cancel
Showing results for 
Search instead for 
Did you mean: 
tonynmi
Level 7

Artemis!BB125C730575 Trojan

Jump to solution

Happy Hollidays everyone!

During my weekly backup, I received a nessage indicating this virus was on my hard drive. I ran a complete scan of my system but the virus was not detected during it. However, when I use the Backup and Restore function in Windows 7, the McAfee warning comes up and stops the backup process. I cannot even locate the directory where this virus is supposed to have been detected in. I've attached a screenshot of the warning dialogue box that pops up.

Has anyone experienced anything like this or know how I can get around this to complete my backup?

Thanks

Tony

0 Kudos
1 Solution

Accepted Solutions
Hayton
Level 18

Re: Artemis!BB125C730575 Trojan

Jump to solution

The file location shows that the Trojan is detected now but wasn't detected at some earlier time. It got backed up automatically, so you've got an infected Restore point. If you don't know which one is infected - and there could be more than one - you may have to delete them all. The alternative is to start with the oldest and delete a few, and repeat until the message no longer appears.

The full directory path may not now exist. "Appdata\Roaming" of course corresponds to XP's "Application Data" and is Hidden.

The AppData\Roaming folder ... is the same as the Documents and Settings\username\Application Data folder in Windows XP.

You'll have to select 'View hidden files and folders' to see it.

0 Kudos
3 Replies
Hayton
Level 18

Re: Artemis!BB125C730575 Trojan

Jump to solution

The file location shows that the Trojan is detected now but wasn't detected at some earlier time. It got backed up automatically, so you've got an infected Restore point. If you don't know which one is infected - and there could be more than one - you may have to delete them all. The alternative is to start with the oldest and delete a few, and repeat until the message no longer appears.

The full directory path may not now exist. "Appdata\Roaming" of course corresponds to XP's "Application Data" and is Hidden.

The AppData\Roaming folder ... is the same as the Documents and Settings\username\Application Data folder in Windows XP.

You'll have to select 'View hidden files and folders' to see it.

0 Kudos
showvik
Level 12

Re: Artemis!BB125C730575 Trojan

Jump to solution

Hi,

Thank you for bringing this up to our notice. It does seem malicious. We strongly recommend you to submit the file for analysis once you have located it on the affacted machine. Sample submission processes are explained here:

http://www.mcafee.com/uk/mcafee-labs/resources/how-to-submit-sample.aspx

E-mail method should be suitable here.

Regards,

Showvik

0 Kudos
tonynmi
Level 7

Re: Artemis!BB125C730575 Trojan

Jump to solution

Thanks for the suggestions, I appreciate it. I was able to locate the folder but not the file in question so I am unable to submit it for further analysis. However, I restored my previous system image, performed a full scan and then did my weekly backup and all is well.

Thanks again.

0 Kudos