Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

How to remove ave.exe malware

Ave.exe is the main component of each program from fake antispyware group, which includes the following programs: Total Vista Security, Vista Security Tool 2010, XP Security Tool 2010, XP Antimalware 2010, XP Defender Pro , Total XP Security, Vista Smart Security 2010, Vista Defender Pro, Vista Antimalware 2010, XP Smart Security 2010. Ave.exe infiltrate computers through the use of trojans. Once the trojan is installed and started, it will download ave.exe and save it to %AppData% folder (%AppData% is the C:\Document and Settings\[your username]\Application Data). After that, the same trojan will configure ave.exe to run automatically when you start any program by changing the file associations with “.exe” extension.

When ave.exe is started, it will imitate a system scan. Once finished, the malware will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.

While ave.exe is running, it can block execution of other programs as an attempt to scare you into thinking that your computer in danger. The program will also flood your computer with nag screens, fake security alerts and notifications from your Windows taskbar. A few examples:

Virus intrusion!
Your computer security is risk. Spyware, worm and trojans
were detected in the background. Prevent data corruption and
credit card information theft. Safeguard your system and
perform a free security scan now.

Threat detected!
Security alert! Your computer was found to be infected with
privacy-threatening software. Private data may get stolen
and system damage may be severe. Recover your PC from
the infection right now, perform a security scan.

However, all of these alerts, warnings and notifications are fake and like false scan results supposed to scare you into purchasing so-called “full” version of the malicious program. You should ignore all of them!

As you can see ave.exe is very dangerous and can lead to a complete paralysis of your computer, as well as leakage of your personal data in the hands of the authors of the malicious program. Need as quickly as possible to check your computer and remove all found components of this malware. Use the removal guide below to remove ave.exe and any associated malware from your computer for free.

Use the following instructions to remove ave.exe

Step 1. Fix “.exe” file associations.

Method 1

Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.

Windows Registry Editor Version 5.00


@="\"%1\" %*"

"Content Type"="application/x-msdownload"

Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.

Method 2

Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.



HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command

HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"

Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.

Step 2. Remove ave.exe associated malware.

Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.

Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.

MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.

As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.

Malwarebytes Anti-Malware Window

Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for ave.exe infection. This procedure can take some time, so please be patient.

When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove ave.exe. MalwareBytes Anti-malware will now remove all of associated ave.exe files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Ave.exe malware creates the following files and folders


Ave.exe malware creates the following registry keys and values

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”

March 19, 2010 on 11:19 am | In Malware removal, Rogue Anti Spyware | 159 Comments |


RSS feed for comments on this post.

  1. Thank you A MILLION!!!!!!!!!!

    Would love to pay you back somehow.

    Thank you again.


    Comment by JD — March 19, 2010 #

  2. Man, you’re a genius. Last time I got a virus, it took me 2 weeks to get rid of it. Amazingly enough, I was just about to help other Firefox users by sharing a workaround for FF 3.6 slow loading when I got infected. I’m like “Oh man!”.
    It took me about 10 mins with your fix because AVE was blocking both IE and Firefox.
    Thanks a million.

    Comment by Richie — March 19, 2010 #

  3. I am not too sure if I am out of the woods just yet, but so far it appears that this fix has worked! ::knocks on wood:: I had to use my sister’s computer to look up all this information and I used Method 1 (writing everything down very carefully by hand) and then was able to type it out in Notepad and reboot my system. After that I updated and ran Malwarebytes and it found three things that were infected, so I removed all three items. I believe I picked mine up through one of those free makepbb forums (I think that’s what they are called?). At any rate, this morning my Avast identified that there was a trojan on my computer and that it was blocked. I then ran a scan and it says it found something called JS:Prontexi-AB (WHO[1].htm). I sent that to the virus chest and after that I went to start up Internet Explorer and thats when the XP Defender Pro pop-ups started. I was able to use Task Manager to keep killing the ave.exe process but I couldn’t get online or open anything else except Avast (which didn’t find anything else). I’m not sure if I should keep the fix.reg file on my desktop or if it can be used with a possible future infection by this same bug or not? I am remaining cautiously optimistic because I’ve never encountered anything like this before and am not sure if it’s truly gone. But for right now at least, it appears your fix did indeed work and I sincerely thank you for sharing your tech knowledge skills that I (unfortunately) just was not blessed with.

    Comment by Jack — March 20, 2010 #

  4. aww man didn’t work for me. Does anyone else know of any antispyware programs that can help?

    Comment by Ureter — March 20, 2010 #

  5. Jack, you can remove fix.reg.

    Comment by Patrik — March 20, 2010 #

  6. Ureter, open a new topic in our Spyware removal forum.

    Comment by Patrik — March 20, 2010 #

  7. Big thanks! Used my laptop to make the fix.inf file and download Malwarebytes. ave had locked all my programs and IE. I was just in the process of moving files around to reinstall windows when I came across your site. Saved me tons of time, thanks so much!!

    Comment by K — March 20, 2010 #

  8. No matter what I try with the fix.reg and fix.inf items it just won’t work. All it does is open up a text file under notepad. Yes I’ve saved it with .reg or .inf, yes I’ve saved it under all files. It still doesn’t work. I’m going insane with all of this it’s so annoying.

    Comment by Charlotte — March 20, 2010 #

  9. Thanks so much for the help, I’m all fixed now it seems! One of the easiest ones i’ve actually removed thanks to your help.

    Comment by Amy — March 21, 2010 #

  10. Please download HostsXpert from here.
    Unzip to your desktop.
    Double-click HostsXpert.exe to run the program.
    Click “Restore MS Hosts File”. Note: if you get an error message, click first “Make Writeable”.
    Click OK at the confirmation box. Click the X to exit the program.

    Comment by Patrik — March 21, 2010 #

  11. I actually had to take my hard drive out of my computer and put it into another computer. Then I have scanned it with Malwarebytes. Now everithing seems o.k. Thank You Patrik!
    You are the Man!!!!!!

