the ave.exe last month in the form of malware security center, this month i got the xp defender pro (i think google did it) i hate this thing, if anyone can get me a way to destroy it permanently i would be grateful, it has blocked internet/avast/adware and other programs

scotttalso April 27th, 2017 at 6:53 pm

I’m having the same issues as nightcabbage. I also am really confused as to where I got this virus from and wonder if the website grooveshark could have had anything to do with it.

But anyway, if anyone else is noticing issues with browser hijacks and has a solution for it let me know. I’ve run the Rkill function, used malwarebites and symantec to remove the virus but am still getting owned on google searches.

Doug April 28th, 2017 at 3:28 pm

I just managed to get rid of this virus. Malwarebytes found it after i updated it, then i had to set my internet settings so it wasn’t using a LAN since the version i had was rerouting my internet sites to some garbage.

Red April 28th, 2017 at 9:28 pm

Im having the same problem, win xp pro sp3.
Currently trying to defeat it. These were my actions so far:
- pull out inet/lan cable
- stop ave.exe
- found ave.exe in several user folders by searching for it.
- deleted all the ave.exe and other file with the 10 digits.
- searched registry threw DOS and deleted all reg values/keys which contained ave.exe.
- used reg fix for exe files
- ran superantispyware, malwarebytes in safemode.
- Next step is to run my av software ( nod) in safemode.

Ill keep you posted

Red
-

Bib April 28th, 2017 at 10:54 pm

I got this ave.exe today. I deleted it before I recognized this site. I couldn’t run any .exe until I read the thread by changing .exe in regedit to exefile. Now I can run my laptop in safemode (with internet). But I can’t run it in normal mode. I don’t know why, it’s just stuck and can’t go to login page. Do you have any suggestion? Thanks
Best,
Bib

Red April 29th, 2016 at 6:32 pm

- So I ran NOD32 in safe mode and it didnt find any virus/trojan/malware

- After this, svchost.exe was using 50% of my cpu. So I tried many things including disabling Microsoft update and use windows update or vice versa, installing all sorts of updates which claimed to fix the prob. After some research with process explorer I found it was a virus/trojan that made svchost.exe use 50% cpu. Someone advised Kaspersky AV somewhere on the web, so I tried that. And guess what…where nod32 wouldnt find anything, Kaspersky found 20 objects.

- After removing the particular trojan “SISZYD32″(the one that made svchost.exe run at 50% cpu), which was not seen by superantispyware, malwarebytes and Nod32, I thought I would be in the clear.

- Im a webdeveloper and was quite shocked to see that my portfolio site was infected with a trojan. Somehow, threw FTP this virus injected tons of index.html’s and javascript code in javascript files. This particular trojan is called: “heur trojan-downloader.script.generic”

- I cleaned my whole site within 2 hours and definitely gonna reinstall windows now.

I have some experience in ICT and I must say that I never have seen anything like this before.

Bill L April 29th, 2016 at 7:40 pm

This is a nasty trojan. I got it on a driveby download from a web-site. One click and infected instantly. Norton 360 with latest updates did not detect it, at least not this variant. I sent the AVE.EXE file to Symantec, and they claim that it “should” be recognized, but it isn’t. Microsoft Malicious Software Removal Tool also does not find this version I got. Microsoft Windows Defender with latest updates does find it.

The driveby download exploited a Java bug announced in mid-April 2016. The latest Sun/Oracle Java update #20 has the fix for the bug, so update your Java before you get hit again. The version of the trojan I got exploits the Java bug under both Internet Explorer and Firefox.

It appears there are many versions of this trojan going around. Each one seems to make slightly different changes to the registry. There are a lot of different removal instructions on the web for this, and if you use the wrong instructions, you may end up in a jam. I found two VISTA registry changes under HKEY_CLASSES_ROOT pertaining to EXE files that none of the removal instructions I’ve run across included. Be sure to search the full registry for all occurances of AVE.EXE (or whatever it is named on your PC).

Start by killing the AVE.EXE process in task manager. Back up any really important files you don’t want to lose while you have the chance in case you mess up the registry edits. Whatever you do, DO NOT delete, move, or rename the AVE.EXE until you have cleaned up the registry. Keep the task manager open so you can kill the process if it starts up again (and then you will need to clean the registry again, because it will reinstall itself each time it starts up). If you remove the AVE.EXE before you get the registry repaired, you will probably not be able to run EXE files, and fixing the problem then will take a lot of creativity. If you have never worked with the Windows registry, get someone with a lot of registry experience to help you, or you risk messing it up big time.

Good luck, and get your JAVA updated!!!!!

