ave.exe

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by georgegrr, Apr 11, 2010.

  1. georgegrr

    georgegrr Private E-2

    I started noticing that something strange has been going on with my computer so I just tried to reinstall Windows XP (Professional) and go from there... I got a message File \i386\ntkrnlmp.exe could not be loaded, the error code is 7 and I was not able to do it.

    I searched the internet for answers and there are suppose to be 2 reasons that might be causing that: incorrect BIOS settings (I restored them to defaults and that did not help) or faulty RAM (I checked it with Memtest and I passed it with no problems). I also read that some malware programs can be causing that problem also and thats what the problem is, I think.

    I erased ave.exe, assigned .exe to applications so they are working properly but I was never able to reinstall Windows so far. I also tried about 10 (or more programs) and some of them seemed to help somehow: CCleaner, Onecare Windows Live Scanner, ComboFix. I also have GMER if that could help...

    I also have an impression that MalwareBytes is the best for that but just like other users I am not able to install it with mbam.exe in the folder. I also tried to install that file with a different name and then copy it to the folder but it was not working either (I got to the point where it strarted downloading updates but it did not get anywhere). I get a message that there is something wrong with the sequence and the other one saying that file mbabswissarmy.sys is missing or something like that (I have both files in Windows/System32/Drivers or something like that).

    I was also trying to change settings in bios to disable ADSI in BIOS (Phoenix Bios F.23), but I dont have that option there and install Windows from CD with one already running but I am not able to do that because I get the message that the version that I am trying to install is older that the one that I have. I was trying to uninstall Service Pack 2 but I get a message that I dont have permission to do that and that I need to do it as an administrator (I am an administrator but it is not working).

    When I was looking at user accounts I had some strange name there that I did not create so I just erased that. I still have some program in the system that is opening small windows with ads every now and then or connects me to some websites that load ave.exe to my system all over again.

    I dont know... This is just too difficult to do. I know that I can format both disks and start from 0 and then check RAM if that would not work but I dont really want to go that way because I need to have access to the internet all the time for a while etc... Do you have any ideas how to get rid of it and fix it just with one computer and without transferring data, formating disks etc. Thanks.
     
    georgegrr, Apr 11, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    Please read ALL of this message including the notes before doing anything.

    Pleases follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide


    and attach the requested logs when you finish these instructions.

    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:


    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this aother user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:

    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    TimW, Apr 11, 2010
    #2
  3. georgegrr

    georgegrr Private E-2

    1) Problems started about a week ago when computer started acting differently etc. I wanted to reinstall Windows XP Professional but I was not able to do it because of the message:

    "File \i386\ntkrnlmp.exe could not be loaded, the error code is 7"

    I checked RAM and BIOS, which might be causing something like that and they are fine. I know that a virus / malware can be causing that too.

    2) I run several programs (I was never able to install and run MalwareBytes) and I got good results with ESET online scanner, it detected and removed:

    Win32/Adware.RegGenie (I installed this one by myself)
    Win32/Kryptik.DNI trojan
    Win32/Adware.SuperJuan.U
    Win32/Kryptik.CPZ trojan

    Kaspersky Virus Removal Tool 2010 found and removed:

    Trojan.Win32.Stuh.anyn

    3) My first problem was ave.exe so I followed some instructions and just deleted it and then assigned .exe to applications so they were working properly

    4) I still have wscntfy.exe in the Task Manager (processes window), wich looks just like original Security Center by Microsoft but I am not able to end the process and it is just there all the time and I cant get rid of it.


    As far as mandatory steps:

    A) I was not able to install SuperAntiSpyware, I get the following message:

    “The ordinal 280 could not be located in the dynamic link library msi.dll”

    I was trying to fix that based on what I have found on the internet but it is still not working...

    B) I was not able to run MalwareBytes. I have been trying to solve that problem for a while now and I was changing names, using kill.exe program to kill the malware process that was suppose to be blocking it etc but I did not get anywhere with that. I get several messages:

    During installation:

    An error has occurred. Please report this error code to our support team.

