Question about ASUS Eee PC 900 Notebook

8 Answers

I have virus av.exe and cannot remove it

I have virus av.exe and several antivirus attempts have failed, how can I remove it from my Asus? It's hard drive is not removable.

Posted by on

Ad

8 Answers

  • Level 1:

    An expert who has achieved level 1.

    Corporal:

    An expert that has over 10 points.

    Mayor:

    An expert whose answer got voted for 2 times.

  • Contributor
  • 3 Answers

This trojan runs as a rootkit, so you won't see it when it's running. It is a single file in C:\Users\username\AppData\Local (Vista), or C:\Documents and Settings\username\Local Settings\AppData (XP), It is marked as a system file, so you'll need to use the Folder Options in the control panel, to unhide hidden and system files and folders. As I said, with the rootkit loaded, you still won't see it there until you unload it. It runs by changing the registry so that any .exe run, will instead load the trojan. Attempts to run Internet Explorer or Mozilla Firefox will also instead run it. If you delete the file, or your antivirus finds it and deletes it, the changes to the registry will mean that from then on, whenever you try to run a program, you'll get a windows message asking you to select the file you want to use to open the .exe. (if this is the case, you'll need to use regedit in safe mode with command prompt, or rename regedit.exe to regedit.com).

To defeat the trojan, you must undo the registry changes, then reboot to reveal the file, then delete it. Here's how.

Run regedit. The trojan will load and give you all the fake warnings hassle. Do Ctrl-Alt_Del, and find the process 'av.exe'. End the process. Now in the registry editor, search for 'av.exe'. You should find a section HKEY_CLASSES_ROOT\.exe, where the (Default) REG_SZ has been set to 'secfile'. Edit this back to 'exefile'. Keep searching and you'll find HKEY_CLASSES_ROOT\secfile. Delete the whole secfile section. Keep searching - you'll find the odd line where it may be a recently 'searched for' item, where you can just delete the line, and you'll find it in a command line to run Internet Explorer. The full path to the trojan will be specified before the path to Internet Explorer. Edit this line to remove the path to the trojan, leaving just the path to Internet Explorer. A similar edit may be required for Mozilla Firefox. Find any other occurences of av.exe and deal with them in the same way.

Now, reboot the PC, and the trojan will not start up. Display system and hidden files, then go to the location of the trojan. Now you can see the little swine. Delete it, and empty the recycle bin.

Problem solved.

Enjoy!

Posted on Mar 15, 2010

  • Roj Blake Mar 20, 2010

    A new variant of this uses file 'ave.exe'. Same method of removal.

×

Ad
  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    MVP:

    An expert that got 5 achievements.

    Governor:

    An expert whose answer got voted for 20 times.

    Hot-Shot:

    An expert who has answered 20 questions.

  • Expert
  • 64 Answers

I managed to remove the virus by following the blog below. He made it really simple. Well worth a look. http://simontodd.com/2010/02/how-to-remove-xp-internet-security-2010-antivirus-vista-2010-or-win-7-antispyware-2010/

Posted on Feb 23, 2010

Ad
  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 1 Answer

Try malewarebytes.com

Posted on Apr 08, 2010

  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 1 Answer

I have this same problem, however in Task Manager the Process shows as "av.eve" but I can not find it in any other place on my computer, not RegEdit, MSConfig, I have downloaded more programs to fix this than I can count and I can not get rid of it??????????

Help me

Posted on Feb 16, 2010

  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 1 Answer

Go to the Start, Run, and then type msconfig.
The System Configuration Utility window pops up on your screen
On the column of tabs displayed,
Select Services and untick av.exe to disable it
Select the Startup tab and untick av.exe to disable it
Click Apply, then OK
Reboot your pc/laptop, and download Revo Uninstaller
Install Revo and run the application.
Remove or delete all items under av.exe or the virus in question
To view more solution for manually remove av.exe virus visit http://www.virushunt.com/a/av.exe-virus-removal.html

Posted on Jul 10, 2010

  • Level 1:

    An expert who has achieved level 1.

    Problem Solver:

    An expert who has answered 5 questions.

  • Contributor
  • 6 Answers
  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 1 Answer

We eliminated it with a System Restore to a date before the av.exe problem started. Apparently the problem was eliminated.

Posted on Apr 10, 2010

  • Level 1:

    An expert who has achieved level 1.

    MVP:

    An expert that got 5 achievements.

    Governor:

    An expert whose answer got voted for 20 times.

    Hot-Shot:

    An expert who has answered 20 questions.

  • Contributor
  • 35 Answers

Go to the Start, Run, and then type msconfig.
The System Configuration Utility window pops up on your screen
On the column of tabs displayed,
Select Services and untick av.exe to disable it
Select the Startup tab and untick av.exe to disable it
Click Apply, then OK

Reboot your pc/laptop, and download Revo Uninstaller
Install Revo and run the application.
Remove or delete all items under av.exe or the virus in question.

Download and install COMODO System Cleaner to clean your system registry
Download and install AVG trial version, run a complete scan to remove any further remnants of the virus.

Hope this helps you.

Till next time, take care of your pc/laptop!!

