Subscribe to Virus Experts – We Make Your Digital Life Secured RSS FeedSubscribe to Virus Experts – We Make Your Digital Life SecuredComments FEED

Browse > Home / Removal Tips,Tools and Videos / Removal tool for Suspect-1B!E4800A5BF6F6, Mal/FakeAV-BW (ave.exe) Malware

Removal tool for Suspect-1B!E4800A5BF6F6, Mal/FakeAV-BW (ave.exe) Malware

March 18, 2010 by admin  
Filed under Removal Tips,Tools and Videos


2,336 views   5 Comments

MalFakeAV BW removal tool Removal tool for Suspect 1B!E4800A5BF6F6, Mal/FakeAV BW (ave.exe) Malware

 


 

 

 

 

 

Severity Level : 7/10

 

Alias:

  • Mal/FakeAV-BW [Sophos]
  • Suspect-1B!E4800A5BF6F6 [McAfee]
  • NOT Detected  [Kaspersky Lab]
  • NOT Detected [Microsoft]

 

Facebook_document_145.exe For more info : (ClickHere)   -  VirusTotal Report : (Click Here)

 

File System Modifications

The following files were created in the system:

 

  • %userprofile%\Local Settings\Application Data\ave.exe
  • %userprofile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  • %userprofile%\Local Settings\Application Data\O5sTD3C0
  • %userprofile%\Local Settings\Temp\O5sTD3C0
  • %userprofile%\Local Settings\Temp\Perflib_Perfdata_1c0.dat
  • %userprofile%\Templates\O5sTD3C0
  • %allusersprofile%\Application Data\ O5sTD3C0
  • %system%\nnfj.tqo

 

Note:

  • %system% is a variable that refers to the System folder. By default, this is “C:\Windows\System” (Windows 95/98/Me), “C:\Winnt\System32″ (Windows NT/2000), or “C:\Windows\System32″ (Windows XP).
  • ? = Random file name.

 

Memory Modifications

There were new processes created in the system:

 

Process Name

Process Filename
ave.exe %userprofile%\Local Settings\Application Data\ave.exe


 


 

 

The following Internet action was started (the retrieved bits are saved into the local file):

 

URL to be downloaded

Filename for the downloaded bits
64.191.15.230 (passov.net)
-
67.228.109.248-static.reverse.softlayer.com
 -
reverse-mtl-76-76-101-101.gogax.com
 -
98.126.73.219 (customer.VPLS.NET)
 -

 

Registry Modifications

The newly created or modified Registry Value is:

 

[HKEY_CLASSES_ROOT\idid]

[HKEY_CLASSES_ROOT\secfile]

[HKEY_CLASSES_ROOT\secfile]
@=”Application”

[HKEY_CLASSES_ROOT\secfile]
“Content Type”=”application/x-msdownload”

[HKEY_CLASSES_ROOT\secfile\DefaultIcon]

[HKEY_CLASSES_ROOT\secfile\DefaultIcon]
@=”%1″

[HKEY_CLASSES_ROOT\secfile\shell]

[HKEY_CLASSES_ROOT\secfile\shell\open]

[HKEY_CLASSES_ROOT\secfile\shell\open\command]

[HKEY_CLASSES_ROOT\secfile\shell\open\command]
@=”\”C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\ave.exe\” /START \”%1\” %*”

[HKEY_CLASSES_ROOT\secfile\shell\open\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_CLASSES_ROOT\secfile\shell\runas]

[HKEY_CLASSES_ROOT\secfile\shell\runas\command]

[HKEY_CLASSES_ROOT\secfile\shell\runas\command]
@=”\”%1\” %*”

[HKEY_CLASSES_ROOT\secfile\shell\runas\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_CLASSES_ROOT\secfile\shell\start]

[HKEY_CLASSES_ROOT\secfile\shell\start\command]

[HKEY_CLASSES_ROOT\secfile\shell\start\command]
@=”\”%1\” %*”

[HKEY_CLASSES_ROOT\secfile\shell\start\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_CLASSES_ROOT\.exe\DefaultIcon]

