Category Archives: Rogue Antivirus
The annoying part however is that, just like any other rogue antivirus programs, there are annoying pop ups in normal mode to interrupt what you’re doing. There are times that safemode with networking seems to have the same environment especially with av.exe and ave.exe cases.
You can first end the running processes or tasks related to Antivirus 7. Go to task manager (CTRL+ALT+DELETE) then go to Processes tab. Look for antivirus7.exe and left-click on it. Click on end process. Click OK to terminate the process.
If you are familiar with Autoruns, download it and run it to see the exact path of Antivirus 7 together with other malicious files.
To complete the clean up process, delete all Antivirus 7 shortcuts on the desktop, Start Menu, and registry entries. This is as easy as right-clicking on the Antivirus 7 icon and then click on Delete.
You may also get help from the bleepingcomputer.com
The following steps are also applicable to related fake AV (XP Antivirus/AntiMalware/Guardian/Internet Security 2010 and its Vista counterpart) having av.exe or ave.exe as the executable file.
To check the exact location of the av.exe:
- Click START button and on the search box type regedit
- On the Registry Editor window, press CTRL+F to use the Search function
- Find av.exe
Usually found under this directory:
Go to that location to manually delete av.exe. You must show the hidden files first to find it easily:
- Go to Control Panel
- Switch to Classic View and double click on Folder Options
- Click View tab
- Select “Show Hidden Files and Folders” and uncheck “Hide extensions for known file types” and “Hide protected operating system files”
- Click Apply then click OK
The “Open With” prompt can be resolved through the use of file association fixes: OpenWithPatch.
Note: If you are not able to download those files, create the registry fix manually.
- Open Notepad and copy and paste the following
Windows Registry Editor Version 5.00
Save as exefix.reg on your Desktop and file type should be All files.
Moving forward, the latest and most common fake antivirus are XP Antivirus/AntiMalware/Guardian/Internet Security 2010 and its Vista counterpart, obviously exploiting these popular operating systems. Removing them is easy by looking for the av.exe or ave.exe location which is commonly found in AppData or Application Data Directory. You may easily search for it by loading regedit (Registry Editor Window) and then key in ave.exe after hitting CTRL + F (Find). Okay, you might be frowning right now as you read this “not-so-organize” instructions so my apologies. I will have a different post about the malware removal. For now, let us resolve the “open with” issue due to modified registry values.
So here’s the fix – OpenWithPatch. Download and save the file on your desktop. Double click on it to RUN. Click OK on the “I’m Done” dialog box.
What a great morning to start my day! Yummy… These are the symptoms, resolution will be provided later.