« previous next »
Pages: [1]   Go Down

Author Topic: AVE.EXE Trojan made it through  (Read 6072 times)

0 Members and 1 Guest are viewing this topic.

Breeze

  • Guest
AVE.EXE Trojan made it through
« on: March 23, 2010, 06:02:20 PM »
Just wanted to let everyone know that I had a trojan on my computer last night that snuck through Avast.  It ran a program that was similar to the Windows Firewall Update. Luckily I run my own stuff on my computer and spotted it before it got out of control.  The program is run as AVE.EXE on your process list.  It basically shut down all access to .EXE files.  I even did a boot scan with Avast last night and it didn't catch it.  So, I kept the task manager open, shutting down the app as soon as it would start, while working on deleting it.  I ran a regedit (goto your Run icon on your start bar and type it in) and then went to the Edit tab and then under the Find button, type AVE.EXE.  I deleted all the files associated with this program, always selecting the Find Next in the Edit Tab, but be careful to only delete the files associated with AVE.EXE though.  After doing this, my computer still would not run any .EXE programs, but at least the annoying program was gone.  So, I selected my Firefox .EXE (can be done with any .EXE file) and right clicked and went to Tools and File Options, and then created a file extension: .EXE and associated with Applications.  And like that it was gone. Ran another boot scan and everything was fine.  Hope this helps if you are as unlucky as me.
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89675
  • No support PMs thanks
Re: AVE.EXE Trojan made it through
« Reply #1 on: March 23, 2010, 06:10:34 PM »
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
OR
avast5 - Send the sample to avast as a Undetected Malware:
Open the chest and right click in the Chest and Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: AVE.EXE Trojan made it through
« Reply #2 on: March 23, 2010, 09:05:17 PM »
The malware has set itself to run through the following keys, which can safely be deleted 

[-HKEY_CURRENT_USER\Software\Classes\exefile]
[-HKEY_CURRENT_USER\Software\Classes\.exe]

Sometimes the HKU key is added/altered as well
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34054
  • malware fighter
Re: AVE.EXE Trojan made it through
« Reply #3 on: March 28, 2010, 06:06:49 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

laurap414

  • Guest
Re: AVE.EXE Trojan made it through
« Reply #4 on: April 14, 2010, 02:25:20 AM »
This happened to me just now -- no idea how.  Installed on my machine despite having Ad Aware and Avast both running.  I had shut off Zone Alarm however.  Very disappointing -- please fix this hole ASAP!
 :-[
Logged

MisuVir

  • Guest
Re: AVE.EXE Trojan made it through
« Reply #5 on: April 15, 2010, 06:29:43 AM »
One of my users just got infected with this. Any chance Avast (managed) could be updated to catch this? This is the first compromise we've had since we started with Avast two years ago.
Logged
Pages: [1]   Go Up
« previous next »