Printable Version of Topic

Click here to view this topic in its original format

Forums _ Tech Help _ ave.exe virus?

Posted by: Beenly Mar 18 2010, 10:15 AM

this worm/virus thing came out of NOWHERE when i was surfing through firefox.
i looked through google to see how to remove it. I LOOKED at this:

QUOTE
Changing .exe file associations:

Because you're having trouble running exe files (due to associations in the registry) you might actually have trouble accessing the registry to change the associations. TRY:

1. start > run > c:\windows\
2. right click regedit.exe > start (NOT OPEN)
3. In the registry go to HKEY_CLASSES_ROOT\.exe
4. Right Click (default) , modify
5. value = "exefile" (without the quotes & equal sign)
6. Reboot

As previously mentioned, this might not work because of permissions you've changed. You may want to restore permissions and follow the instructions below. Identifying the rootkit, then rebooting, then removing file associations is advisable.

Removing the Virus:

ave.exe is rootkit worm. It changes the association of exefiles within the registry and hijack all the programs. The first step is to remove the rootkit. If you download PREV free version and run it (I know you don't want to download - but this will at least confirm where the rootkit is AND ave.exe will NOT stop you from installing, like it does malware bytes). Subsequently, you will at least be able to find out where that rootkit file is. Likely it is c:\windows\DCEboot.exe.

1. Remove rootkit (c:\windows\DECBoot.exe)
2. Reboot
3. Open up the registry (start > run > regedit)
4. Search for ave.exe
5. Remove any entries for ave.exe (ave.exe ONLY)
6. In the registry go to HKEY_CLASSES_ROOT\.exe
7. Right Click (default) , modify
8. value = "exefile" (without the quotes & equal sign)
9. Reboot

This should give you control back over your machine. Then, if you can, install malware bytes (which you can't install while this virus is operating), and clean up anything remaining. A registry cleaner, might also be advisable. ave.exe, will no longer run.

I suspect, because you've changed permission on ave.exe, the association of .exe (step 7) which is likely executing ave.exe is causing the issue. Change that registry issue and your problems should go away.
Source(s):
Completed the above yesterday (hopefully, we're talking about the same virus). In my research, it looks like this virus has become more prevalent since March 15, so likely we're talking about the same thing.




What should I do?

Posted by: Maccabee Mar 18 2010, 11:32 AM

What?

Posted by: Beenly Mar 18 2010, 02:40 PM

=/

so far the virus hasn't been acting up or showing up, i followed the instructions and the DECBoot is gone. Does that mean the virus is gone too?


I can get on the internet now, and I'm currently running a scan and clean with superantispyware. it cleans viruses, trojans, worms, andd spyware. :P my computer's running a bit slow though. is it because of the scanning?

Posted by: Maccabee Mar 18 2010, 03:11 PM

What? How do you know you got it? Just follow the instructions.

Posted by: itanium Mar 18 2010, 05:29 PM

That one has been infecting a ton of Vista systems lately.

Posted by: Beenly Mar 18 2010, 07:52 PM

QUOTE(Maccabee @ Mar 18 2010, 12:11 PM) *
What? How do you know you got it? Just follow the instructions.


I know i got the virus because it said it was AXE.exe when I used the task manager to close it. plus, i did research on it right after to make sure there was such thing as this virus.

QUOTE(itanium @ Mar 18 2010, 02:29 PM) *
That one has been infecting a ton of Vista systems lately.

Don't forget XP. Looking from what people said, this virus appeared in like the beginning of March. Hopefully, it won't come back.

Posted by: Maccabee Mar 18 2010, 09:52 PM

QUOTE(Beenly @ Mar 18 2010, 07:52 PM) *
I know i got the virus because it said it was AXE.exe when I used the task manager to close it. plus, i did research on it right after to make sure there was such thing as this virus.
Don't forget XP. Looking from what people said, this virus appeared in like the beginning of March. Hopefully, it won't come back.

What did you do to get it? Also, your signature is too wide.

Posted by: Beenly Mar 19 2010, 09:51 AM

QUOTE
this worm/virus thing came out of NOWHERE when i was surfing through firefox.


Posted by: Maccabee Mar 19 2010, 12:31 PM

How did you know it was there all of a sudden?

Posted by: synapse Mar 19 2010, 12:48 PM

QUOTE(Maccabee @ Mar 19 2010, 01:31 PM) *
How did you know it was there all of a sudden?

most likely a popup from his anti-virus software.

Posted by: Beenly Mar 19 2010, 03:35 PM

nope. there was just 2 popups that showed and closed all my windows and applications. one was a fake anti-virus scanner and the other was about upgrading it. i was afraid to click anywhere on the popups, so i just used task manager, but then it kept coming back.

Posted by: -Jon- Mar 21 2010, 12:19 AM

well if this virus becomes harmful, then you will have to do a System Restore.

Posted by: Cum Mar 22 2010, 10:15 AM

QUOTE(-Jon- @ Mar 20 2010, 09:19 PM) *
well if this virus becomes harmful, then you will have to do a System Restore.

no. tried that before and the virus would come back.

Posted by: itanium Mar 22 2010, 03:36 PM

System restore only gets rid of the most primitive viruses. If you really want to do anything, you'll have to reformat.

If you're lucky, you'll be able to edit the registry.

Posted by: Cum Mar 22 2010, 09:13 PM

QUOTE(itanium @ Mar 22 2010, 12:36 PM) *
If you really want to do anything, you'll have to reformat.

If you're lucky, you'll be able to edit the registry.


can't find the disc to reformat. and i already edited the registry. ;)