Archive for the ‘Virus and Spyware’ Category
AVE.exe Trojan
Wednesday, April 28th, 2010
ave.exe: A multiple-rogues-in-one Trojan FakeRean
ave.exe chooses randomly from a list of names with a mathching fake Windows Security Center or a fake Windows Action Center.
Virus can be found in these directories
C:\Documents and Settings\All Users\Application Data\
C:\Documents and Settings\username\Local Settings\Application Data\ave.exe
C:\Documents and Settings\username\Local Settings\Application Data\
C:\Documents and Settings\username\Local Settings\Temp\
C:\Documents and Settings\usernameTemplates\
Registry Values and Keys
HKEY_CLASSES_ROOT\.exe\DefaultIcon
HKEY_CLASSES_ROOT\.exe\shell
HKEY_CLASSES_ROOT\.exe\shell\open
HKEY_CLASSES_ROOT\.exe\shell\open\command
HKEY_CLASSES_ROOT\.exe\shell\runas
HKEY_CLASSES_ROOT\.exe\shell\runas\command
HKEY_CLASSES_ROOT\.exe\shell\start
HKEY_CLASSES_ROOT\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Microsoft\Windows\Identity=1117626655
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\ StartMenuInternet IEXPLORE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride=1
ave.exe Removal use malwarebytes from malwarebytes.org
When removed improperly, the left over registry entries messes up the opening of .exe files.
Run the following by copying and pasting the code below into notepad and naming it fix.reg
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\.exe]
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”
[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
Tags: ave, configure, damaged, error, exe, Host, IP, lose, malware, registry, user, Virus, Windows, xp
Posted in Virus | No Comments »