    MBAM_ERROR_EXPANDING_VARIABLES (0, 9)

    -> I press ok and it starts loading updates

    MBAM_ERROR_LOAD_DATABASE (3, 0)

    The system cannot find the path specified.

    -> I press ok

    An error has occurred. Please report this error code to our support team.

    MBAM_ERROR_EXPANDING_VARIABLES (0, 9)

    -> I press ok

    MBAM_ERROR_MISSING_FILE (3, 0, mbamswissarmy.sys)

    The system cannot find the path specified

    c) ComboFix, RootRepeal and MGtools were working fine and I am including the attachements in the message


    The main problem here is that I am not able to reinstall Windows and just go from there. I was running ESET and Kaspersky in a safe mode also, if that makes a difference.
    Thank you in advance for any info you can offer.
     

    Attached Files:

    georgegrr, Apr 13, 2010
    #3
  4. georgegrr

    georgegrr Private E-2

    I was actually able to get rid of the Security Center in msconfig:

    Windows -> Run... -> typed msconfig -> unchecked Security Center in Services tab
     
    georgegrr, Apr 14, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You should not be using msconfig to control your start ups. Please do this:

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

File::
C:\Documents and Settings\conkon\Local Settings\Application Data\448003291
C:\Documents and Settings\conkon\Local Settings\Application Data\kH832332nVa32
C:\Documents and Settings\conkon\Local Settings\Application Data\mE20
C:\Documents and Settings\All Users\Application Data\448003291
C:\Documents and Settings\All Users\Application Data\F2tkIp4
C:\Documents and Settings\All Users\Application Data\kH832332nVa32
C:\Documents and Settings\All Users\Application Data\mE20
C:\Documents and Settings\conkon\Templates\448003291
C:\Documents and Settings\conkon\Templates\F2tkIp4
C:\Documents and Settings\conkon\Templates\kH832332nVa32
C:\Documents and Settings\conkon\Templates\mE20
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    [​IMG]
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Attach the GMER log that you have on your next reply.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Apr 15, 2010
    #5
  6. georgegrr

    georgegrr Private E-2

    I actually stsrted messing with it by myself and I got to the point where I was not able to run Windows anymore so I had to take it to a local place and asked them to format C:\ to see if that would help with the installation.

    They did that and I was still getting the same error so I was told that they can diagnose the problem and tell me what it is. It looks like it is hardware related, since C:\ was totally empty and it still was not working.

    I am not sure what the outcome will be because I checked RAM with Memtest and it has passed, I also changed BIOS to default settings (I was never changing anything in there before so I dont thing thats the reason behind that problem either).

    I was thinking it was virus, but everything that I had was on C:\ not the other partition that I have so I dont know right now. I guess I will just wait to see what they tell me. I was told that I will get a 100% answer what the problem is tomorrow.

    Thank you for your help. I will let you know what the problem was too.
     
    georgegrr, Apr 15, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You had some infections obviously, but whether or not they were the only issue is a question. We may have been able to get you sorted without resulting in a clean install. But do let me know what they tell you.
     
    TimW, Apr 16, 2010
    #7
  8. georgegrr

    georgegrr Private E-2

    The problem was the cd that was scratched and did not want to work. I cleaned it and looked at it tooand I did not see the problem. They checked some other ones and they were working so I just need to get a different copy of xp.
    I would format c: anyway so it looks like it is still possible just to reinstall windows and get rid of most of the problems in 45 minutes or so (in my case) instead of trying to figure out what is what in detail.
    Thanks for your help.

    PS. Is it possible for a virus to block an installation of Windows like that?
     
    georgegrr, Apr 17, 2010
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Doing a reformat off the xp cd would remove everything. So no, it wouldnt be blocking a reinstall.
     
    TimW, Apr 17, 2010
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds