Getting rid of ieav.exe is not as simple as deleting one file or pressing one button, and does require a few steps. Don't be worried however, as this tutorial will guide you, step by step, into removing this pesky little piece of malware.
Step One - Check If ieav.exe Is Actively Running
The first step is to see if ieav.exe is actively running. You need to go to your task manager to check. You can either press
click to enlarge
, to immediately have your task manager show up, or press
CTRL+ALT+DEL then click on
Task Manager. Once the Task Manager is running, look at the processes running in the
Processes tab and see if you can find
ieav.exe and
ieavinstaller.exe. If any of these are running, right click on each and click on
End Process Tree.
Step Two - Deleting ieav.exe
Now that step one is complete, you can delete ieav.exe without Windows stopping you. Windows does not allow a user to delete files if they are currently running, which is why step one is very critical in this process. Deleting ieav.exe is not as simple as deleting one executable file, as the malware leaves bits and pieces of itself all over your computer. Let's start by going into the root folder that ieav.exe will usually plant itself in:
- C:\Program Files\ieantivirus\
If you cannot find this directory, check your other drives to ensure that it hasn't planted itself in your other drives (D:\, H:\. Z:\, etc.). In this folder you will see a few executables. Do not run any of them. Instead, delete the entire folder and delete it from your recycle bin. The next paths we want to check for are:
- %\Desktop Directory\ie antivirus 3.2.lnk
- %\Programs\ie antivirus 3.2.lnk
As every computer is configured differently, the directory above is a general directory. You'll have to locate your main desktop directory, and depending on the user that's logged in, the directory can be different. If you're having trouble finding this path, do a search in Windows for ie antivirus 3.2.link. Once Windows finds the files, delete them and clear them from your recycle bin.
You've now successfully gotten off the traces of the malware but you're not done yet. IE Antivirus also snakes its way into your registry settings so that it is harder to kill.
Step Three - Cleaning Up Your Registry
click to enlarge
Many tutorials will state that only an expert should handle messing with registry keys as one wrong move can cause your computer to stop working. I somewhat agree, but don't believe only computer experts should handle this part. Just be sure to take your time and read each step thoroughly before deleting or modifying any registry keys. The key to this portion is taking your time.
Run registry editor by going to your Start button, then clicking Run... From there, type Regedit to get the registry editor.
The first registry folder you're going to look for is:
- HKEY_CURRENT_USER\software\ieantivirus
Once you've found this folder, right click it and press Delete. If you're having trouble finding this folder, you can actually search in your registry editor. Simply go to Edit then press Find, then search for the term ieantivirus.
The next registry folder you want to look for is:
- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
Do not delete this registry folder! You are looking for a specific key in the folder above. Unlike the previous step, you are not deleting the folder, you are deleting a key. On the right hand side of the registry editor, you will see a list of keys. You are looking for antispy. If you see it, right click it and press Delete.
The next registry folder you want to look for is:
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
You are performing the same action here. Look for the antispy registry key, right click it, then press Delete.
The final registry folder to delete is:
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ie antivirus
In this case, you are deleting the folder. Right click the ie antivirus folder and press Delete. You've now effectively deleted the main portions of ieav.exe, but there are still some supplemental files that need to be removed.
