ave.exe

Discussion in 'Computer Games and General Discussion' started by .Chris, Mar 22, 2010.

  1. .Chris
    OP

    .Chris Clueless

    Member
    2,190
    56
    Feb 20, 2009
    United States
    United States
    A new powerful virus is on the net. its called "ave.exe". some links:
    how to remove ave exe malware
    ave-exe-a-multiple-rogues-in-one-trojan-fakerean-2010
    virus-removal remove-antivirus-2010


    My vista computer had been infected by it and all the anti-virus programs can't find it, cant install, or cant run.
    oh yeah, has anyone have been infected by this virus? it is also accompanied by "csrss.exe", there is a fake and real so be careful not to delete the wrong one.
    I'm not sure but i was browsing though a well known torrent site, then minimized the browser and it closed automatically.
    Any help would do, these websites didn't do much help for me.

    Edit 1: it also generates a fake anti-virus program along with a fake windows security
    Edit 2: I have tried and using Windows Safe Mode. I am now running my second anti-virus program (Malwarebyte' Anti-Malware) and it couldn't find anything yet.
     
  2. Pliskron

    Pliskron Banned

    Banned
    1,276
    0
    Jul 22, 2009
    United States
    I don't get nasty things like this any more since I switched to Linux.
     
  3. GreatZimkogway

    GreatZimkogway Touhou Fanatic

    Member
    2,140
    169
    Jul 21, 2009
    United States
    Imoriata
    Sure you don't. Mac fanboys like to say that too. And I'm now 100% sure you're a damn troll.
     
  4. .Chris
    OP

    .Chris Clueless

    Member
    2,190
    56
    Feb 20, 2009
    United States
    United States
    Just please, BACK ON TOPIC!
     
  5. I2aven's_Sag

    I2aven's_Sag GBATemp Otaku

    Member
    726
    6
    Sep 13, 2009
    United States
    Northern Virginia
    Malwarebytes anti-malware. Go.
     
  6. .Chris
    OP

    .Chris Clueless

    Member
    2,190
    56
    Feb 20, 2009
    United States
    United States
    its not finding the virus.
     
  7. Tripp

    Tripp GBAtemp Regular

    Member
    288
    0
    Oct 17, 2006
    United States
    South East Florida
    Ad-Aware Free Anti-Malware

    http://download.cnet.com/Ad-Aware-Free-Ant...dl&tag=top5

    Manual update if needed but net version preferred http://www.lavasoft.com/mylavasoft/securitycenter/blog


    Spybot - Search & Destroy©® 1.6.2 - product description

    md5: 54ACBA9CFD7154C02CEACF6310CF3CFA

    http://www.safer-networking.org/en/mirrors/index.html

    Detection updates© 2010-03-17 - product description

    md5: FEA2DC6EA6016168DBD3C4E2E37E8300

    http://www.spybotupdates.biz/updates/files...sd_includes.exe

    Good Luck I hope this helps... [​IMG]
     
  8. mercluke

    mercluke ‮҉

    Member
    3,163
    172
    Dec 2, 2007
    Perth
    what?
    what do you mean sure he doesn't? he's telling the truth...

    i'm not saying there are no linux virusses, but how many people do you know that have ever experienced having to get rid of a virus on a linux box?
     
  9. BlackDave

    BlackDave Official GBATemp "Cleanup Guy"

    Member
    913
    5
    Aug 27, 2009
    United States
    The Promised Land...
    might wanna use one of these
    [​IMG]

    [​IMG]

    Might consider erasing your HDD clean...
     
  10. Originality

    Originality Chibi-neko

    Member
    5,326
    776
    Apr 21, 2008
    London, UK
    And now for something a little bit more helpful: before you do anything, go into safe mode.

    Safe mode stops any "seeded" malware from regenerating itself the moment you (or an anti-malware program) remove it. Whilst in safe mode, you have to find all related files and quarantine/remove them (brand name anti-virus software help here like Norton, McAfee or Kaspersky) and try and find any registry entries that look abnormal (however, if you're not an advanced user, don't touch the registry and leave that to the anti-virus progs).

    Of course, there's always the option to system restore to an earlier date (cleans the registry), or taking to your comp with a sledgehammer (great fun), or nuking your HDD and starting over (makes the comp faster), or switching to a non-M$ OS (linux is great, MacOS I feel is a bit snobbish). Generally though, stop downloading unlawful music, games, applications and pr0n from shadey sites filled with ads, and stop clicking every darn thing your friends send you in IM/email apps - those are the easiest ways to catch (and spread) viruses.
     
  11. Rydian

    Rydian Resident Furvert™

    Member
    27,883
    8,105
    Feb 4, 2010
    United States
    Cave Entrance, Watching Cyan Write Letters
    Check the sticky about removing viruses and such.
     
  12. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,019
    8,725
    Nov 21, 2005
    Wow this one seems to be getting around quite a bit.

    When I saw it the thing was running from one of the application data folders including a startup pointing to it. First step is to kill those.

    http://www.emsisoft.com/en/software/download/ - a-squared HiJackFree is my chosen application here- scanners and automated removal have been poor for many years now (no real fault of their own). From here you can uncheck the startup entry, kill any hidden exe files better than task manager can and see locations of various things. Doing this in safe mode will mean only the very basics will be running and prevent reinfection (I can not recall if this is one of those apps that will create itself again/regenerate).
     
  13. .Chris
    OP

    .Chris Clueless

    Member
    2,190
    56
    Feb 20, 2009
    United States
    United States
    Yes, I have tried safe mode and opened up malwarebytes-anti malware
    but it didnt find it...
     
  14. playallday

    playallday Group: GBAtemp Ghost

    Member
    3,773
    9
    May 23, 2008
    Canada
    [@N@[)@
    I'm clean. [​IMG]
     
  15. Jiggah

    Jiggah GBAtemp Maniac

    Member
    1,223
    1
    Nov 9, 2002
    United States
    Malwarebytes can remove it. I just did it. You need to make sure you have network access so you can update the definitions.