[HKEY_CLASSES_ROOT\.exe\DefaultIcon]
@=”%1″

[HKEY_CLASSES_ROOT\.exe\shell]

[HKEY_CLASSES_ROOT\.exe\shell\open]

[HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe\shell\open\command]
@=”\”C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\ave.exe\” /START \”%1\” %*”

[HKEY_CLASSES_ROOT\.exe\shell\open\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_CLASSES_ROOT\.exe\shell\runas]

[HKEY_CLASSES_ROOT\.exe\shell\runas\command]

[HKEY_CLASSES_ROOT\.exe\shell\runas\command]
@=”\”%1\” %*”

[HKEY_CLASSES_ROOT\.exe\shell\runas\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_CLASSES_ROOT\.exe\shell\start]

[HKEY_CLASSES_ROOT\.exe\shell\start\command]

[HKEY_CLASSES_ROOT\.exe\shell\start\command]
@=”\”%1\” %*”

[HKEY_CLASSES_ROOT\.exe\shell\start\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_CURRENT_USER\Software\Microsoft\GDIPlus]

[HKEY_CURRENT_USER\Software\Microsoft\GDIPlus]
“FontCachePath”=”C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data”

[HKEY_CURRENT_USER\Software\Microsoft\Windows]
“Identity”=dword:e26a1da0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count]
“HRZR_EHACNGU:P:\\Qbphzragf naq Frggvatf\\Nqzvavfgengbe\\Qrfxgbc\\Snprobbx_qbphzrag_145.rkr”=hex:00,00,00,00,06,00,00,00,80,9a,c9,f5,1a,c6,ca,01,

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
“C:\\Documents and Settings\\Administrator\\Desktop\\Facebook_document_145.exe”=”Facebook_document_145″

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
“C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\ave.exe”=”ave”

[HKEY_CURRENT_USER\Software\Classes\.exe]

[HKEY_CURRENT_USER\Software\Classes\.exe]
@=”secfile”

[HKEY_CURRENT_USER\Software\Classes\.exe]
“Content Type”=”application/x-msdownload”

[HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon]

[HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon]
@=”%1″

[HKEY_CURRENT_USER\Software\Classes\.exe\shell]

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open]

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
@=”\”C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\ave.exe\” /START \”%1\” %*”

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas]

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command]

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command]
@=”\”%1\” %*”

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\start]

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command]

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command]
@=”\”%1\” %*”

[HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_CURRENT_USER\Software\Classes\secfile]

[HKEY_CURRENT_USER\Software\Classes\secfile]
@=”Application”

[HKEY_CURRENT_USER\Software\Classes\secfile]
“Content Type”=”application/x-msdownload”

[HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon]

[HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon]
@=”%1″

[HKEY_CURRENT_USER\Software\Classes\secfile\shell]

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\open]

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
@=”\”C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\ave.exe\” /START \”%1\” %*”

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas]

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command]

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command]
@=”\”%1\” %*”

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\start]

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command]

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command]
@=”\”%1\” %*”

[HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\idid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“DoNotAllowExceptions”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“DisableNotifications”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“DoNotAllowExceptions”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“DisableNotifications”=dword:00000001

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Microsoft\GDIPlus]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Microsoft\GDIPlus]
“FontCachePath”=”C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Microsoft\Windows]
“Identity”=dword:e26a1da0

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count]
“HRZR_EHACNGU:P:\\Qbphzragf naq Frggvatf\\Nqzvavfgengbe\\Qrfxgbc\\Snprobbx_qbphzrag_145.rkr”=hex:00,00,00,00,06,00,00,00,80,9a,c9,f5,1a,c6,ca,01,

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
“C:\\Documents and Settings\\Administrator\\Desktop\\Facebook_document_145.exe”=”Facebook_document_145″

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
“C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\ave.exe”=”ave”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe]
@=”secfile”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe]
“Content Type”=”application/x-msdownload”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\DefaultIcon]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\DefaultIcon]
@=”%1″

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\open]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\open\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\open\command]
@=”\”C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\ave.exe\” /START \”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\open\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\runas]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\runas\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\runas\command]
@=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\runas\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\start]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\start\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\start\command]
@=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\.exe\shell\start\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile]
@=”Application”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile]
“Content Type”=”application/x-msdownload”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\DefaultIcon]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\DefaultIcon]
@=”%1″

