Attacked by Antivirus XP - MBAM won't run

[Ghostrider 7]

Was just attacked by Antivirus XP & it will not let MBAM start. No good in Safe Mode either. It has also turned off AT&T's McAfee's

Security Center & hijacked the internet. The infected computer has been turned off & I am using my laptop on my home network.

NEED HELP!

Thanks!

NeedhelpinTX

[Ghostrider 7]

I also notice that there is a mbam-error file on my C Drive dated 4/17/2010 9:45 PM.

I did have a pop-up webpage right before taht & I ran MBAM & it cleaned & removed a malware file

that I had to reboot to finish the removal. I just now noticed this file.

The mbam-error file says:

"An error has occurred. Please report this error code to out support team. MBAM_ERROR_NOT_REGISTERED_ (0, 0)".

I am running Ad-Aware Free Anniversary Edition & the AT&T McAfee Internet Security Suite scans now.

AT&T McAfee quick scan did not find anything. Ad-Aware still running.

*********************************************************

Now, Antivirus XP just gave me a "Critical System Alert" pop-up:

Unknown software is trying to take control over your system!

Details

Attack from: 37.135.250.210 port: 2406

Attacked port: 9807

Threat: Trojan-Clicker.Win32Stixo.d

Do you want to block this attack?

Yes or No

*********************************************************

I did not click either one.

I am now running a full scan with AT&T McAfee, but I don't think it will find anything.

I also tried renaming MBAM.exe & it still wouldn't start.

Still need help!

Thanks!

[Ghostrider 7]

I have disconnected my ethernet if it matters?

[Ghostrider 7]

AD-Aware Full Scan found Win32AdwareBHO & it was quarantined. It was found in C:\WINDOWS\CouponPrinter.ocx.

Coupon Printer has been installed on the computer for about 4-6 months & Control Panel Add & Remove Programs

show it last used on 02-23-10.

AT&T McAfee full scan is still running & it shows 3 items detected so far. It is 84% complete.

Started Spybot Search & Destroy & it immediately found 7 entries of CouponBar & it is still scanning.

Still unable to start MBAM!!

[Ghostrider 7]

AT&T McAfee finally finished & it found RemAdm-ProLaunch!171.

It was found in the following locations:

C:\Documents and Settings\Mom\DoctorWeb\Quarantine\ComboFix.exe

C:\Documents and Settings\Mom\DoctorWeb\Quarantine\A0000233.exe

C:\Documents and Settings\Mom\DoctorWeb\Quarantine\A0000128.exe

I had a problem with a rootkit infection a year ago this month & I believe

these are the results of that repair. AdvancedSetup helped me clean the

computer then.

I left it alone & did not remove the files.

I tried to uninstall "Coupon Printer for Windows" in the remove & install program,

but it keeps locking up & not responding. I have to use Task Manager to close it.

I even went into C:\Program Files\Coupons & tried the uninstall exe there & it tells

me "Invalid start mode: archive filename.

I think that this maybe because of the part that was quarantined in Ad-Aware.

Spybot removed all but 1 item for CouponBar & said that I had to reboot to finish.

I am still unable to start MBAM. I don't know what happened this time. I was out of

town & I came back Saturday night & the problem started with an unexpected

webpage popped open. Last year, the problem started with redirects, MBAM or

any malware software not working & system restore didn't work either. I have not

tried a systems restore point yet & I will wait until someone can assist me in getting

the computer clean again.

Regards,

Still NeedhelpinTX!!

[Ghostrider 7]

I noticed in Task Manager that ave.exe shows CPU activity everytime I get the

Antivirus XP pop-up. According to the website news/loaris dot com, ave.exe is the

executable for Antivirus XP & they have a removal guide at

news/loaris dot com/antivirus-xp-ave-exe-removal-guide/ . The pictures on their

website are exactly like I have.

They also claim that I can remove the infection by using their Loaris Trojan Removal

tool or by manually removing the files they show on this webpage.

BUT, I have never heard of Loaris & I don't trust things I don't know about.

I also attached screen prints of my pop-ups.

I'll be waiting for you assistance.

Regards

NhiTX

[Ghostrider 7]

Is Loaris Trojan Remover ok to use? Their website says that it removes the Antivirus XP that has attacked my pc.

[Ghostrider 7]

Followed Removal instructions for XP Internet Security at topic=43987 & got my computer back.

Please add "Antivirus XP" to the list in the topic above. You may also use the screen prints of what

the malware program looked like.

Thanks Malwarebytes!

Regards,

No more NeedhelpinTX!

[Ghostrider 7]

You may close my post.

[AdvancedSetup]

Glad the self help topics were able to get you going. I'll close your post now.

So how did I get infected in the first place?