Ave.exe is the main component of each program from fake antispyware group, which includes the following programs: Total Vista Security, Vista Security Tool 2010, XP Security Tool 2010, XP Antimalware 2010, XP Defender Pro , Total XP Security, Vista Smart Security 2010, Vista Defender Pro, Vista Antimalware 2010, XP Smart Security 2010. Ave.exe infiltrate computers through the use of trojans. Once the trojan is installed and started, it will download ave.exe and save it to %AppData% folder (%AppData% is the C:\Document and Settings\[your username]\Application Data). After that, the same trojan will configure ave.exe to run automatically when you start any program by changing the file associations with “.exe” extension.
When ave.exe is started, it will imitate a system scan. Once finished, the malware will state that your computer is infected with trojans, adware or malware and that you should purchase the full version of the program to remove these infections. Important to know, the malicious program is unable to find the infections, as will not protect you from possible infection in the future. So, do not trust the scan results, simply ignore them.
While ave.exe is running, it can block execution of other programs as an attempt to scare you into thinking that your computer in danger. The program will also flood your computer with nag screens, fake security alerts and notifications from your Windows taskbar. A few examples:
Virus intrusion!
Your computer security is risk. Spyware, worm and trojans
were detected in the background. Prevent data corruption and
credit card information theft. Safeguard your system and
perform a free security scan now.
Threat detected!
Security alert! Your computer was found to be infected with
privacy-threatening software. Private data may get stolen
and system damage may be severe. Recover your PC from
the infection right now, perform a security scan.
However, all of these alerts, warnings and notifications are fake and like false scan results supposed to scare you into purchasing so-called “full” version of the malicious program. You should ignore all of them!
As you can see ave.exe is very dangerous and can lead to a complete paralysis of your computer, as well as leakage of your personal data in the hands of the authors of the malicious program. Need as quickly as possible to check your computer and remove all found components of this malware. Use the removal guide below to remove ave.exe and any associated malware from your computer for free.
Use the following instructions to remove ave.exe
Step 1. Fix “.exe” file associations.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove ave.exe associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for ave.exe infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove ave.exe. MalwareBytes Anti-malware will now remove all of associated ave.exe files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Ave.exe malware creates the following files and folders
%AppData%\ave.exe
Ave.exe malware creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
first of all: thanks a lot for this solution with nice explanation. Method #1 worked perfect for me.
I have a question: ave.exe was starting up AAWService.exe. Ave.exe is removed with your instructions. But AAWService.exe remains in the task manager. Can this program lead to problems in the future?
Hey, thanks so much. Can’t thank you enough for what you’re doing providing all this help. Worked perfectly!
AAWService.exe is not a malware. Its a component of AdAware.
You may want to review this article. Current versions of this fake anti-virus have adapted. In some versions, notepad, command prompt, task manager, etc cannot be opened. This in most invalidates this article. Also, when the ave.exe is removed, it will break .exe extensions again. Unless you magically have the registry open, you cannot fix this from HKEY CLASSES ROOT\ instaed, you may want to save some time by linking to the .exe association fix. Located several places on the internet. I hope this has been considered.
Have a good day, feel free to contact me with questions regarding my post.
IT-Tech, if you have a new version of the rogue, please post it me through our Spyware removal forum (private messages).
The first step above should fix “.exe association” trouble.
ave.exe was a killer to get rid of before I stumbled upon this! I used Method 1 and I had trouble logging off when I restarted. It stayed on the logging off screen for awhile (5+ minutes at the least) so I ended up forcing a shut off by pressing the power button like Pete (3/24/2010). So far it seems fine and I logged on faster that before (usually it would go through a loop of trying to turn on then restarting on it’s own before even getting to the login/welcome screen). Checked for the ave.exe file in C:users\[username]\AppData\Local\Temp\Low\ave.exe. The whole temp folder is empty and ave.exe is completely gone. THANK YOU!
Now…the only thing that seems to not function properly: Disk Defragmenter.
Another adventure, challenged accepted!
Lillian, what is a problem with Disk Defragmenter ?
Dude, YOU are the man!! worked for PALLADIUM.EXE TROJAN too!
had a hard time finding the files followed 99 percent of what you said and then finally just searched for Palladium in registry and deleted them about 4 of them, including the one called PALL who knows if we needed it. Lol! Good work, my friend. Good karma to you!
I have looked at these instructions a few times. I just got hit with the System Tools virus. I could not get any of my .exe files to work. I ran the fix. reg file from Method 1, and it allowed me to run the programs I needed to run to fix my computer. THANK YOU SO MUCH to whomever posted that registry script. It is a lifesaver! Keep up the great work you are doing!