These are screen captures from a recent malware infection that I was asked to remove. The malware advertises that it is XP AntiMalware 2010 but don’t be fooled by it. This is a crafty piece of malware.
The first screen capture shows a pop-up and a balloon indicating a possible intrusion from 59.132.100.175 but this was impossible since the ethernet cable to the PC was disconnected.
Another dialog box trying to lure you in. Notice the larger version of the shield does not look like the real Security Center icon (also shown below).
Follow the steps outlined below to use Process Explorer to stop this malware. Note that this does not delete the malware but does stop it until you can get it removed. If I find out how to remove it I will make another post on how to do that. Process Explorer may be downloaded from Microsoft at the link below.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
- DO NOT click on the dialog boxes or balloons that are associated with this malware.
- Unplug or otherwise disconnect the infected PC from the Internet.
- Start Process Explorer by double clicking it.
- Find the process named “ave.exe”. If you can’t find that process then read the caveat at the end of this post.
- Right-click on the process and choose Suspend from the menu.
Your system may perform slowly but that’s better than the malware working its way deeper into your PC. Preventing malware is much easier than dealing with it post-infection so be sure to keep your operating system and anti-virus software updated.
Caveat: You may have noticed that I referred to “this malware” instead of the name shown in the dialog boxes. That’s because the malware may have a list of names that it rotates through. In fact, it may even alter the name of the executable (ave.exe) to something else.