cancel
Showing results for 
Search instead for 
Did you mean: 
thansau_239
Level 7

Can Anyone Help Me KILL The Artemis Virus? (Artemis!BDC18DFCFA63)

Jump to solution

Dear all,

McAfee’s Virus Scan alerted me to the fact that my computer and so it appears that I have been infected with the Artemis virus. I try full scan,However, this was only a temporary fix and the Artemis virus seems to have regenerated and returned. 

Threat Type: Malware detected

Detection Name: Artemis!BDC18DFCFA63

Artemis!BDC18DFCFA63C:\WINDOWS\system32\x
Artemis!BDC18DFCFA63C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\QNKDE3Y7\ecva[1].gif
Artemis!BDC18DFCFA63C:\WINDOWS\system32\x
Artemis!BDC18DFCFA63C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\Q1E36P0F\ecva[1].png
Artemis!BDC18DFCFA63C:\WINDOWS\system32\x
Artemis!BDC18DFCFA63C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\QNKDE3Y7\ecva[1].gif

Help, please! How can I get rid of this virus once and for all?

Thank you very much!

0 Kudos
1 Solution

Accepted Solutions
exbrit
Level 21

Re: Can Anyone Help Me KILL The Artemis Virus? (Artemis!BDC18DFCFA63)

Jump to solution

Also maintain the machines by using the clean-up methods regularly....Disk Cleanup in Windows.    Those detections were all in your temporary files which could easily be deleted.

0 Kudos
10 Replies
exbrit
Level 21

Re: Can Anyone Help Me KILL The Artemis Virus? (Artemis!BDC18DFCFA63)

Jump to solution

Moved to Malware Discussion > Artemis so they can spot it hopefully..

Artemis isn't necessarily a virus, it is the generic name given to an unknown detection.

I give Consumers this to read, it may help: 

0 Kudos
Peacekeeper
Level 20

Re: Can Anyone Help Me KILL The Artemis Virus? (Artemis!BDC18DFCFA63)

Jump to solution

Also try clearing all windows temp and internet temp files .

Also load 1 of the files to www.virustotal.com and see what it says

0 Kudos
Artfulbodger
Level 13

Re: Can Anyone Help Me KILL The Artemis Virus? (Artemis!BDC18DFCFA63)

Jump to solution

Hi

Artemis is the Generic name which is assigned to a detect which is committed as 'bad' based on the characteristics it displays and is convicted by the GTI (Global Threat Intelligence) cloud system.

The VirusTotal (vendor agnostic) entry can be viewed here https://www.virustotal.com/en/file/ffaf925e502e120e476f511e0a548f2d072d8c0a11aa1a2edfca177e2852bbf0/...

It appears to be a variant of Conficker.

Take a look at the McAfee Conficker detection tool which can be found here Conficker Detection | McAfee Free Tools

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

0 Kudos
thansau_239
Level 7

Re: Can Anyone Help Me KILL The Artemis Virus? (Artemis!BDC18DFCFA63)

Jump to solution

Hi

Thank you for reply. So how can I get rid of this virus once and for all?

So many computer in my company infected it, McAfee agent can not clean all

0 Kudos
sol
Level 9

Re: Can Anyone Help Me KILL The Artemis Virus? (Artemis!BDC18DFCFA63)

Jump to solution


Artemis works like this...

It is a global threat intelligence built into your McAfee product. What Artemis does is detect a suspicious file that sends a copy immediately to the lab and if found to have malicious activity it is removed from the device as a malware detection is. The sample is then further evaluated and the detection and cleaning is placed in a near future daily DAT file.

Each sample is given the name Artemis with random numbers behind it. It is a new threat just being detected. IF you are constantly getting this alert then it is possible you have some other threat on your device that is going undetected and most likely continuing to reinfect you. It is in a loop so to speak.

Chances are until you clean your system, you aren't going to get rid of it. Run a full McAfee scan if one has not been done. Clean all cache files, internet temp folders both the content and Low fodlers, Temp folders including the c:\windows\temp   check for installed programs that should not be installed, look for suspicious .exe files and send them to avert labs for testing.You can "submit a sample" through the support section on McAfee.com. You must submit it via a password protected ZIP file. Check for suspicious file placed in the user\appdata\Local low and Roaming folder. I often find .exe files laying around in these folder that I send in and 99% of the time they are malware.

0 Kudos
McAfee Employee

Re: Can Anyone Help Me KILL The Artemis Virus? (Artemis!BDC18DFCFA63)

Jump to solution

Just to provide some clarification here: Artemis/GTI actually only sends a file hash (a unique string calculated from the file contents) to the McAfee cloud, and then uses that to determine whether a file is bad based on existing data, other submissions, etc.  The characters after the "Artemis!" are actually part of the file hash, so they're not random.

I would agree with the full scan suggestion, but would also suggest to set the Artemis/GTI level to "Very High" (if it's possible to change that with whichever version of McAfee antivirus software you're using).  You can also try running the "Stinger" tool (http://stinger.mcafee.com) which may have better luck detecting and removing any malicious files.  Your best bet would be to boot into Windows Safe Mode (Press the "F8" key before Windows starts) and run Stinger from within Safe Mode.  You can also try deleting that "C:\WINDOWS\system32\x" file, but you likely won't be able to.

Good luck!

0 Kudos
thansau_239
Level 7

Re: Can Anyone Help Me KILL The Artemis Virus? (Artemis!BDC18DFCFA63)

Jump to solution

Thanh you for reply,

I have been full scan but i can not clean it. I have found some service and registry key, i have deleted it. So i still get a warning about virus

0 Kudos
exbrit
Level 21

Re: Can Anyone Help Me KILL The Artemis Virus? (Artemis!BDC18DFCFA63)

Jump to solution

Try Malwarebytes Free - see the last link in my signature below.

Note the instructions on keeping it free of charge.

Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers

Consumer Technical Support (alter Country @ top right as needed)

Consumer Customer Service (Accounts, Billing, Registration, etc.)
Anti-Spyware/Malware/Hijacker Tools

0 Kudos
exbrit
Level 21

Re: Can Anyone Help Me KILL The Artemis Virus? (Artemis!BDC18DFCFA63)

Jump to solution

The last post is only a suggestion.  If this is a large company and many machines are infected and you are using Enterprise products, then maybe you should contact the support desk and ask about professional virus removal services, which are costly of course.

Conficker in particular shouldn't exist in the wild if all machines were totally up to date in all aspects as Windows itself would have prevented it with the monthly Malicious Software Removal Tool scan.

0 Kudos