Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ave.exe Virus that keeps returning


  • This topic is locked This topic is locked
5 replies to this topic

#1 JForester

JForester

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:07:57 AM

Posted 27 April 2010 - 09:41 AM

My name is Jeff.
I've been trying to eradicate this virus for about 1 week now.
I've been using the method that is posted here that uses Fixexe.reg to get enough control to run Malwarebytes, Anti-Malware program.
Running that program finds about 6 or so Trojans, and deletes them. Works great...for a short while.

Info:
Operating System: Window XP w/ SP3
Firewall: Zonealarm Internet Security Suite v. 9.1.507.000 (latest version)
Other tools: Malwarebytes Anti-Malware, Spyware Blaster, Spybot S&D, ESet On-Line Scanner.

I keep all of these products updated on a regular basis, every few days at the most. I have been performing full scans at least once a week. I've been doing this pretty religiously ever since I had a problem with the Security Tools Virus. The person who worked with me back then recommended all of the above tools for a pretty bullet proof method of keeping out anything bad. I guess that's changed.
I'm just amazed that anything could possibly get through all of the defense I've set up. I do try to follow all of the recommendations on how to prevent malware infections to begin with.

Possible entry point?? My wife got an email from a family friend. At the time, nothing happened. A day later the same person sent out another email saying please don't view the email, it has a virus. Again, I'm surprised it could get through Zonealarm?

Here's what I've done: The Ave.exe Virus puts up a fake Security console that says I'm infected, click Register to purchase full version to eradicate the problems. It won't let me start up any other programs.

1. I use the Fixexe.reg to be able to run other programs.
2. I then run Malwarebytes Anti-Malware. It finds and deletes about 6 or so problems.
3. I also do a full scan with Zonealarm. It sometimes finds an additional problem and quarantines it.
At that point, my PC seems to be back to normal. I can check email via Outlook and run other programs. All of the Rogue Virus Control panels are gone. Any additional scans find no problems at all.
4. I can also start up Internet Explorer and go to my homepage (Surewest.net)
5. I'm not sure about this part, but I seem to be able to directly go to any URL address I type in, with no problems.
6. The problems seem to be if I'm searching for something, say, with the Google Toolbar search.
7. I get the list of websites related to the search, which, if I click on any of them, I get redirected to some other seemingly random website.
8. Thats when my Zonealarm starts sending me alerts that Ave.exe is trying to access my PC.
9. I also get the rogue control panels, XP Anti-Malware 2010, or XP Defender that basically hijacks my system.
I can then go back to step #1 and start the process over again.

So with all of the tools I'm using and scanning with, it's not finding everything. Everytime I'm on Internet Explorer, it resurfaces anew.

With whomever is going to work with me on this one...when I start to generate required logs, do these logs need to be generated while the full scale infection is going on, or after I've kinda fixed it using steps 2 & 3, above? I do have some logs saved from both steps while fixing. I can attach those as well.
-- Jeff Forester --

BC AdBot (Login to Remove)

 


#2 JForester

JForester
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:07:57 AM

Posted 28 April 2010 - 11:55 AM

Just checking in because I've received no reply to this issue yet?

How long of a delay can one normally expect, just so I know when I need to post again, or when I should just hang tight?

Thanks,

Jeff
-- Jeff Forester --

#3 dfrease

dfrease

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 28 April 2010 - 01:29 PM

Hey Jeff,

I'm not one of the awesome/helpful problem-solvers on this site, but I just went through what you're going through right now. Numerous fake anti-virus trojans, including ave.exe and the Google Redirect virus. I just wanted to tell you while you're waiting for real help... that Google Redirect virus is nasty! You should stop using Google/search immediately. Every one of those redirects sends you to more bad places. From what you described, it is very likely the reason why you keep getting re-infected with the malware... and if you continue using it without fixing, you'll end up getting even more/different viruses... just like I did.

From what I experienced, I could still access sites correctly if I type in URL directly or by using favorites/bookmarks, etc... but any attempts to search for help ended up making my situation worse. I basically had to do all of my searching/research on another (uninfected) computer. I've got my system seemingly stabalized and usable again... however I've been through so many different fixes/etc in the past 3-4 days, that I'm not really sure what ultimately fixed the Google Redirect part.

Hope you get some help fairly quickly!

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:57 AM

Posted 28 April 2010 - 08:44 PM

Hello JForester,

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues.

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 JForester

JForester
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:07:57 AM

Posted 28 April 2010 - 11:53 PM

Okay, will do, thanks.
Before I start, should I follow the instructions when I'm currently under attack, or should I do it now, when the malware is apparently sleeping?
I've ran Malwarebytes Anti-Malware and it's made the PC seemingly clean and it's running well right now. However, if I dare use google to do a search, that's what seems to reactivate the ave.exe virus. Otherwise, any subsequent scans show a clean bill of health.

So anyway, do the steps in the guide before, or after, initiating a google search?


Jeff

Edited by JForester, 29 April 2010 - 12:11 PM.

-- Jeff Forester --

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:57 AM

Posted 01 May 2010 - 07:22 PM

Hello,

Now that you have posted a topic here: http://www.bleepingcomputer.com/forums/t/314013/aveexe-virus-that-keeps-returning/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users