ave.exe virus, dont be fooled

[lesovikk1]

i just wanted to warn people about this virus that i contracted the other day, and luckly my best mate was able to fix for me.

it looks exactly the same as windows security center, but it isnt and you cant delete it with out a long winded process so, read it and make sure you aware of it

http://www.overclock.net/windows/691823 ... -help.html

[skelltor]

oh i got that once it was terrible 300 bucks for the geek squad to fix it well at least we dident have to wip the hard drive all my modding stuff whew

[501st_commander]

It depends on the anti virus that's on the computer. If you have a free one, sometimes it doesn't get the viruses unless its made by Microsoft for it.

[k'kruhk]

I got this not too long ago, and I got a buddy who's Tech savvy to talk me through getting rid of it and then fixing the registry back up. My cpu's back in perfect order. As long as you're careful where you go on the internet, and don't open any mail you're not expecting, you should be relatively safe.

[giftheck]

I know this thread is over the limit but I would like to add my two cents. I have had two variants of this piece of malware, my grandfather has had this piece of malware and now his laptop is FUBAR. The only advice for prevention I can offer has already been given, but to add to it, visit only sites you can trust - if you're unsure about a web site, don't visit it.

Once on your system, as it has been said, it is difficult to get rid of. It deliberately disables your installed antivirus software which obviously leaves you wide open to other viruses, and the authors of this malware deliberately update it to subvert antivirus software updates. The second time (today no less) I was infected with this, it stopped me from running any programs normally. I could run them through another method. I won't elaborate - I like my system the way it is and I won't give them the satisfaction of knowing what it is I did should they come looking.

It can be fixed very simply by most people. Here's my suggestion:

Download MalwareBytes Anti Malware Software. It's brilliant at tackling this particular malware. Obviously you'll want to download it before you get an infection (duh!)

I shall recommend that if you do get it, do the following:
-Should a popup emerge with a message saying "Your computer is infected! Purchase Antivirus to clean it! OK, Cancel" (both of which will download the rogue software anyway), DISCONNECT IMMEDIATELY. I don't mean close the window, I mean pull the plug on your router, turn off the wireless adapter or yank out the DSL cable (if you still use that). This will stop the next step of that program proceeding.
-Perform a full scan. MalwareBytes picks up unwanted registry entries that even McAfee and Norton miss.
-When it's done, restart. This should complete the process.

[guru]

I had this from a torrent site thats no longer in business but yea 5 minutes to get rid of, saw the javascript popup run it, pulled plug from isp, open/close program box killed ave.exe, ran spybot (free app) which replaced the altered 1 reg file, deleted the ave.exe from temp and everything in /temp, reboot, plug in isp, done.
norton wont see this even if you tell norton its evil. good luck on this one folks. least not my expired 5 year old version...$300 at geek squad is insane, I always wondered who actually kept them in business.
/sigh

[Commander_Fett]

both my friend and I got a version of these fake antivirus systems (I got windows anti-virus 2009, and my friend got palidin anti virus.). Both times, after we tried unsuccesfuly to try to get it off, it destroy our system files after 2 days of not purchasing the full version.

[computergeek]

Ooh, yes this one is rather nasty. A quick scan using Malwarebytes fixed it for me, so try that if anyone ever gets it! But yes.... nasty virus indeed

[Fusion]

Guess who got a variant of it last night? I'm going to try Malwarebytes first. Second attempt will be a system restore, and if that fails, complete backup and reinstall Vista. This variant was only a credit card thief, fortunately we acted fast. I'm going to plug my comp back in tomorrow and try to kill this Dr. Pepper, for now, I'm on my DSi. Wish me luck.

[RED51]

How'ed you get it?

[Fusion]

Random ad on TV Tropes. There's really no way to stop it if you aren't prepared for it.

[VF501]

Yeah they can send viruses/malware over online adds now. They hack the host server of the ad, and inject their virus/malware into it. Then it runs either a MySQL injection attack, a Java Script or even a HTML based attack to load the malware onto your system. Some tend to target the run.exe(winxp)/runas.exe(win7/vista)/rundll32.exe located in the Windows/system32 folder, this can prevent other programs from running. Others will target the registry and add/alter keys to block specific programs or run only theirs.

If you're on Firefox us NoScript or AdBlocker, it stops those ads from loading, downside is it cuts revenues for sites that rely on those ads to stay afloat.

MalwareBytes and SpyBot S&D are both good HunterKiller programs to remove malware. Stuff like Avira and Avast is more passive protection and is better to stop incoming threats but they don't catch everything.

[Commander_Fett]

I got Adblocker for google chrome, and it works like a charm

[Fusion]

Just gave that thing the equivalent of a Falcon Punch.

Let's just say, I fought fire with fire. I created a script that would open up 500 notepad documents at once. The fake scanner would try to block them all, until eventually it overloaded and couldn't block malwarebytes. I then scanned all of my drives, found it (Trojan.Dropper), and killed it. I then System Restored to Tuesday the 25th.

It's good to be back.