Remove Aveo RAT from Your Computer - How to, Technology and PC Security Forum |

Remove Aveo RAT from Your Computer

shutterstock_248596792A remote access Trojan family dubbed Aveo, that targets primarily Japanese speaking users has been reported by malware researchers to cause infections on a massive scale. This type of Trojans is particularly dangerous since it can gain complete remote control of the computers it infects and steal information from them, spy on the user, steal files, install other malware and even crash the operating system of the computer. To learn how to be able to remove Aveo remote access Trojan and protect yourself and your data from it, we advise you to read this article thoroughly.

Threat Summary



TypeTrojan Horse
Short DescriptionThe Aveo trojan family drops multiple files and gains Read and Write permissions over Windows computers and sends information to a remote C&C server.
SymptomsNo symptoms.
Distribution MethodVia a malicious file disguised as a Microsoft Excel document.
Detection Tool See If Your System Has Been Affected by Aveo


Malware Removal Tool

User ExperienceJoin our forum to Discuss Aveo Trojan.

How is Aveo Trojan Spread?

To be widespread, Aveo uses a payload carrying .exe file that has the Microsoft Excel icon and resembles a legitimate document. This file may be sent out to users via e-mail networks as well as on social media messages and even uploaded on file-sharing networks. Cyber-criminals may even pay for spam-bots that may redistribute it’s drive by download via malicious web links spammed as a referral spam on various websites to reach more and more potential victims.

Aveo Trojan – Technical Information

Palo Alto researchers have established that as soon as it has been executed, the Aveo trojan drops several different files on the victim computer in the %Program Files% folder:

  • Ram.exe – the malware itself.
  • Cave workshop participants.xls – a decoy file that is opened with Excel to not raise any suspicion of infection.
  • Mshelp32.exe – a script.
  • Stting32.ini – used by the cleanup script.

The Aveo Trojan is also reported to connect remotely to a domain to which it communicates:

  • snoozetime(.)info

The domain is reported by researchers to have associations with an e-mail address, named This e-mail address or the domain itself may be associated with the following IP addresses:

The addresses themselves are believed to be hosted in the US, and there were more domains that were associated with this contact information:


After infection, the Aveo malware will also send this information to it’s server:

  • Unique hash identifier.
  • IP Address.
  • OS version.
  • Username.
  • Ansi identification code.

The Aveo ransomware may also modify the Windows Registry Editor, more specifically insert values in the following key:


In addition to this, the virus also can:

  • Insert commands in the Windows shell.
  • Get file information.
  • Read and Write permissions.
  • Drive information.
  • Execute DIR commands for certain paths.
  • Texttt
  • Texttt

Aveo RAT – Conclusion, Removal, and Protection

As a bottom line, this Trojan family has been created by someone who knew what they were doing, and the purpose of why they were created is not clear yet. One scenario may be massive online information theft campaign, which may be done either for profit or political agendas. Whatever the case may be, Aveo RAT has no place on your computer, and it’s removal is strongly advisable. For maximum effectiveness and permanent removal of the Aveo RAT, we advise you to follow carefully the step-by-step instructions, outlined in this article. They are carefully designed so that they help you remove Aveo properly and stay protected in the future as well.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share