Posted on Feb 07, 2010

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
Best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of.(from cars to computers, handyman, and even drones)
click here to download the app (for users in the US for now) and get all the help you need.
Goodluck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

How do I fix this error? /windows/system32/ntoskrnl.exe


Unfortunately this could indicate either file corruption of a failing hard drive. I suggest you first attempt to perform a Windows Repair Installation. Online Virus Removal 39 99 Online Virus Removal and Online PC Help

Mar 11, 2015 | Computers & Internet

2 Answers

What is the cheapestprogram to purchaseto remove a virus


Unfortunately, once a computer is infected with a virus of some sort it may prevent the installation of any antivirus or antimalware software. I suggest you download and try to install the free version of Malwarebytes and perform an initial scan to see what it finds. I would then install the free version of Avira or AVG antivirus (one but not both) and run scans. If neither of these steps finds and eliminates the problem you can attempt to run System Restore (WindowsXP or higher only) and restore the system back to a time prior to when you noticed the virus. If you cannot remove the virus with any of these methods you will most likely need to backup your data, format your hard disk and reinstall the operating system.

Oct 09, 2014 | Computers & Internet

1 Answer

Xhel.exe problem


http://www.latest-virus.com/latest-virus-file-detected-on-20100306-1647/10
http://www.incodesolutions.com/virl.php

best to use a laptop with 2 hdd slots , one hdd with a well upgraded antivirus , of course free of viruses and the second yours.

u may wait several days to a[[earmuch better solutions(here and in the AV community)

Mar 07, 2010 | Microsoft Computers & Internet

1 Answer

Keyboard\service.exe not found error


This is a virus that infected your computer. There is no "keyboard\service.exe" file in Windows. Your antivirus likely removed it but it's still trying to load up on start up.

Go start->Run and type in "msconfig"
Then go to the startup tab on the window that appears and look for that particular exe file and disable it. You shouldn't get the message anymore.

Also clean your harddisk wint an antivirus program

Aug 03, 2009 | Computers & Internet

2 Answers

Error: Action failed for file avgwdsvc.exe: starting service.


open services.msc from run window and then find avgwdsvc.exe. right click and select properties then check the disabled checkbox. Apply and get out of services.msc. now try to install the new version of avg.

May 16, 2009 | Computers & Internet

2 Answers

Virus Attack


Ty installing the AntiVirus in Safe Mode.

Mar 29, 2009 | Symantec Norton Internet Security 2009

7 Answers

Want to delete ms antispyware 2009


Can you try to delete in "Control panel" "Add and Remove Program" .

Jan 31, 2009 | Microsoft Windows XP Home Edition for PC

1 Answer

BIOS problem


O.k. start by making a bootable disc or diskette to flash the bios with. This should get the machine to recognize the drive. If this is what you did before, do it again, because something didn't download or come out right on the disc. Once you've done the flash, if the hhd still isn't recognized then most likely the virus has done it's damage and the hhd is shot. Just a piece of advice, run only one antivirus, I recommend AVG, it's all you need for antivirus, spyware, and adware, the new 8.0 version is right on. With antivirus, the more the merrier, IS NOT the case. You actually made your system more vulnerable by having several antivirus along with spyware. The antivirus companies have made them to recognize other antivuruses as a threat. So, they conflict with each other, and can't do their job.

Aug 02, 2008 | Gigabyte GA-K8NF-9 (890552602964)...

5 Answers

Antivirus 2009


I see these every day, note: also fixes AV 2008 and many others.

This Malware is known as "Rogue anti-virus" software.

This program will remove it: http://www.majorgeeks.com/downloadget.php?id=5360&file=10&evp=2e0d43eb67e1e71c0b31e62c003599c0
the website that has it also has a really good antispyware program called malwarebytes

www.malwarebytes.org

once you run a full scan in this program run this program:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
it's another free antispyware. these are both professional grade removal software for free. I remove this stuff about 3 times a day. It seems this outbreak is the largest I've ever seen.

If you want a good protection suite that will keep it out buy a copy of NOD32 (www.nod32-av.com) another you may not have heard of, it will block this and many others before it even gets on your computer.

Jul 16, 2008 | Dell Dimension 2400 PC Desktop

1 Answer

Computer laptop problem


Generally, when a firewall or antivirus application fails to load, a virus is the suspect cause. Many viruses are designed to attack/disable the firewall/antivirus as to infect the system. If the operating system has beenn compromised to the point you can only boot in the safe mode, the likelyhood of removing the viruses and still being able to repair the operating system WITHOUT a clean reinstall of Windows is not great.

Things you can try.
  1. If you have more than one computer, see if you can connect this drive to a healthy system, and remove the infection.
  2. Run hardware diagnostics on the hard drive, as a hardware failure can mimic a software problem by files being damaged writing them to bad sectors of the media.
  3. If you can access the internet in safe mode with networking, or can access internet with another system, you can download several programs/tools to try to remove any infections. www.gur,in is one page with a large assortmant of tools to try to use to remove any infection. Sometimes you can install and run these in the safe mode or use safemsi.exe to enable some installers to run in the safe mode.
If the hard drive fails diagnostics then you will have to replace the hard drive. If it passes diagnostics, and attempts to remove infection fail, boot to XP cd, format the hard drive and do a clean install of windows the reinstall all drivers and applicaitons. If the format fails, replace the hard drive

Jul 06, 2008 | Gateway Computers & Internet

Not finding what you are looking for?
ASUS Eee PC 900 Notebook Logo

9,892 people viewed this question

Ask a Question

Usually answered in minutes!

Top ASUS Computers & Internet Experts

Les Dickinson
Les Dickinson

Level 3 Expert

18402 Answers

Doctor PC
Doctor PC

Level 3 Expert

7733 Answers

David
David

Level 3 Expert

778 Answers

Are you an ASUS Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...