Log In · Register

 
 
Reply to this topicStart new topic
ave.exe virus?, how to get rid of it?
creole
post Mar 18 2010, 10:15 AM
Post #1


Senior Member
*******

Group: Staff Alumni
Posts: 4,665
Joined: Aug 2008
Member No: 676,364



this worm/virus thing came out of NOWHERE when i was surfing through firefox.
i looked through google to see how to remove it. I LOOKED at this:
QUOTE
Changing .exe file associations:

Because you're having trouble running exe files (due to associations in the registry) you might actually have trouble accessing the registry to change the associations. TRY:

1. start > run > c:\windows\
2. right click regedit.exe > start (NOT OPEN)
3. In the registry go to HKEY_CLASSES_ROOT\.exe
4. Right Click (default) , modify
5. value = "exefile" (without the quotes & equal sign)
6. Reboot

As previously mentioned, this might not work because of permissions you've changed. You may want to restore permissions and follow the instructions below. Identifying the rootkit, then rebooting, then removing file associations is advisable.

Removing the Virus:

ave.exe is rootkit worm. It changes the association of exefiles within the registry and hijack all the programs. The first step is to remove the rootkit. If you download PREV free version and run it (I know you don't want to download - but this will at least confirm where the rootkit is AND ave.exe will NOT stop you from installing, like it does malware bytes). Subsequently, you will at least be able to find out where that rootkit file is. Likely it is c:\windows\DCEboot.exe.

1. Remove rootkit (c:\windows\DECBoot.exe)
2. Reboot
3. Open up the registry (start > run > regedit)
4. Search for ave.exe
5. Remove any entries for ave.exe (ave.exe ONLY)
6. In the registry go to HKEY_CLASSES_ROOT\.exe
7. Right Click (default) , modify
8. value = "exefile" (without the quotes & equal sign)
9. Reboot

This should give you control back over your machine. Then, if you can, install malware bytes (which you can't install while this virus is operating), and clean up anything remaining. A registry cleaner, might also be advisable. ave.exe, will no longer run.

I suspect, because you've changed permission on ave.exe, the association of .exe (step 7) which is likely executing ave.exe is causing the issue. Change that registry issue and your problems should go away.
Source(s):
Completed the above yesterday (hopefully, we're talking about the same virus). In my research, it looks like this virus has become more prevalent since March 15, so likely we're talking about the same thing.




What should I do?
 
Maccabee
post Mar 18 2010, 11:32 AM
Post #2


Senior Member
*******

Group: Official Designer
Posts: 5,880
Joined: Nov 2007
Member No: 593,382



What?
 
creole
post Mar 18 2010, 02:40 PM
Post #3


Senior Member
*******

Group: Staff Alumni
Posts: 4,665
Joined: Aug 2008
Member No: 676,364



=/

so far the virus hasn't been acting up or showing up, i followed the instructions and the DECBoot is gone. Does that mean the virus is gone too?


I can get on the internet now, and I'm currently running a scan and clean with superantispyware. it cleans viruses, trojans, worms, andd spyware. :P my computer's running a bit slow though. is it because of the scanning?
 
Maccabee
post Mar 18 2010, 03:11 PM
Post #4


Senior Member
*******

Group: Official Designer
Posts: 5,880
Joined: Nov 2007
Member No: 593,382



What? How do you know you got it? Just follow the instructions.
 
heyo-captain-jac...
post Mar 18 2010, 05:29 PM
Post #5


/人◕‿‿◕人\
*******

Group: Official Member
Posts: 8,283
Joined: Dec 2007
Member No: 602,927



That one has been infecting a ton of Vista systems lately.
 
creole
post Mar 18 2010, 07:52 PM
Post #6


Senior Member
*******

Group: Staff Alumni
Posts: 4,665
Joined: Aug 2008
Member No: 676,364



QUOTE(Maccabee @ Mar 18 2010, 12:11 PM) *
What? How do you know you got it? Just follow the instructions.


I know i got the virus because it said it was AXE.exe when I used the task manager to close it. plus, i did research on it right after to make sure there was such thing as this virus.

QUOTE(itanium @ Mar 18 2010, 02:29 PM) *
That one has been infecting a ton of Vista systems lately.

Don't forget XP. Looking from what people said, this virus appeared in like the beginning of March. Hopefully, it won't come back.
 
Maccabee
post Mar 18 2010, 09:52 PM
Post #7


Senior Member
*******

Group: Official Designer
Posts: 5,880
Joined: Nov 2007
Member No: 593,382



QUOTE(Beenly @ Mar 18 2010, 07:52 PM) *
I know i got the virus because it said it was AXE.exe when I used the task manager to close it. plus, i did research on it right after to make sure there was such thing as this virus.
Don't forget XP. Looking from what people said, this virus appeared in like the beginning of March. Hopefully, it won't come back.

What did you do to get it? Also, your signature is too wide.
 
creole
post Mar 19 2010, 09:51 AM
Post #8


Senior Member
*******

Group: Staff Alumni
Posts: 4,665
Joined: Aug 2008
Member No: 676,364



QUOTE
this worm/virus thing came out of NOWHERE when i was surfing through firefox.

 
Maccabee
post Mar 19 2010, 12:31 PM
Post #9


Senior Member
*******

Group: Official Designer
Posts: 5,880
Joined: Nov 2007
Member No: 593,382



How did you know it was there all of a sudden?
 
synapse
post Mar 19 2010, 12:48 PM
Post #10


Live long and prosper.
********

Group: Staff Alumni
Posts: 10,142
Joined: Apr 2007
Member No: 514,926



QUOTE(Maccabee @ Mar 19 2010, 01:31 PM) *
How did you know it was there all of a sudden?

most likely a popup from his anti-virus software.
 
creole
post Mar 19 2010, 03:35 PM
Post #11


Senior Member
*******

Group: Staff Alumni
Posts: 4,665
Joined: Aug 2008
Member No: 676,364



nope. there was just 2 popups that showed and closed all my windows and applications. one was a fake anti-virus scanner and the other was about upgrading it. i was afraid to click anywhere on the popups, so i just used task manager, but then it kept coming back.
 
Jghelfi
post Mar 21 2010, 12:19 AM
Post #12


Senior Senior Member
******

Group: Official Member
Posts: 1,507
Joined: Sep 2007
Member No: 571,541



well if this virus becomes harmful, then you will have to do a System Restore.
 
creole
post Mar 22 2010, 10:15 AM
Post #13


Senior Member
*******

Group: Staff Alumni
Posts: 4,665
Joined: Aug 2008
Member No: 676,364



QUOTE(-Jon- @ Mar 20 2010, 09:19 PM) *
well if this virus becomes harmful, then you will have to do a System Restore.

no. tried that before and the virus would come back.
 
heyo-captain-jac...
post Mar 22 2010, 03:36 PM
Post #14


/人◕‿‿◕人\
*******

Group: Official Member
Posts: 8,283
Joined: Dec 2007
Member No: 602,927



System restore only gets rid of the most primitive viruses. If you really want to do anything, you'll have to reformat.

If you're lucky, you'll be able to edit the registry.
 
creole
post Mar 22 2010, 09:13 PM
Post #15


Senior Member
*******

Group: Staff Alumni
Posts: 4,665
Joined: Aug 2008
Member No: 676,364



QUOTE(itanium @ Mar 22 2010, 12:36 PM) *
If you really want to do anything, you'll have to reformat.

If you're lucky, you'll be able to edit the registry.


can't find the disc to reformat. and i already edited the registry. ;)
 

Reply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members: