cancel
Showing results for 
Search instead for 
Did you mean: 
rmmudassar
Level 7

Artemis! Trojan

hi I am using Vista initially i scanned my whole system and 2 viruses where found and and removed it using mcAfee aanti virus.

Then but still my google talk and yahoo messenger are signing in and through yahoo messenger false trash messenges are been send to my friends in my mesengers list.

But still after scanning result is no threat no virus.

ut when i Restart my labtop, there is a warning from mcafee a trojan has been found blocked and quarantined.

Then i go to Restore and find the file DOVAOY.EXE which changes everytime when i Restart and the Detection Name Artemis!0ECD7418B70C(Trojan) is found even after removing it , it comes back after i restart again.

Can Anyone Help me In This

0 Kudos
16 Replies
nchattop
Level 12

Re: Artemis! Trojan

Hi,

I am working on your issue, I request you kindly provide me some more information regarding the file, send the sreeshots and have you noted any suspicious behavior on a system where this file has been run?  If so, what?

Regards

0 Kudos
rmmudassar
Level 7

Re: Artemis! Trojan

hi neha thanks

from  mcafee - restore

file name AEKBJKD.EXE,     Detection names--Artemis!0ECD7418B70C

Now the file name changes each time when i restart my System

but the Detection name is the same

On my System My Windows Live Messenger is Automatically Pops up to sign in .

and FRom my yahoo messenger

Seriously Do NOT CLICK this!! I mean it DON'T! hxxp://c40ac-h.image-myspace.info:85/userfiles/2d03ka/MVC-Picture003.JPEG.zip
Seriously Do NOT CLICK this!! I mean it DON'T! hxxp://c40ac-h.image-myspace.info:85/userfiles/2d03ka/MVC-Picture003.JPEG.zip

Seriously Do NOT CLICK this!! I mean it DON'T! hxxp://c40ac-h.image-myspace.info:85/userfiles/2d03ka/MVC-Picture003.JPEG.zip

Seriously Do NOT CLICK this!! I mean it DON'T! hxxp://c40ac-h.image-myspace.info:85/userfiles/2d03ka/MVC-Picture003.JPEG.zip
Do NOT CLICK this!! I mean it DON'T! hxxp://c40ac-h.image-myspace.info:85/userfiles/2d03ka/MVC-Picture003.JPEG.zip

Such messenges are been send to my friends list and then my system whose in sleep mode if i dont signout my yahoo messenger.

and moreover my have my google talk as remember my password setting even if i sign it out it is signed in again ..

And in mcafee i went to restore and in files selected the quarantined files and removed it but again everything is back..

i have some important job related softwares installed in my pc thats the reason i dont want to format my system..

hope this information help you.

Message was edited by: Samantha Price - edited links in case anyone does accidently click on them.  on 1/14/10 7:38:58 AM CST
0 Kudos
cyyoung
Level 7

Re: Artemis! Trojan

I had the same problem now it is sending chat messages to people that i did not write big problem i am cotacting skype now and see what they have to say I will have to uninstall skype if can not get this resolved in the next couple of hours. will you know what skype tech says

0 Kudos
SamSwift
Level 12

Re: Artemis! Trojan

Please submit the infected files to us here

Also, if you haven't already done so please ensure you are up to date and have run a full scan of your machine.

Sam

0 Kudos
rmmudassar
Level 7

Re: Artemis! Trojan

hi there is no particular file every time i scan trojan in found some where in user\local files

0 Kudos
rmmudassar
Level 7

Re: Artemis! Trojan

C:\Users\rmudassar\AppData\Local\Temp

that file is lying there location

help pls

0 Kudos
dmeier
Level 13

Re: Artemis! Trojan

There really should be a specific file, that we can identify.

Can you post your log files, so we can help figure it out?

I understand they change, but getting any one of them could really help out.

- David

Message was edited by: dmeier on 1/15/10 10:07:22 AM CST
0 Kudos
rmmudassar
Level 7

Re: Artemis! Trojan

these are some files hope will work out

Message was edited by: Samantha Price on 1/15/10 11:19:15 AM CST
0 Kudos
rmmudassar
Level 7

Re: Artemis! Trojan

these are some more

Message was edited by: Samantha Price on 1/15/10 11:19:42 AM CST
0 Kudos