AV.exe and AVE.exe Removal
If you have av.exe and/or ave.exe, then you have been infected by a fake antispyware program. The big difference between this rogue and other rogues is that it changes its name and interface depending on wht version of Windows you have. The previous variant only contained av.exe, but the newest variant contains av.exe and ave.exe. Here is a list of the names that this spyware fall under:
Windows 7: Win 7 AntiMalware 2010, Win 7 Defender Pro, Win 7 Security Tool 2010, Win 7 Smart Security 2010, Total Win 7 Security
Windows Vista: Vista AntiMalware 2010, Vista Defender Pro, Vista Security Tool 2010, Vista Smart Security 2010, Total Vista Security
Windows XP: XP AntiMalware 2010, XP Defender Pro, XP Security Tool 2010, XP Smart Security 2010, Total XP Security
No matter what this fake program changes its name to, the removal instructions are all the same. Please follow the removal method below to get rid of av.exe and ave.exe off your computer.
Automatic AV.exe & AVE.exe removal:
AV.exe & AVE.exe Remover
Warning! If the automatic remover is blocked by the spyware, then boot into Windows Safe Mode and try again. Learn how to boot into Safe Mode here.
Manual AV.exe & AVE.exe removal:
Kill processes: av.exe, ave.exe
(Learn how to kill processes)
Unregister DLLs:
none
(Learn how to unregister DLLs)
Delete registry keys:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
(Learn how to delete registry keys)
Delete files:
C:\ProgramData\QJyrk5wvCU1
C:\Users\All Users\QJyrk5wvCU1
%UserProfile%\AppData\Local\av.exe
%UserProfile%\AppData\Local\ave.exe
%UserProfile%\AppData\Local\QJyrk5wvCU1
%UserProfile%\AppData\Local\WRblt8464P
%UserProfile%\AppData\Local\Temp\QJyrk5wvCU1
%UserProfile%\AppData\Roaming\Microsoft\Windows\Templates\QJyrk5wvCU1
(Learn how to delete files)
Delete folders:
none
Once you have removed av.exe and ave.exe from your computer using either the automatic or manual method, make sure to block it and other malicious software using a HOSTS file. Please note that with the auomatic method, your computer should be protected from future spyware threats since you now have a spyware blocker program installed. We recommend downloading the HOSTS file from here, which contains a complete, up-to-date list of malicious websites especially if you used the manual method.
If this article has helped you, please take this time to share it with Digg using the Digg button (see Digg share button to the left) or retweet it using Twitter (see retweet button to the left). You may also want to follow us on Twitter to keep up-to-date with the latest spyware prevention tips and spyware threats. If you'd rather follow us from your Facebook account, please join our Facebook fan page.
do you know what ave.exe2 dose the only way around it is throug updates it uses explorer to crash your system where u have to chose the program to run any you chose becuse it starts early in the regestry to beat it u have to make the regestry stop loading as soon as your program loadss that is how they do it
I can not get Your PC Protector off my computer, the message is exe/exe is infected! Help???