collected.AE virus

Hi…… I really need someone’s help. Every time I start my connection to the
web (even without IE) I get a message from my AV saying there a Trojan horse
called collected.AE found, it creates a program call installer.exe. My AV
allows me to delete the program that was created but my computer ends up
going super slow and the IE wont open any webpage, it keeps redirecting me to
some place or other. When I type in a web address I get a message saying can
not open search engine/bar or something like that. I have run several
anti-Trojan horse programs in safe mode after turning off my auto restore. I
even deleted the contents of the temp file in my windows file as well as all
the temporary internet files. I’m using windows XP home edition with service
pack 2. I really need help, I need someone to tell me how to stop this from
happening, I have tried all I can think of but this thing won’t stop.

Thanks
ANDREW

Andrew S wrote:

> Hi?? I really need someone?s help. Every time I start my connection to
> the web (even without IE) I get a message from my AV saying there a
> Trojan horse called collected.AE found, it creates a program call
> installer.exe. My AV allows me to delete the program that was created
> but my computer ends up going super slow and the IE wont open any
> webpage, it keeps redirecting me to some place or other. When I type
> in a web address I get a message saying can not open search engine/bar
> or something like that. I have run several anti-Trojan horse programs
> in safe mode after turning off my auto restore. I even deleted the
> contents of the temp file in my windows file as well as all the
> temporary internet files. I?m using windows XP home edition with
> service pack 2. I really need help, I need someone to tell me how to
> stop this from happening, I have tried all I can think of but this
> thing won?t stop.

I don't know what "all I can think of" entails, so go through the
following steps, making sure you use updated tools and do all scans in
Safe Mode. You will probably need to run HijackThis so I've included
links to a tutorial and to places to post your HJT log (not here,
please). I highly recommend the Aumha forum.


1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.

Before you remove malware, get LSPFix (or WinSockFix for XP which you
can get from MajorGeeks) - see links below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See below for
HijackThis links, including sites where you can post your HJT logs. A
combination of HijackThis and about:Buster works well in removing the
about:Blank homepage hijacker. Again, this is an expert tool and
novices should get help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore after the system is clean because malware will be in the
Restore Points. With ME, you must disable System Restore completely.
With XP, you can delete all but the most recent (presumably clean)
System Restore point from the More Options section of Disk Cleanup
(Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malware:

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtrac...r_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
removing spyware
http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://aumha.net - forums
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

General:
http://aumha.net - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"

Thanks for all the advice, i'll try these out. if it works i'll tell you.

Thanks again
ANDREW

"Malke" wrote:

> Andrew S wrote:
>
> > Hi?? I really need someone?s help. Every time I start my connection to
> > the web (even without IE) I get a message from my AV saying there a
> > Trojan horse called collected.AE found, it creates a program call
> > installer.exe. My AV allows me to delete the program that was created
> > but my computer ends up going super slow and the IE wont open any
> > webpage, it keeps redirecting me to some place or other. When I type
> > in a web address I get a message saying can not open search engine/bar
> > or something like that. I have run several anti-Trojan horse programs
> > in safe mode after turning off my auto restore. I even deleted the
> > contents of the temp file in my windows file as well as all the
> > temporary internet files. I?m using windows XP home edition with
> > service pack 2. I really need help, I need someone to tell me how to
> > stop this from happening, I have tried all I can think of but this
> > thing won?t stop.
>
> I don't know what "all I can think of" entails, so go through the
> following steps, making sure you use updated tools and do all scans in
> Safe Mode. You will probably need to run HijackThis so I've included
> links to a tutorial and to places to post your HJT log (not here,
> please). I highly recommend the Aumha forum.
>
>
> 1) Scan in Safe Mode with current version (not earlier than 2003)
> antivirus using updated definitions.
>
> Before you remove malware, get LSPFix (or WinSockFix for XP which you
> can get from MajorGeeks) - see links below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See below for
> HijackThis links, including sites where you can post your HJT logs. A
> combination of HijackThis and about:Buster works well in removing the
> about:Blank homepage hijacker. Again, this is an expert tool and
> novices should get help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore after the system is clean because malware will be in the
> Restore Points. With ME, you must disable System Restore completely.
> With XP, you can delete all but the most recent (presumably clean)
> System Restore point from the More Options section of Disk Cleanup
> (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.intermute.com/spysubtrac...r_download.html
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
> removing spyware
> http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://aumha.net - forums
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
>
> General:
> http://aumha.net - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
>