Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1089 Views 2 Replies Latest reply: Mar 12, 2012 11:44 AM by Hayton RSS Branched to a new discussion.
boobear Newcomer 1 posts since
Mar 11, 2012
Currently Being Moderated

Mar 11, 2012 5:14 PM

Artemis!EFBCEADD09AA(Trojan)

Hi,

We run Windows Vista 64-bit, with McAfee Security Center Version 11.0. Begining last Monday March 5th we were alerted that we had a Trojan, at first McAfee had us shut down the computer and restart and it removed it.However yesterday and today after the resart scan McAfee detected it but says it can't remove it.Files keep being created in the following path

C:\Users\Owner\AppData\Local\Temp\. The first that couldn't be removed was yesterday in \c229f49e-5708.tmp than today \5daf19dc-5708.tmp we have gotten15 of them since the 5th. This alert occurs when we open Outlook, and the history log under Treats Detected  says the process is an Outlook process.After the restart the file is in the above location. We have also had a Generic Expoilt!kvf Quarantined and 3 FakeAlert-FBM! Quarantined. The first time we recieved the message that McAfee could not remove the file we went to delete the file as McAfee told us to, it said we needed Admin. Permission to do that.  What should be our next move? Please help.

 

Thank You,

Mike & Lisa

  • Ex_Brit Volunteer Moderator 59,592 posts since
    May 6, 2004
    Currently Being Moderated
    1. Mar 12, 2012 10:17 AM (in response to boobear)
    Re: Artemis!EFBCEADD09AA(Trojan)

    Is this Vista SP2?  Admin Permission?   Are you logged in as  Limted/Standard account?

     

    Try Stinger, downloadable from the link on this document I created:  Anti-Spyware/Malware and Hijacker Tools

     

    If that doesn't help then look further down for Malwarebytes Free and note well the remarks that it can be downloaded, updated and run all in 'Safe Mode with Networking' - often works when regular mode doesn't.

     

    By the way you may have been alerted to another response to this thread earlier on.  I removed it as that person is not posting helpfully.


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • Hayton Volunteer Moderator 4,602 posts since
    Sep 27, 2010
    Currently Being Moderated
    2. Mar 12, 2012 11:50 AM (in response to boobear)
    Re: Artemis!EFBCEADD09AA(Trojan)

    Ex_Brit's advice may remove the infection but it is possible that you may be re-infected.

     

    "Generic Exploit!kvf" is the name by which McAfee identifies a malware exploit of a known Java vulnerability (either CVE-2010-0840 according to Microsoft and some others, or CVE_2011_3544 according to Kaspersky and some others). The latest VirusTotal analysis of "viruuuuuuus.jar", done 6 days ago, appends the following information : Files - (as above) and obe.jar;  File type - ZIP; and notes that this is "part of blackhole exploitkit".

     

    If you want to know what you've been hit by, see a 2011 article from Websense at

    http://community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.as px

     

    Edit - See http://www.bleepingcomputer.com/forums/topic424607.html for the experience of one user who asked for their assistance in helping to remove an infection : it should be a fairly straightforward process.

     

    The fact that you've been infected shows that you have an out-of-date version of Java, and updating it should be your first priority after removing the infection, or you will almost certainly be re-infected. The Exploit Kit also scans your system looking for vulnerabilities in unpatched installations - everything from Windows and Internet Explorer, through Adobe Reader and Flash, to Windows Media Player (updates for which are optional, and are often overlooked).

     

    A while ago I suggested that McAfee should consider having a built-in tool to scan installed programs to see if they need updating, but we don't have that yet. In the absence of such a useful utility I suggest you get hold of Secunia's PSI or run an online scan with OSI. Just go to the Secunia website at  http://secunia.com and select one of the options.

     

    From time to time (when I remember) I post links to useful articles in Best Practices in Security Protection - some of which might be useful to you. When I have time I'll put something up there about the Blackhole Exploit Kit.

     

    Message was edited by: Hayton on 12/03/12 16:50:32 GMT

    Volunteer Moderator  Leeds, UK
    No PM's please

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points