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\open]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\open\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\open\command]
@=”\”C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\ave.exe\” /START \”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\open\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\runas]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\runas\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\runas\command]
@=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\runas\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\start]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\start\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\start\command]
@=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500\Software\Classes\secfile\shell\start\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe]
@=”secfile”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe]
“Content Type”=”application/x-msdownload”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\DefaultIcon]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\DefaultIcon]
@=”%1″

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\open]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\open\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\open\command]
@=”\”C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\ave.exe\” /START \”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\open\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\runas]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\runas\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\runas\command]
@=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\runas\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\start]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\start\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\start\command]
@=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\.exe\shell\start\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile]
@=”Application”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile]
“Content Type”=”application/x-msdownload”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\DefaultIcon]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\DefaultIcon]
@=”%1″

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\open]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\open\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\open\command]
@=”\”C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\ave.exe\” /START \”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\open\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\runas]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\runas\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\runas\command]
@=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\runas\command]
“IsolatedCommand”=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\start]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\start\command]

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\start\command]
@=”\”%1\” %*”

[HKEY_USERS\S-1-5-21-790525478-789336058-1708537768-500_Classes\secfile\shell\start\command]
“IsolatedCommand”=”\”%1\” %*”

 

 

 

Removal Tools :


Download Suspect-1B!E4800A5BF6F6, Mal/FakeAV-BW Malware removal tool that provided by VirusExperts.org from Here.      (“Repair.reg” Updated and fixed)

 

 

 

For any help contact us.
VirusExperts.org TEAM


%Temp%\cvasds0.dll
%Temp%\cvasds1.dll
%Temp%\cvasds2.dll


Related posts:

  1. Removal tool for Mal/FakeAV-BW, Generic FakeAlert!hr, Packed.Win32.Krap.an (winupdate.exe, exec.exe, ppal.exe, MSe5ad.exe) Malware
  2. Removal tool for Mal/FakeAV-CO, Downloader-CEW (Vvavia.exe, Vdl.exe, Vdk.exe, Vdj.exe) Malware
  3. Removal tool for Win32.Genome.aocx (outlook.exe, brazilian.exe, sysinternals.exe) Trojan-Downloader
  4. Removal tool for W32/VBSAuto-C, VBS/Slogod.X (Startup.scr, winxp.exe, winjpg.jpg, M.p.jpg) WORM
  5. Removal tool for Troj/DwnLdr-ICI, Win32.Genome.aodo (windowsupdate.exe, updt.exe) Trojan

Tags: , , , , , , , , ,

Comments

5 Responses to “Removal tool for Suspect-1B!E4800A5BF6F6, Mal/FakeAV-BW (ave.exe) Malware”
  1. Bob says:
    2010/03/22 at 6:34 am

    I had the ave.exe malware. I downloaded your removal tool and it seems to have worked however I cannot run the registry fix. I get an error that reads “this file does not have a program associated with it for performing this action. Create an association in the folder options control panel.” I downloaded your exe version but I would assume that ave.exe affected all files with an exe extension and I am unable to open that either. Right now I am terrified of restarting my computer because I dont know what will happen. Any advice?

  2. Bob says:
    2010/03/22 at 7:06 am

    So i was able to open regedit through Start>Run>Command>regedit. But when I tried to import the registry fix I got an error message saying it was unable to do so because it could not access the registry files.

  3. admin says:
    2010/03/22 at 2:43 pm

    Hi Bob,

    Please tell me what is your OS ?

  4. Bob says:
    2010/03/23 at 1:43 am

    -Admin-

    Thank you for your prompt and quick response. I was able to run malwarebites and it appears to have fixed the remainder of the problem. I’m now backing up all my important data and will be reformatting my drives soon. You guys are the very best. Thanks for saving someone a lot of money and headache!!

    And to answer your question my OS is Windows XP SP3.

  5. admin says:
    2010/03/23 at 10:57 am

    Bob,

    I fixed the repair.reg file and now its working.

    Regards

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!