Relentless April 29th, 2016 at 7:55 pm

I am having the problem with the ave.exe and having problems with a ssvagent.exe And Ive looked and looked and looked everywhere for the ave.exe and can not find it on my computer but it keeps trying to run someone please help

Relentless April 29th, 2016 at 8:06 pm

I have been reading everything about this virus or whatever you want to call it, And people keep saying delete it from your registry… how do you get to that no1 can tell me that, And I can not open a single program on my computer it keeps asking me what I would like to open it with. Someone please help

Bill L May 3rd, 2016 at 11:22 pm

I kept a renamed version of the AVE.EXE in a different directory. I’ve been updating my Norton 360 daily since I sent the file to them last week. It finally detected the file today, along with some DAT and LNK files it put in various directories. Also found and removed 122 associated registry entries in addition to the ones I had already edited to fix the problem with running EXE files.

TO RELENTLESS: First stop the ave.exe from running by killing the process in Task Manager (CTL+Alt+DEL). The Vista version will show you the path where the file ran from. Leave Task Manager open and run REGEDIT from the start button (ave.exe will probably restart, so kill it again). Search in REGEDIT for “AVE.EXE” and make note of the path to the file. Now you know where it is, but DO NOT DELETE it until the registry entries are fixed, or you will not be able to run any EXE files. If you have never worked in the registry before, get someone with experience to help you, or you risk making things even worse.

SerialSinner May 5th, 2016 at 2:17 am

Easiest way to stop this is to boot into the admin account on what ever system quickly press repeatable cntrl alt delete. you will be able to enter task manager before the ave.exe will fully load. click on the file ave.exe right click go to end task. now go to start -search-aclick advanced search -click to add hidden folders-now search for “ave.exe” now delete everything. restart open windows defender and search for update-do full system search -remove remand of reg files. your done…works everytime at my shop.

HelpWanted May 12th, 2016 at 9:17 pm

PLEASE HELP!!!
1) WHAT IS THIS AVE.EXE THING &&& HOW DO YOU GET RID OF IT!!!!
2)THIS VIRUS IS A TRAIL DEMO DATA PROTECTION THING AND ITS GETTING ON MY NERVES!
3)THIS VIRUS DELETED TASK MANAGER FROM MY COMPUTER SO I CAN NOT GET IT TO POP UP AND DELETE IT LIKE MOST OF U ARE SAYING!!!
4)HOW DO I GET PROCESS EXPLORER TO COME UP && WORK??
PLZ WRITE BACK ASAP!! I NEED HELP TO GET THIS NASTY VIRUS OFF OF MY NEW COMPUTER!!!

Danver Zamora November 22nd, 2016 at 10:57 am

help please… when i open my AVG it automatically close… my task manager too…
i use hijackthis like they say… and then this is the result…

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\cmd.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Setup.exe
C:\WINDOWS\system\reg32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\My Documents\Downloads\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2318\ReaderUpdater.exe

F2 – REG:system.ini: Shell=explorer.exe, C:\WINDOWS\cmd.exe
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\DisplayMonitor.exe
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Program Files\AVG\AVG8\avgssie.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [VTTimer] VTTimer.exe
O4 – HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 – HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 – HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [NVIDIA Display] C:\WINDOWS\DisplayMonitor.exe
O4 – HKLM\..\Run: [Win32 Console] C:\WINDOWS\cmd.exe
O4 – HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – Global Startup: Setup.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG8\avgpp.dll
O20 – Winlogon Notify: avgrsstarter – avgrsstx.dll (file missing)
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: Autorun CDROM Monitor – Unknown owner – C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 – Service: AVG Free8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe


End of file – 4824 bytes

River Hall March 26th, 2017 at 7:01 pm

can someone please explain how to do this in english please lmao and not in the computer lingo

Dextrus April 3rd, 2017 at 10:40 pm

I’ve just had this too (Nasty!). One thing I noticed was that it hid ave.exe as a SYSTEM & HIDDEN File in my users\[yourname]\appdata\local directory. This could be why a number of you can’t seem to find the exe.

Also, I had to reboot into safe mode with command prompt in order to run anything.

Zac May 12th, 2016 at 12:24 am

Just wanted to comment on this since this website was great and helped me tremendously.

I got this virus today. It took some time but I was able to get rid of it the following way, which turns out to be incredibly easy it just was about the 10th thing I tried:

1)Restart Windows in Safe Mode (by rebooting and hitting F8 prior to the windows icon)

2) Allow the virus program to start. The virus is now named “txt.exe”.

3) Open Task Manager find the file name but do not delete it yet.

4) Click, “Start” , type “regedit.exe” in the search box and hit enter.

5) Registry Editor will come up. Click “Edit”, “Find”, and type in “txt.exe”.

6) Two files should come up. One ending in the txt.exe promt. The other ending with “%1″ %*”. But Wait…

7)….Before you delete them, first click on Task Manager which you should have already brought up. Now delete the txt.exe file from Task Manager FIRST.

8) Then delete the two files from the Registry Editor. You must do it in the order.

9) Reboot the computer and you should be good to go.

This is what I did and now my computer seems to be running fine just as it was before. Thanks to Joe for the initial advice which I used, just thought I’d update with the new name and step by step instructions, since I had to delete the files in that specific order.

Leave a Reply