    Comment by MerkoMan — March 21, 2010 #

  12. Unfortunately I spoke too soon. I’ve installed Norton 360 and I keep getting messages saying it’s blocked a HTTPS TidServ Request and keeps on referring to a SVCHost.exe (in Task Manager there is one that uses up a lot of CPU usage it seems when ever I get these alerts…in fact right now as I type there is one starting to soak up my CPU Usage and I can hear my harddrive running). When I go on Internet Explorer and go to websites (even through Norton’s safe search toolbar) I’ll sometimes get another window popping up that tries to take me to some crazy site completely unrelated to what I was trying to go to. Then either Norton or Avast tells me an intrusion has been blocked. Yet when I run scans (fully updated no less) on Norton, Avast or Malwarebytes, they never find anything. This is so frustrating. I am thinking it’s related to that XP Defender Pro thing because that’s when all this misery started. I really had hoped I was rid of everything for good. On the positive side, I’ve never seen anything else with ave.exe running in Task Manager. I am guessing I have some kind of a “browser hijacker”.

    Comment by Jack — March 22, 2010 #

  13. Thanks heaps. It worked a treat. The only thing I noticed is when I clicked install on the fix.inf file there was no indication that anything had happened. It did work, though, and on restarting my computer I had no more fake virus scans

    Comment by Kez — March 22, 2010 #

  14. Jack, try these steps to remove TDSS (TidServ) trojan.

    Comment by Patrik — March 22, 2010 #

  15. tried both steps and it still pops up with xp antispyware hijacking my browser, causing havoc with my .exe files and slowing my puter. I’m writing this on my non-infect laptop. I went to the registry and deleted ave.exe, av.exe, vma.exe and file searched(hidden files too) and deleted thirteen ave.exe 199kb files with no results. I also (taskmanager) stopped any processes with ave,vma,or av. still no success. This virus is like herpes that don’t go away. I’d like to take a bat to the persons who make viruses/ hijackers/ trojans etc.

    Comment by julius — March 22, 2010 #

  16. Thank you so much! you saved my life! And computer!
    :) It took me two days to remove ave.exe!!! .May you stay safe and please keep up the good work! Contact me anytime! :)

    Comment by Daddybig — March 22, 2010 #

  17. thank you so very much i was going to freak out if i couldn’t delet this virus……i would kiss you but i cant 😉 thank you thank you thank you thank you…. guys this really works

    Comment by jean point — March 22, 2010 #

  18. I tried this, it worked straight away after picking up the infection on a file-sharing site (should have known better) I was lucky as I had already downlkoaded and installed Malwarebytes Anti Malware, but found I couldn’t run it after the infection, and also many other programs.

    Start task manager
    right click ‘ave’ and select open file location
    rename ave to something like ‘avent’
    stop ‘ave’ in task manager
    close task manager
    run malwarebytes anti malware and update it online
    run scan and after a few minutes it will fid the culprits
    Follow instructions and reboot
    Computer should now be OK

    Comment by Garty — March 22, 2010 #

  19. method 1 worked for me; had to access this website via blackberry using google search for “remove ave.exe”. then copy/paste to email steps to myself (the malware wouldn’t allow my browser to go anywhere other than their ‘purchase’ screen); ran fix.reg and rebooted – all good. funny thing: my expensive, well-known commercial AV from one of the top AV companies in the world didn’t prevent nor could it clean the infection. hmmmm, maybe not so good after all

    Comment by Phil — March 22, 2010 #

  20. Just wanted to give my thanks to you. Kudos for the registry commands~ it worked like a charm! Thanks for everything~

    Patrik, how might my computer have gotten infected with this “ave.exe”?

    (It popped out of nowhere today – and I hadn’t done any downloading/installing/etc.)

    Is there a chance that exploring/opening a data DVD’s contents could have caused the infection?

    Comment by Jesse — March 22, 2010 #

  21. I carefully followed all the steps, ran the scan, and when I tried to remove the infected files, it said I had to BUY a registered version :( Why not tell people this upfront so they don’t waste an hour+?

    Comment by DMD — March 22, 2010 #

  22. This has helped me HUGELY!!! – well done!!!… and thanks…
    It is all well and good finding a fix, but how did it get there in the first place? – can you please advise how it might have got on the PC?
    And also the best applications to not get them again..

    Comment by Grant — March 23, 2010 #

  23. I finished quick scan and no ave.exe virus was found. I followed all the steps correctly.

    the reason i know i have this virus is because of other anti-virus programs have told me so. should i trust malware anti-malware and pertend i dont have this virus??

    Let me know,


    Comment by Mat — March 23, 2010 #

  24. Thanks much … ave.exe has been kicking my butt. This seems to have killed it.

    Comment by Joe in NC — March 23, 2010 #

  25. Hello, and thank you to the author for this guide. This virus took away my registry editing permissions, so the .inf solution was great. I still have a problem though: when scanning with Malwarebytes’ Anti-Malware, it freezes after finding 2 infected objects. Any additional help would be appreciated. Thanks.

    Comment by Julian — March 23, 2010 #

  26. Thank you very much! Method 1 didn’t work for me (is it because I’m using Vista?) but Method 2 worked (so far), so I’m really grateful for your information!

    Comment by Suzi — March 23, 2010 #

  27. Will this work if we have already run the malwarebytes and removed the virus? We cannot do anything on the computer in question since removing the ave.exe file with the malwarebytes. It will not run any executables. HELP!

    Comment by Brenda Hay — March 23, 2010 #

  28. Also, please answer on the forum comments as I cannot get into my email for same reason.

    Comment by Brenda Hay — March 23, 2010 #

  29. Ace!!

    worked a treat…*knocks on wood too*

    this thing annoyed the **** out of me and was killing me that I couldnt figure it out…

    thanks a million!!

    Comment by Peter — March 24, 2010 #

  30. Thank you very much. I used step 1 method 2, then malwarebytes, and the issue was resolved. Other than the scan which can take a while, the process took ten minutes. Fortunately I had a another PC and a usb flash drive to transfer the malwarebytes program and the notepad file to the infected PC since it was un-usable. My variant was the axe.exe process running which was creating the bogus \Antivirus XP\

    Comment by David — March 24, 2010 #

  31. Jesse, most likely your computer is infected through an exploit in Internet Explorer. Visit Microsoft Updates site to update your system to current date.

    Comment by Patrik — March 24, 2010 #

  32. DMD, looks like you have downloaded PCTools from a Google ad. Open the page, scroll down and download Malwarebytes Anti-spyware.

    Comment by Patrik — March 24, 2010 #

  33. Julian, please open a new topic in our Spyware removal forum. I will check your PC.

    Comment by Patrik — March 24, 2010 #

  34. Brenda, follow the first step above.

    Comment by Patrik — March 24, 2010 #

  35. Thank you for making it as easy as copying the files and saving them. I was setting aside hours to work on my dad’s laptop, hehehe, five minutes tops. THANK YOU, THANK YOU, THANK YOU (bowing to the master)

    Comment by Suzanne — March 24, 2010 #

  36. Brilliant. Thank you!

    Comment by joarc — March 24, 2010 #

  37. Thank u for the solution for getting rid of the menace ave.exe.
    I followed the method 1 and it worked like magic.

    Comment by bb — March 24, 2010 #

  38. Dear Admin

    Method 1 worked beautifully for me.
    It is my experience that these things can always be solved without the need for software downloads and intricate analysis to fix the infection. (It only took me about 4 Google pages to find your site, which is quite speedy given past searches undertaken).

    The only thing that I can add to your advice/Method 1 is: I used Restart and the computer wouldn’t reactivate, so I depressed the Off/On button for 5 seconds, and rebooted from there–worked like a charm!


    Comment by Peter Shore — March 24, 2010 #

  39. It worked – “ave” is gone. Thank you!

    Comment by Steve — March 24, 2010 #

  40. OMG!!! I think I owe you my first born!!! I am an older adult and only barely computer literate. I’ve had this horrid problem in the past and was unable to fix it. I ended up having to reformat the entire hard drive. TY, TY, TY, TY!!!!!!

    Comment by Deborah — March 25, 2010 #

  41. Excellent!!! thanks.. it finally worked. After googling I tried to remove it using malwarebytes, After running a complete scan (which took more than a hour) 8 infections were detected. The tool deleted all 8 but the annoying pop ups kept comming.
    Finally the registry cleaner given avove has worked. I have since run another scan using malwarebytes and all seems ok.

    Comment by Satyam — March 25, 2010 #

  42. Excellent. Got this annoying virus a few days ago, been searching for a fix which nothing worked, found this website 10mins later shes fixed! Thanks a million

    Comment by Ben — March 25, 2010 #

  43. Thank you!!! I think I got rid of the ave.exe file.
    Used method 1 and it helped with getting my programs running again. Downloaded and ran MalwareBytes Anti-malware. I hit the removed selected button and re-booted.
    So far so good!! Thanks a bunch!!

    Comment by Manny — March 27, 2010 #

  44. Mate, you’re a fucking genius!

    Comment by Dr. Dan — March 28, 2010 #

  45. OMFG I THINK IT WORKED!!!!!!! So far so good! Hopefully this isnt a dirt trick lol but seriously this was the worst virus Ive even gotten and I used method 2 and it worked so easily.

    Comment by jello — March 28, 2010 #

  46. My ave.exe infection was caused by TDSS rootkit in ATAPI.SYS and as the consequence infected again and again. Ran TDSSKILLER and had it replace atapi.sys and so far so good.

    Note: Had tdsskiller replace atapi.sys on reboot. Problem was on reboot my computer locked up. Rebooting in Safe Mode also locked up. Luckily there was \The last working…\ option and that rebooted. Searched for \tdss rootkit atapi.sys\ and there are many reports of lockup in replacing atapi.sys.

    Comment by CowboyCoder — March 29, 2010 #

  47. I just removed ave.exe from a buddy’s computer and noticed that all exe files weren’t working correctly. I used Ccleaner (Crap Cleaner) to remove the bad exe redirects which helped somewhat. Your REG fix is great, thanks, that did the trick.

    On another note I can’t even describe the amount of pain I want to inflict on the creators of this crap! Microsoft makes it way too easy for even mediocre buttheads to write this type of software to infect a system. When are we going to stand up as a community and demand payment from Microsoft for this kind of crap?

    Comment by Mister_Moose — March 29, 2010 #

  48. To Mister_Moose
    I understand your frustration – really I do – but blaming Microsoft for you getting infected is lame – I am an IT Manager and see infected computers from time to time – most viruses are installed on accident by users that aren’t computer savvy – this one in particular comes up as a webpage pop-up when you are browsing a hacked website (most websites are UNIX based! and are very easily attacked when not maintained by professionals) The way to avoid this one while browsing the web is to press F4 to kill the webpage – There is nothing Microsoft can do to stop people from clicking a page that installs a virus. I’ve had some employees click the X to close the webpage and BAM it installed the virus anyway. So please before bashing Microsoft I would take a long hard look at how much of this was your own fault – after all – you were duped into believing the webpage message stating your system was infected – Right?. The real blame is the hackers and virus code writers – everyone keeps trying to blame Microsoft which takes the focus of the hackers and VCW’s.
    – Frank

    Comment by Frank — March 30, 2010 #

  49. Update:
    The way to avoid this one while browsing the web is to press ALT F4 to kill the webpage…

    Comment by Frank — March 30, 2010 #

  50. I wasted half a day unsuccessfully till I came across your malware removal site. I used method 1. and it helped me resolved the infection. Thanks for the fix.

    Comment by wiliew — March 30, 2010 #

  51. Excellent help, Patrick!

    Jesse and others struggling with this, Patrick’s advice to make sure all your patches are in place is also top notch. Turn on Automatic Updates!

    A lot of these types of malware may come from advertisments running in the sidebars of legitimate pages. I’ve used AdBlocker Plus to block those ads, and it has kept me safe on my other systems. I hadn’t put it on my kid’s system, and lo and behold, I got me a case of ave.exe.

    Comment by joe — March 30, 2010 #

  52. Hey im not a pro at this kind of thing just a student trying to save a big bill!
    managed to stop the virus from coming up and finally ran the anti-malware program, it said it successfully deleted everything however my standard windows defender (vista) will not turn on. any ideas why??

    Comment by JP — March 31, 2010 #

  53. Thank you SO much!! Seems to have done the trick

    Comment by Natalie — March 31, 2010 #

  54. Thank you !!! excellent

    Comment by Sylvain — March 31, 2010 #

  55. You are public benefactors of the first rank. Thank you!!!

    Comment by Dave — April 1, 2010 #


    Comment by Tyler — April 1, 2010 #

  57. JP, what you mean “will not turn on” ? It shows an error ?

    Comment by Patrik — April 1, 2010 #

  58. I was able to get to my friends’ desktop using Teamviewer. Luckily she had firefox on her PC, so she could download Teamviewer and I got in and download Avast, then scan and it was able to remove Ave.exe after a reboot. I could not open notepad nor “cmd.exe”. I could not install Malwaresbyte. Only Avast was able to install. After the removal, now all the executables won’t work. What should I do at this stage? The pop-ups aren’t there anymore after Avast removed ave.exe.

    Comment by Hien Pham — April 1, 2010 #

  59. Hien Pham, follow the first step instructions above.

    Comment by Patrik — April 1, 2010 #

  60. First I went into folder options ,file types and created exe as application. That was ok for running some scan programs… Including Mbam.exe … Still There!!! Used method 1 rebooted and , Ran Malwarebytes again, and again and came up clean! Ran several others AVG 8.0, Iobit 360 , AWC, Spyware Terminator , Adaware, etc. and still came up clean! I open Internet Exploder and there it is again? So I wrote a batch file. I edited Autoexec.bat

    del c:\windows\prefetch\ave*.*
    del c:\ave*.*
    del c:\windows\ave*.*

    And this worked for two days, but it is back again, so I looked to see when it was created? and found another file created at the same time just seconds prior. The other file is called ocrx.exe. also in the prefetch folder. What is that ? Nothing on the web about it? Should I del it in autoexec.bat also? Please Help! I am missing something aren’t I?

    Comment by Scott — April 1, 2010 #

  61. Brilliant, most useful post I ave ever found. Thanks very much

    Comment by Gazzer — April 1, 2010 #

  62. Now I have used fix #2 and still have to find and delete ave.exe daily….and add the new : del {location of ave.exe} to my batch file. I’m not saying that your fix doesn’t work …I just want to get rid of this for good .Do I have to manually delete all the registry entries? Where does this file really hide? and how is it created over and over ? Does it actually execute from the prefetch folder ? Thank you in advance for any suggestions. Scott

    Comment by Scott — April 2, 2010 #

  63. Scott, probably your computer is infected with a trojan that reinstall this malware. Open a new topic in our Spyware removal forum, I will check your PC.

    Comment by Patrik — April 2, 2010 #

  64. Thanks Patrik.. I’ll do that later today after work.

    Comment by Scott — April 2, 2010 #

  65. awesome work ! thought it was curtains for the computer but it is now working perfectly. used method 1.

    again thanks !

    Comment by R Davis — April 2, 2010 #

  66. I though I had removed this virus in safe mode, deleted the registry keys and terminated it with 3 seperate virus scanners, I went to thepiratebay the other night, and it popped back up on my computer, somehow avg put AVE.exe on the ALLOWED list and it ran rampant, it disabled my stuff like everyone else, however I was able to avoid my programs being disabled, all I had to do was right click the program I wanted to use and click start or run as administrator and it started right up with no problems, so if anyones unlucky enough to be able to do anything on their comp you can try that to at least download and run virus scans, hope that helps. (got rid of it a 2nd time for good I Hope this time.

    Comment by Droknam — April 2, 2010 #

  67. Thank you! Thank you! Thank you!!! Thought I was done for, but used method one and Knock on wood, it looks good! Saved my life!!!!

    Comment by Carl — April 3, 2010 #

  68. Quick scan found nothing for me. I’m trying a full scan now.

    Comment by Clay — April 3, 2010 #

  69. I \Think\ you helped me fix this. i have been hacking away at my computer since 3-30-10 with this.

    I followed your steps and it seems as though the virus is removed. I then created a new user on my computer and made it admin. First thing I tried was turning on I.E. to update windows. It then wanted to install WindowsXPpro suite. And it is telling me that I am missing the file. (My cd-rom doesn’t work(hasn’t worked for years.)

    I ran Norton utilities without an update because it says I can’t update without the file. It found 159 registry errors! Should I run tdsskiller in safe mode w/ admin abilities? Hoping these are cpu problems that can be fixed and not some other virus.

    Thank you in advance! sry for being a noob :-)

    Comment by Nolwe — April 3, 2010 #

  70. Thanks Patrik. Your method worked well and looked the easiest and most thorough of all fixes on the google search.

    Comment by Tony — April 3, 2010 #

  71. THANK YOU!!!!!!!

    you are the man!!! worked like a charm!!!!

    Comment by Bill — April 3, 2010 #

  72. Thank you sooooo Much. This whole day I ran everything and at one point I thought I got rid of it but it came back. Then I used Method 1 and as of right now, using malwarebytes to scan my pc. Thanks again.

    Comment by Mike — April 4, 2010 #

  73. Thanks man,

    Awesome fix. had the same thing as Droknam where i could still open programs if i ran as aministrator (right click the choose run as admin, for anyone that doesnt know how to do that) so you might be able to give that a try to download the stuff you need

    Comment by Robert — April 4, 2010 #

  74. Nolwe, why you want run TDSSKiller ? You have any troubles except registry errors ?

    Comment by Patrik — April 4, 2010 #

  75. Patrik,

    We have tried Method 1, 2, but cannot run anything. fix.inf; fix.reg or any of the files with .exe estension would not open. What should we do?

    Comment by Lyuda — April 4, 2010 #

  76. Thank you very much! those pop up warning give me the chill up my spin O.O; first time i ever get those kind of stuffs and i thought i need to reinstall window but thanks to you Patrik!

    We all should purchase Patrik app for his wonderful support.

    ps. When i done scanning with your mawarebytes, my firewall asked me to send the info to you. Are those info safe?

    and finally when our PC got intruded, will our personal info be safe Mr. Patrik? should we change our password etc on important stuffs?

    thanks again for your wonderful works Patrik.


    Comment by condor — April 4, 2010 #

  77. Lyuda, probably you have made a mistake. What shows computer when you trying twice click to fix.reg ? right click to fix.inf and select Install ?

    Comment by Patrik — April 4, 2010 #

  78. Condor, Malwarebytes only sends statistics (whats found, how many…). You can disable it, Run Malwarebytes, Open Settings tab, uncheck “Anonymously report statistics to Malwarebytes` threat center”.

    Comment by Patrik — April 4, 2010 #

  79. Thank you! Option #1 worked great for me.

    Comment by chuck — April 5, 2010 #

  80. Ok downloaded malwarebytes and its picked up about 7 threats/infections but when i delete them i cant use any programs it just brings up a box saying opn with…

    can anyone help

    Comment by Pablo — April 5, 2010 #

  81. I seem to be having the same problem as Scott, i remove the malware but it continues to reinstall it self a couple days afterward, please help.

    Comment by Joel — April 5, 2010 #

  82. Pablo, repeat first step.

    Comment by Patrik — April 5, 2010 #

  83. Joel, open a new topic in our Spyware removal forum. I will check your PC.

    Comment by Patrik — April 5, 2010 #

  84. i was infected with the antivirus xp spyware.
    i have cured it by downloading and running superantispyware from
    after this my .exe files would not work but i followed the instructions on
    and now everything is back to normal with no infection!

    i hope this helps.

    Comment by tony — April 6, 2010 #

  85. that was a mother of a virus. had to delete the file ave.exe manually from c:\Documents and Settings\[username]\Local Settings\Application Data\

    in the following way:
    del/AH ave.exe
    and also delete the dll file which has a number in its name ( should have the same timestamp as the ave.exe)

    then i fixed the registry and ran Malwarebytes Anti Malware program

    now i can go back to watching porn again without the annoying popups

    Comment by mojo — April 6, 2010 #

  86. I also tried method one and it seemed to successfully stop ave from hijacking everything, but I can’t for the life of me get malwarebytes or any other anti-virus or anti-spyware to pick up anything. Everything seems to be working fine since yesterday, but I’m not convinced it’s actually gone. I keep updating Malaware and avg and reruning them in the hope they’ll pick it up… but nothing. I’ve also tried method 1 agian with no difference and tried method 2 as well but when I clicked installed it just said “installation failed”. What should I do? Cheers for all the fantastic help!

    Comment by Jaqs — April 6, 2010 #

  87. Hey patrick tried to do that with no success.

    Comment by Pablo — April 6, 2010 #

  88. just to mention i am stil in safe mode with networking if that makes a difference. when i do the first step and reboot it just brings up the open with box everytime i try and open up a program.

    Comment by Pablo — April 6, 2010 #

  89. i can still access the internet programs and the internet when i am in safe mode though…

    Comment by Pablo — April 6, 2010 #

  90. So far so good! Method 1 did the trick, it seems. And …….. yes! I just rebooted the infected PC and that damn ave.exe is gone! Thanks a lot!

    Comment by janus — April 7, 2010 #

  91. Jaqs, scan your computer with SuperAntispyware, or open a new topic in our Spyware removal forum. I will check your PC.

    Comment by Patrik — April 7, 2010 #

  92. it just brings up the open with box everytime i try and open up a program.

    Pablo, try repeat first step. If it does not help, than ask for help in our Spyware removal forum.

    Comment by Patrik — April 7, 2010 #

  93. the question remains how does this infect when a system and it’s software are all patched up to date, including third party apps like acrobat, flash, … which the hackers have been using lately. what is the open window that this virus is coming from, that’s the frustrating part, sometimes you are helpless when they are using an exploit to infect and there’s no patch for that exploit. you will get infected no matter what protection you have.

    Thanks, Cain

    Comment by cain — April 7, 2010 #

  94. Well, I’ve been hacking at this virus all night, and while I seem to have gotten rid of the ave.exe instances, my regedit is still locked. I looked in task manager and ave.exe is not running, but I still can’t get regedit going for the life of me. To answer your question in advance as to how I was able to initially clear the registry stuff up, I used a boot CD with regedit- I still can’t seem to get it unlocked on the system normally however! Help!

    Comment by Shawn — April 8, 2010 #

  95. Shawn, you have tried run Malwarebytes ? It should fix your trouble.

    Comment by Patrik — April 8, 2010 #

  96. Hey Patrik,

    Thanks so much!! The two easy steps worked and everything looks to be normal again. However I don’t want to be lulled into thinking everything is fine when its not…

    When I ran the Anti-malware, it only brought up 1 infected file: the original ave.exe file. Should I be concerned that it didn’t bring up any (possibly) corrupted registry files?

    Just a concern!

    Comment by Aneeth — April 8, 2010 #

  97. Aneeth, its ok.

    Comment by Patrik — April 9, 2010 #

  98. Thanks! When all I had was my iPhone to search the web, you got me going again.

    It didn’t completely remove everything, but it was a big help. VMA came back after a day or two…

    First it installed VMA.EXE in a documents directory, then changed the iexplore registry entry to point to that. At some point it also changed the .EXE registry entry and pointed it to VMA.EXE. When I deleted VMA.EXE, no more programs worked – I was sweating bullets until I got the .EXE file association fixed, which isn’t that difficult, but I was just guessing at it.

    Once I got the .EXE association working again(open My Computer, then Tools | Folder Options | File Association | File Types | New, enter EXE and set to “application”), I went through the registry (twice!) to make sure it wasn’t still there.

    What pisses me off is that Norton 360 fails to catch this, and then they want to charge $150 to clean the virus from your computer (and break things along the way, like the hibernate function). They charge you $20-30 for the virus protection, and use it to market their virus removal service (which they charge a lot more for). I think Symantec has a “new virus team” secretly hidden in Bulgaria that releases new viruses every few months…

    Comment by Mike — April 9, 2010 #

  99. Fantastic instructions. followed it and got rid of XP defender pro :-)

    Comment by Coolbhu — April 9, 2010 #

  100. Thank you so much. you made my day. I cannot express the utter extacy I am experiencing at the liberation of my soul from the foul clutches of the beasts called hackers.ymmd

    Comment by filled with glee — April 11, 2010 #

  101. Work like a charm!
    I have Vista Home Premium SP2

    Comment by Precise_1993 — April 11, 2010 #

  102. Thanks a ton! I used method 1 and it works fine as a quick solution. I hope nothing comes back. Either way, we need more people out there like yourself. Thank you

    Comment by happy person — April 11, 2010 #

  103. I used method 2 to remove get rid of ave.exe…I then installed the malwarebytes…and though it shows it has installed on my computer…it won’t open to do a scan…I’ve tried renaming the file…I’ve even tried redownloading it…what am I doing wrong…can someone please help me!!

    Comment by Angela — April 12, 2010 #

  104. hi patrick,

    as for method #1, I get an error stating the file is not a registry script, “you can only import binary files from within the registry editor.” suggestions?


    Comment by christian — April 12, 2010 #

  105. Thanks for your instructions, it has very useful !!!
    Greetings from Italy.

    Comment by Aurelio Marsili — April 12, 2010 #

  106. Thank you for saving my laptop from certain death! Method one worked perfect and the malwarebytes removed 8 infected files associated with ave.exe. its nice to know there’s good genuine advice still out there. Thanks again!

    Comment by rob — April 12, 2010 #

  107. Thanks babe! It really cleaned up my machine so that it is up and running. Back to the porn sites.

    Comment by Rufus Xavier — April 12, 2010 #

  108. Angela, boot your computer in Safe mode, after that try perform a scan once again. If it does not help, then open a new topic in our Spyware removal forum. I will help you.

    Comment by Patrik — April 12, 2010 #

  109. Christian, try method 2.

    Comment by Patrik — April 12, 2010 #

  110. I fixed internet explorer by my self but fire fox was stubborn as all hell lol. That fixed firefox, thanks. Having damnest time trying to figure out where else i missed removing =\ Thanks again

    Comment by Kurtis — April 13, 2010 #

  111. Thanks so much. I’m a pretty advanced user and luckily I’m on XP so this was not as bad for me as some others. The second I saw the scan starting I knew it was a fake and end-tasked it, and went and deleted the culpret.

    The .exe extension redefinition was a 1st for me. But my pc seemed to find a way around it somehow. When I got the message \cannot open firefox no program is associated with the extension .exe\, I used firefox to \open\ firefox. and then after a couple of error messages it opened about 3 firefox windows. The same worked for me with notepad (open notepad with notepad).

    After that I just followed the steps above with the .reg file.

    Thanks again!

    Comment by Intr0 — April 13, 2010 #

  112. Christian, I got that message too (using fix 1). But I forgot to include this “Windows Registry Editor Version 5.00″ at the top of the text file. Try it again, with that at the top of your code. If you’re on XP I bet that’s the problem.

    Comment by Intr0 — April 13, 2010 #

  113. Thank you so much man! This helped!

    Comment by Jason — April 13, 2010 #

  114. I want to say thanks!!! Method 2 works!!! Before I wasn’t able to install run ANYTHING and could only copy/paste links in to a messed up Firefox, but now I can run all my diagnostic programs. Again i give my thanks!!!!

    Comment by Leah — April 13, 2010 #

  115. THIS IS AMAZING. Thank you soo much I don’t think you understand how much of a GENIUS you are! x

    Comment by Adam — April 13, 2010 #

  116. Thanks mate. Tried Method 1 after many previous attempts to clear and it work first time.

    Pox on the author of this Trojan.

    Comment by Joey — April 14, 2010 #

  117. Thanks for the valuable info. on system recovery after vma.exe infection. Worked a treat. Thanks again.

    Comment by Bruce Pierre — April 14, 2010 #

  118. I had run into this little nasty before, and it was a royal pain. Ended up doing a system restore from my Toshiba CD. This time around, I thought “Oh no, not again!” But your clear, step-by-step directions fixed things up in short order. No restore needed. Worked like a charm! A LOT less grief for me. You have my sincere, heartfelt thanks.

    Comment by Altec Lansing — April 14, 2010 #


    Comment by SHARON — April 14, 2010 #

  120. Incidentally, here’s a recent Reuters article, “Inside A Global Cybercrime Ring”, that tells the story behind the folks who put this little bugger together:

    Comment by Altec Lansing — April 14, 2010 #

  121. Thank you so much for your help! Your awesome!!

    Comment by Terry — April 16, 2010 #

  122. Mister_moose It is not because Microsoft makes it too easy it is because end users make it easy. Anyone that has a mac can get viruses just as easy if someone wanted to take the time in infect 10% of the users out there. What is more fun? Hit 10% of the end users or 90% of the end users?

    Anyway I had to use the TDSSKiller and then Malwarebytes after that and so far it might be fixed. I will update if I see any more problems.

    Comment by kilith — April 17, 2010 #

  123. Thank you, thank you VERY, VERY much! A simple and effective cure for which I am greatly indebted to you!

    Comment by Chris — April 17, 2010 #

  124. I had MalwareBytes downloaded onto the infected computer previously before it became infected. It obviously wouldn’t let me open it, so I tried your trick of renaming it (including that randomly generated file name link) and those all didn’t work. I also tried to download that thing that removes TDSSKiller and no avail. Whenever I try and run an installation, it comes up with:

    Windows cannot open this file:

    File: mbam.exe

    to open this file, windows needs to know what program created it. Windows can go online to look it up automatically, or you can manually select from a list of programs on your computer.

    What do you want to do?

    and then it gives me the option of using the web service to find the appropriate program or selecting the program from a list.

    it does this with everything. it also won’t let me run the properties of the my computer tab. HELP PLEASEEE! :(

    Comment by Hannah — April 17, 2010 #

  125. i tried to dowonload tdsskiller* not “the thing that removes it”

    Comment by Hannah — April 17, 2010 #

  126. i tried method one before and i ran malwarebytes, it detected just 4 viruses and deleted them. however, i did another scan afterwards with another antimalware software and it told me the ave.exe file was still there, i did method 2 and ran malwarebytes again but it didn’t detect any viruses. does that mean im safe?

    Comment by maryam — April 18, 2010 #

  127. Hannah, try the first step above.

    Comment by Patrik — April 18, 2010 #

  128. maryam, try update Malwarebytes and perform a scan.

    Comment by Patrik — April 18, 2010 #

  129. Hands down the simplest explanation of how to fix a very frustrating situation. I have already formatted two computers with this exact same problem. So glad to have found your solution. Cheers!

    Comment by Jason — April 18, 2010 #


    Comment by BOB — April 20, 2010 #

  131. thank you this is the worst virus i have had in years and i have no idea where i picked it up from. could it of been dormant? i did get a msg from pc tools firewall saying that ave.exe wants to acess an i p address but i cant rememeber it. and i tried to deny the acsess but it looks like it was overrided think i might consider boosting my security yet again. cos ”avg’ ‘asc’ and pctools firewall all missed it. thank you agian. one last thing who the hell are ‘Russian fed’ any way? what c***’s cheers

    Comment by martyn — April 20, 2010 #

  132. Wow, this helped a lot. I was going to freak out if I couldn’t remove this thing.

    THANK YOU!!!

    Comment by someguy — April 22, 2010 #

  133. You’ve prolly got my ex GF’s thanks worked wounders so far. still scanning the comp thought

    Comment by Fernan — April 22, 2010 #

  134. Hey guise, just scan with:
    Malwarebytes’ Anti Malware
    Spybot Search & Destroy

    Them two and you should be fine. SS&D detects things like the registry changes it does and fixes them up while malware fixes the rest.

    Both freeware programs.

    Comment by Jake — April 23, 2010 #

  135. I followed your instructions.
    First step one. Double clicked it. Restarted.
    Then step two. Double clicked it, nothing happened. Of course, upon reading again I see that I should have right clicked and install. So I did.

    Restarted and I am extremely pleased to say that the bug screens had gone.

    I then donwloaded your Malwarebytes programme and ran a fast scan. 5 problems found. Deleted them. All seems ok now, just I will remain paranoid for a bit.

    Thank you so, so much. I like many others are very grateful to you ‘intelligent guys’ who offer their help and wisdom.

    Personally, I would like to see the people who create the harm crawl away and die. … Or is that too right wing?

    Thanks again guys. Michelle UK.

    Comment by michelle — April 23, 2010 #

  136. Hiya –

    I keep getting these trojans (three times! from three different non-pr0n sites!)…a friend was removing by doing the old take-my-hardrive-and-clean-from-another-system trick, but he’s out of town and I haven’t the equipment.

    I’ve followed all the steps outlined here – rkill, safe mode, MalwareBytes, Superantispyware, and they come up clean, but as soon as I restart the damn thing reappears in my double-check run of Malwarebytes (including the ave.exe registry thing).

    WTF? Why am I having such trouble with this?? (I’m running XP Pro, Avast!, and Windows Firewall…all fully patched). Please advise – I’ve never done registry editing myself, so steps appreciated!


    Comment by Michael — April 25, 2010 #

  137. Installed and ran well, waiting to see results and now how do I keep this application dormant..

    Comment by Jim — April 25, 2010 #

  138. Option #1 worked great make sure you copy even the first line with the text!

    I kept making the same mistake and it finally worked.

    Vista Home premium

    Comment by cb — April 26, 2010 #

  139. Hi –

    I have been getting this virus repeatedly, on my fully-patched XP pro machine running Avast! and Windows firewall. The first two times a friend fixed by doing the remove-harddrive and slave it to clean and rewrite MBR, etc. trick, but (a) he’s out of town and (b) he’s sick of doing it. Me too.

    I don’t get why I’m having this trouble – I follow all the steps here (rkill, superantispyware, malwarebytes, safe mode, repeat until clean), but every time I reboot, the damned thing comes back!

    I see the ave.exe key in my registry, but it won’t let me delete it (or I’m not sure how…not experienced in regedit).

    Also, I have no XP disk, because it’s one of the laptops with the stupid ‘recovery sector’ on the HD instead.

    Any hint/help much appreciated!!!


    Comment by Michael — April 26, 2010 #

  140. I tried both of these steps, and after I restarted it wouldn’t find the correct way to open anything. It kept saying things like, ‘windows cannot find the correct program to open Iexplore.exe.’ and such things… Help?

    Comment by Tyler Helwig — April 26, 2010 #

  141. Michael, please open a new topic in our Spyware removal forum. I will help you.

    Comment by Patrik — April 27, 2010 #

  142. This worked but there’s a bit of a trick to it because how can you copy and paste if you can’t open your browser or for that matter if you can’t open your browser how can download Malware Bytes if you can’t open your browser? If you had trouble, I hope these tips help you.

    First, before you do anything, open your task manager, right-click on ave.exe and select “end process tree” and confirm. Keep task manager open at all times during this process and then try to open up FireFox.

    Now, you’ll immediately get all of those BS messages from ave.exe but when that happens, go to ave.exe in the task manager AGAIN and end the process tree AGAIN. It may take a few seconds BUT Firefox will open up.

    If it doesn’t work right off the bat, keep double-clicking the Firefox icon on your desktop so you open it up like 7 times (again it may take a few moments before you see the Firefox windows), then go back to task manager and end ave.exe process tree AGAIN as it will only show up once. Now close all of the Firefox windows but one and find this page.

    Now, follow the instructions EXACTLY as described (I used method one).

    Copy this whole text (and keep Firefox open), in its entirety INCLUDING “Windows Registry Editor Version 5.00″:

    Windows Registry Editor Version 5.00


    @=”\”%1\” %*”

    “Content Type”=”application/x-msdownload”

    Paste it into the notepad. Click the drop-down menu for the file type and select “All Files.”

    Save as “fix.reg” period… DO NOT have the extension .txt on the end!

    Close, the document, double-click it and select “yes.” Now, find the download for Malware Bytes, download it and follow the instructions as noted above.

    Comment by Shawn — April 27, 2010 #

  143. Tyler, try the following:
    Click Start, Run, type regedit and press Enter.
    Registry editor opens.
    Navigate in the left panel to HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ IEXPLORE.EXE \ shell \ open \ command

    I the right part of window click twice to “@”. You will see a screen with the contents like below: “C:\Documents and Settings\user\Local Settings\Application Data\ave.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
    Remove left part, leave only “C:\Program Files\Internet Explorer\iexplore.exe”.

    Reboot your PC and try run Internet Explorer.

    Comment by Patrik — April 28, 2010 #

  144. Just want to say thank you from my heart.
    I struggled with 2 days and landed on your site.
    Method2 works for me.
    Finally can have a good night rest.

    “May you be showered with more Good Years”…

    Comment by yc — April 28, 2010 #

  145. C:\Windows\regedit.exe
    Application not found

    is what I get when I try to run regedit. Any suggestions?

    Comment by Tyler Helwig — April 28, 2010 #

  146. Hello sir please tell me how to remove autorun virus from my pc

    Comment by kamaldeepdung — April 29, 2010 #

  147. Tyler, why do you need run regedit ?

    Comment by Patrik — April 29, 2010 #

  148. kamaldeepdung, try the instructions.

    Comment by Patrik — April 29, 2010 #

  149. Thanks Patrik!

    I’ve opened it here:

    Comment by Michael — April 29, 2010 #

  150. Because you told me to, Patrik.

    Comment by Tyler Helwig — April 29, 2010 #

  151. first of all: thanks a lot for this solution with nice explanation. Method #1 worked perfect for me.
    I have a question: ave.exe was starting up AAWService.exe. Ave.exe is removed with your instructions. But AAWService.exe remains in the task manager. Can this program lead to problems in the future?

    Comment by Deniz — April 30, 2010 #

  152. Hey, thanks so much. Can’t thank you enough for what you’re doing providing all this help. Worked perfectly!

    Comment by Leon — April 30, 2010 #

  153. AAWService.exe is not a malware. Its a component of AdAware.

    Comment by Patrik — April 30, 2010 #

  154. You may want to review this article. Current versions of this fake anti-virus have adapted. In some versions, notepad, command prompt, task manager, etc cannot be opened. This in most invalidates this article. Also, when the ave.exe is removed, it will break .exe extensions again. Unless you magically have the registry open, you cannot fix this from HKEY CLASSES ROOT\ instaed, you may want to save some time by linking to the .exe association fix. Located several places on the internet. I hope this has been considered.

    Have a good day, feel free to contact me with questions regarding my post.

    Comment by IT-Tech — May 5, 2010 #

  155. IT-Tech, if you have a new version of the rogue, please post it me through our Spyware removal forum (private messages).

    you may want to save some time by linking to the .exe association fix.

    The first step above should fix “.exe association” trouble.

    Comment by Patrik — May 5, 2010 #

  156. ave.exe was a killer to get rid of before I stumbled upon this! I used Method 1 and I had trouble logging off when I restarted. It stayed on the logging off screen for awhile (5+ minutes at the least) so I ended up forcing a shut off by pressing the power button like Pete (3/24/2010). So far it seems fine and I logged on faster that before (usually it would go through a loop of trying to turn on then restarting on it’s own before even getting to the login/welcome screen). Checked for the ave.exe file in C:users\[username]\AppData\Local\Temp\Low\ave.exe. The whole temp folder is empty and ave.exe is completely gone. THANK YOU!

    Now…the only thing that seems to not function properly: Disk Defragmenter.

    Another adventure, challenged accepted!

    Comment by Lillian — December 16, 2010 #

  157. Lillian, what is a problem with Disk Defragmenter ?

    Comment by Patrik — December 18, 2010 #

  158. Dude, YOU are the man!! worked for PALLADIUM.EXE TROJAN too!

    had a hard time finding the files followed 99 percent of what you said and then finally just searched for Palladium in registry and deleted them about 4 of them, including the one called PALL who knows if we needed it. Lol! Good work, my friend. Good karma to you!

    Comment by Sher & Blakk — January 19, 2011 #

  159. I have looked at these instructions a few times. I just got hit with the System Tools virus. I could not get any of my .exe files to work. I ran the fix. reg file from Method 1, and it allowed me to run the programs I needed to run to fix my computer. THANK YOU SO MUCH to whomever posted that registry script. It is a lifesaver! Keep up the great work you are doing!

    Comment by Greg G. — February 7, 2011 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.