ave.exe virus?, how to get rid of it? |
ave.exe virus?, how to get rid of it? |
Mar 18 2010, 10:15 AM
Post
#1
|
|
Senior Member Group: Staff Alumni Posts: 4,665 Joined: Aug 2008 Member No: 676,364 |
this worm/virus thing came out of NOWHERE when i was surfing through firefox.
i looked through google to see how to remove it. I LOOKED at this: QUOTE Changing .exe file associations: Because you're having trouble running exe files (due to associations in the registry) you might actually have trouble accessing the registry to change the associations. TRY: 1. start > run > c:\windows\ 2. right click regedit.exe > start (NOT OPEN) 3. In the registry go to HKEY_CLASSES_ROOT\.exe 4. Right Click (default) , modify 5. value = "exefile" (without the quotes & equal sign) 6. Reboot As previously mentioned, this might not work because of permissions you've changed. You may want to restore permissions and follow the instructions below. Identifying the rootkit, then rebooting, then removing file associations is advisable. Removing the Virus: ave.exe is rootkit worm. It changes the association of exefiles within the registry and hijack all the programs. The first step is to remove the rootkit. If you download PREV free version and run it (I know you don't want to download - but this will at least confirm where the rootkit is AND ave.exe will NOT stop you from installing, like it does malware bytes). Subsequently, you will at least be able to find out where that rootkit file is. Likely it is c:\windows\DCEboot.exe. 1. Remove rootkit (c:\windows\DECBoot.exe) 2. Reboot 3. Open up the registry (start > run > regedit) 4. Search for ave.exe 5. Remove any entries for ave.exe (ave.exe ONLY) 6. In the registry go to HKEY_CLASSES_ROOT\.exe 7. Right Click (default) , modify 8. value = "exefile" (without the quotes & equal sign) 9. Reboot This should give you control back over your machine. Then, if you can, install malware bytes (which you can't install while this virus is operating), and clean up anything remaining. A registry cleaner, might also be advisable. ave.exe, will no longer run. I suspect, because you've changed permission on ave.exe, the association of .exe (step 7) which is likely executing ave.exe is causing the issue. Change that registry issue and your problems should go away. Source(s): Completed the above yesterday (hopefully, we're talking about the same virus). In my research, it looks like this virus has become more prevalent since March 15, so likely we're talking about the same thing. What should I do? |
|
|
Mar 18 2010, 11:32 AM
Post
#2
|
|
Senior Member Group: Official Designer Posts: 5,880 Joined: Nov 2007 Member No: 593,382 |
What?
|
|
|
Mar 18 2010, 02:40 PM
Post
#3
|
|
Senior Member Group: Staff Alumni Posts: 4,665 Joined: Aug 2008 Member No: 676,364 |
=/
so far the virus hasn't been acting up or showing up, i followed the instructions and the DECBoot is gone. Does that mean the virus is gone too? I can get on the internet now, and I'm currently running a scan and clean with superantispyware. it cleans viruses, trojans, worms, andd spyware. :P my computer's running a bit slow though. is it because of the scanning? |
|
|
Mar 18 2010, 03:11 PM
Post
#4
|
|
Senior Member Group: Official Designer Posts: 5,880 Joined: Nov 2007 Member No: 593,382 |
What? How do you know you got it? Just follow the instructions.
|
|
|
Mar 18 2010, 05:29 PM
Post
#5
|
|
/人◕‿‿◕人\ Group: Official Member Posts: 8,283 Joined: Dec 2007 Member No: 602,927 |
That one has been infecting a ton of Vista systems lately.
|
|
|
Mar 18 2010, 07:52 PM
Post
#6
|
|
Senior Member Group: Staff Alumni Posts: 4,665 Joined: Aug 2008 Member No: 676,364 |
What? How do you know you got it? Just follow the instructions. I know i got the virus because it said it was AXE.exe when I used the task manager to close it. plus, i did research on it right after to make sure there was such thing as this virus. That one has been infecting a ton of Vista systems lately. Don't forget XP. Looking from what people said, this virus appeared in like the beginning of March. Hopefully, it won't come back. |
|
|
Mar 18 2010, 09:52 PM
Post
#7
|
|
Senior Member Group: Official Designer Posts: 5,880 Joined: Nov 2007 Member No: 593,382 |
I know i got the virus because it said it was AXE.exe when I used the task manager to close it. plus, i did research on it right after to make sure there was such thing as this virus. Don't forget XP. Looking from what people said, this virus appeared in like the beginning of March. Hopefully, it won't come back. What did you do to get it? Also, your signature is too wide. |
|
|
Mar 19 2010, 09:51 AM
Post
#8
|
|
Senior Member Group: Staff Alumni Posts: 4,665 Joined: Aug 2008 Member No: 676,364 |
QUOTE this worm/virus thing came out of NOWHERE when i was surfing through firefox. |
|
|
Mar 19 2010, 12:31 PM
Post
#9
|
|
Senior Member Group: Official Designer Posts: 5,880 Joined: Nov 2007 Member No: 593,382 |
How did you know it was there all of a sudden?
|
|
|
Mar 19 2010, 12:48 PM
Post
#10
|
|
Live long and prosper. Group: Staff Alumni Posts: 10,142 Joined: Apr 2007 Member No: 514,926 |
|
|
|
Mar 19 2010, 03:35 PM
Post
#11
|
|
Senior Member Group: Staff Alumni Posts: 4,665 Joined: Aug 2008 Member No: 676,364 |
nope. there was just 2 popups that showed and closed all my windows and applications. one was a fake anti-virus scanner and the other was about upgrading it. i was afraid to click anywhere on the popups, so i just used task manager, but then it kept coming back.
|
|
|
Mar 21 2010, 12:19 AM
Post
#12
|
|
Senior Senior Member Group: Official Member Posts: 1,507 Joined: Sep 2007 Member No: 571,541 |
well if this virus becomes harmful, then you will have to do a System Restore.
|
|
|
Mar 22 2010, 10:15 AM
Post
#13
|
|
Senior Member Group: Staff Alumni Posts: 4,665 Joined: Aug 2008 Member No: 676,364 |
|
|
|
Mar 22 2010, 03:36 PM
Post
#14
|
|
/人◕‿‿◕人\ Group: Official Member Posts: 8,283 Joined: Dec 2007 Member No: 602,927 |
System restore only gets rid of the most primitive viruses. If you really want to do anything, you'll have to reformat.
If you're lucky, you'll be able to edit the registry. |
|
|
Mar 22 2010, 09:13 PM
Post
#15
|
|
Senior Member Group: Staff Alumni Posts: 4,665 Joined: Aug 2008 Member No: 676,364 |
|
|
|