cancel
Showing results for 
Search instead for 
Did you mean: 
302travel
Level 7

Artemis!4A6883609C4E

I keep getting pop-ups from McAfee saying that Artemis!4A6883609C4E has been detected on my laptop.  I've deleted it from quarntine and deleted all my temp files, which is where I thought it was, but I can't seem to get rid of it. The item is listed as kd_18D8.exe and in \AppData\Local\Temp.  Do you know I can get rid of it? I would really appreciate any help you can provide.

Thanks

0 Kudos
5 Replies
Peacekeeper
Level 20

Re: Artemis!4A6883609C4E

It could  be being restored from the restore folder

Also remove all internet temp files and temp files use windows disk cleanup in accessories or administrative tools  to do this.

0 Kudos
302travel
Level 7

Re: Artemis!4A6883609C4E

I deleted all my temp files, turned off restore, erased previous restore points, rebooted, and deleted what was in quarntine, more than once, and my computer still has it. Its in the same place, but now its kd_29C2.exe.  Any other ideas on how I can get rid of it? Not sure if it matters, but I have Windows 8....

0 Kudos
catdaddy
Level 20

Re: Artemis!4A6883609C4E

Please kindly refer to the following thread PeaceKeeper advised. https://community.mcafee.com/message/330941#330941

Please post back your results, should you need us to further assist you.

All the very Best,

Cliff
McAfee Volunteer
0 Kudos
Peacekeeper
Level 20

Re: Artemis!4A6883609C4E

As well run some of the free scanners in CD's signature

ie

https://community.mcafee.com/docs/DOC-2168

0 Kudos
Hayton
Level 18

Re: Artemis!4A6883609C4E

Microsoft does not, it seems, classify this as a threat - yet (although the Microsoft rules on adware are being made much more stringent) so there is no entry for it in the Microsoft malware encyclopedia. Nothing in McAfee's database either, if the detection is heuristic.

This is adware, from a Tel Aviv based company (KeyDownload Ltd). A VirusTotal analysis of this or closely-related adware says that it employs dll injection, which is a technique often used by malware.

DLL injection is often used by external programs to influence the behavior of another program in a way its authors did not anticipate or intend.

The program may have modified browser settings, added extensions or add-ons to browsers, or created an extra browser toolbar. It seems likely that it has also created a hidden copy of itself and modified the registry to ensure that it re-creates itself if you delete files from the temp directory.

The links to cleanup utilities that you have already been given should enable you to get rid of the remnants of the adware : AdwCleaner and Malwarebytes are the usual recommendations. McAfee at least has quarantined the executable, but you need to remove any associated files, browser add-ons settings and toolbars, and registry settings.

0 Kudos