March 22, 2010

AVE.exe (Total Vista Security) Virus Removal

I recently wrote about removal of fake security alert Anti-Virus System Pro. The main step in the removal procedure was restarting PC in safe mode and running Malwarebytes (mbam.exe). Unfortunately, it does not work with a new modification of this virus, called Total Vista Security that runs a program file ave.exe. This program continues running in safe mode and prevents you from starting mbam. So, how to stop it? You can temporarily stop ave.exe process via Task Manager but it reappears in a moment. What does ave.exe do? Basically it does the same as similar fake security alert malware- it prevents you from opening any program on an infected computer and is trying to trick you into buying their software. Don't pay them - you can fix the problem for free in minutes. I managed to get rid of this malware just by restoring my computer to a previous date.

To use the system restore while this virus is running you can begin as if you are restarting the computer in safe mode via Start menu:
Start> Shut Down>Restart.
When Windows shuts down and the screen becomes blank, start hitting F8 key until you hear a beep and a menu appears. Select Safe Mode with Networking, hit Enter and then hit Enter again on selection of your operating system (such as Windows XP). After computer restarted and you logged in, it asks you if you want to proceed into Safe mode or use System Restore. Select System Restore and choose a past date when you are sure you had no viruses. Note that this process does not affect your files, only the programs you might install or update since the restore date you chose. After restoring your system you should be able to download (if you have not done it yet) and run free Malwarebytes (mbam.exe). Just update it to the latest version first. The above ave.exe removal guide does not constitute a professional advice: if you choose to use it, do it at your own risk. It worked for me, but of course I can't guarantee it would work for everyone.

No comments: