"Antivirus Plus" won't allow MBAM install to run

[Howard]

I'm trying to clean a machine that has "Antivirus Plus" - a bogus virus scanner that's clearly malware itself. Tried to install MBAM, but after asking for the language I get a flash of a new window opening, then it disappears and that's as far as it gets!

This is under XP SP2, in Safe Mode. Trying the same file on an uninfected machine it works fine, so I don't think the file itself has been hit, but somehow it's stopped from executing.

I've already run other malware cleaners, which have removed various nasties, but this thing remains. It doesn't pop up under Safe Mode, by the way, but MBAM won't install whatever I do (tried renaming, running from a CD,. etc).

The machine is unusable as it is, and I suspect it may be doing nefarious things (be part of a botnet) too, as there's strange activity on my broadband line when it's running.

Where do I go from here?

Cheers,

Howard

[Hugh_LA_Tech]

I've got exactly the same problem on a Dell PC running XP Pro SP3! I suspect the trojan is looking at the product name property of the executable, so renaming the installer does not good! (right-click on mbam-setup.exe and hit Properties, then Version, then Product Name -- THAT'S what it's looking at, not the program name)

I wish there were some way to get in there and change those properties to throw this thing off, but I also noticed all you got in response was the sound of wind whistling through the trees!... Guess no one has any solution for this virus other than a complete system rebuild.

People say it's Lsas-blaster keyloger, but it doesn't have the ###################.exe file under Documents and Settings\Username... tree, and there isn't a process in the queue that looks like the description either. That would be an easy one to kill!

I've tried the latest SDFix, both in Safe mode, and running the hard drive slaved to another machine, running the software against the suspect drive. I've tried Spybot and several others -- all either find nothing, or target some innocuous cookie. I think it's pretty clear this isn't a cookie.

So far, I haven't found anything that can find or touch this one.

Has anyone pondered the value of just cutting the 3rd world off the internet? If those turds want to turn the internet into a cat rodeo, I think we can do without their participation and commerce! Maybe just "another" internet is in order -- one you have to register for so the traffic can be traced?

[Hugh_LA_Tech]

At this point, I'm ready to try figuring out what MBAM does when it installs, so i can perform a MANUAL installation! This trojan is obviously afraid of the thing if it stops it from loading, and it must be looking at the properties of the program, not its name when looking to kill it.

I've tried changing the properties, but it is "packed", so the data isn't in the clear anywhere. A retro-install seems the only option. I've tried virtually every other tool already and none of them touches this trojan. As far as I know, it doesn't even have a name.

[AdvancedSetup]

Hello and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: I'm infected - What do I do now?

Someone will be happy to assist you further with cleaning your system if required

During this scan and cleanup process you should not install any other software unless requested to do so.