I cannot update McAfee, Spybot, or Adaware, and nothing is detecting a problem. Windows Update even doesn't work (it always used to...)
I think my browser is hijacked! And I don't know what to do to fix it. For the past few days, some websites were not working...I thought they were down, but now I think it is something malicious that is trying to prevent me from using websites...
When I go to download a manual update for any of the above, the website "cannot be found".
I have a Compaq Presario SR5130NX, running Windows Vista. Please, please, I need a serious fix!
Thanks
on 5/12/10 7:11:49 PM CDTSolved! Go to Solution.
Any false detections should be submitted as per http://community.mcafee.com/thread/2016
However as this thread started withy you obviously having some kind of infection I would hold off doing that for now.
Try doing this in Safe Mode with Networking (reached by tapping F8 while booting up).
Go to http://www.malwarebytes.org/mbam.php and look for the FREE version.
Save the download as another name to your desktop, name it 123456.exe or similar.
Click on that and install it, update it and then run it - full scan and let it remove anything it finds. Reboot if asked to.
See if that cures what you reported in your first post.
Things may work in Safe Mode with Networking.
I'm sting(ing) right now in safe mode. I will try to updates through this too...
EDIT: I thought I'd never be happy to say this, but stinger found a trojan! But I had to scan my d: drive (restore and backup drive)...it found 2 instances so far, but I got it scanning on high heuristics and even scanning boot sectors, so it might be an hour or two...here is what Stinger found so far though:
d:\hp\apps\APP17696\src\install\games\bookwormdeluxe-setup.exe\43.nsis
Found the Artemis!FD2A81A6833D trojan !!!
d:\hp\apps\APP17696\src\install\games\chuzzledeluxe-setup.exe\40.nsis
Found the Artemis!6544E311EB66 trojan !!!
d:\hp\apps\APP17696\src\install\games\jewelquest-setup.exe\47.nsis
Found the Artemis!C8395752B4AF trojan !!!
C:\GamepotUSA\FantasyEarthZero\FEzero_client.exe
Found the Artemis!7A63A6B7BDDE trojan !!!
So any info on this? I'll post more if/when they come...
Message was edited by: UnknownStory on 5/12/10 10:48:42 PM CDTIt should be noted that Artemis detections are sometimes false and in your case it appears not to like some games. I'm not saying that's the case here but Artemis is the name given to unknowns which are sent to McAfee. So I moved this from Hoime User Assistance to Artemis Discussions.
See this article on what to do with Artemis: http://community.mcafee.com/thread/2016
Also: What is Artemis & Information needed for possible Artemis false positive investigations
Message was edited by: Ex_Brit on 13/05/10 7:13:44 EDT AMI'm sting(ing) right now in safe mode. I will try to updates through this too...
EDIT: I thought I'd never be happy to say this, but stinger found a trojan! But I had to scan my d: drive (restore and backup drive)...it found 2 instances so far, but I got it scanning on high heuristics and even scanning boot sectors, so it might be an hour or two...here is what Stinger found so far though:
d:\hp\apps\APP17696\src\install\games\bookwormdeluxe-setup.exe\43.nsis
Found the Artemis!FD2A81A6833D trojan !!!
d:\hp\apps\APP17696\src\install\games\chuzzledeluxe-setup.exe\40.nsis
Found the Artemis!6544E311EB66 trojan !!!
d:\hp\apps\APP17696\src\install\games\jewelquest-setup.exe\47.nsis
Found the Artemis!C8395752B4AF trojan !!!
C:\GamepotUSA\FantasyEarthZero\FEzero_client.exe
Found the Artemis!7A63A6B7BDDE trojan !!!
So any info on this? I'll post more if/when they come...
Message was edited by: UnknownStory on 5/12/10 10:48:42 PM CDT
EDIT2: Alright, here is the Stinger Log:
Scan initiated on Wed May 12 21:30:34 2010
d:\hp\Apps\APP17696\src\install\games\bookwormdeluxe-setup.exe\43.nsis
Found the Artemis!FD2A81A6833D trojan !!!
d:\hp\Apps\APP17696\src\install\games\chuzzledeluxe-setup.exe\40.nsis
Found the Artemis!6544E311EB66 trojan !!!
d:\hp\Apps\APP17696\src\install\games\jewelquest-setup.exe\47.nsis
Found the Artemis!C8395752B4AF trojan !!!
C:\GamepotUSA\FantasyEarthZero\FEzero_Client.exe
Found the Artemis!7A63A6B7BDDE trojan !!!
C:\Nexon\MapleStory\HShield\ehsvc.dll
Found the Artemis!6B133C25A746 trojan !!!
C:\Nexon\MapleStory\HShield\Update\patch\39\ehsvc.dl-\ehsvc.dl-.out
Found the Artemis!6B133C25A746 trojan !!!
C:\Nexon\MapleStory\HShield\Update\patch\39\hsupdate.ex-\hsupdate.ex-.out
Found the Artemis!7D1DC69E44C1 trojan !!!
C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll
Found the Artemis!541C9A66CE74 trojan !!!
C:\ProgramData\NexonJP\NGM\NGMDll.dll
Found the Artemis!14FDF09CB5E3 trojan !!!
C:\ProgramData\NexonUS\NGM\NGMDll.dll
Found the Artemis!F7B91CDBC527 trojan !!!
C:\Users\All Users\NexonJP\NGM\NGMDll.dll
Found the Artemis!14FDF09CB5E3 trojan !!!
C:\Users\All Users\NexonUS\NGM\NGMDll.dll
Found the Artemis!F7B91CDBC527 trojan !!!
C:\Users\C J\AppData\Local\VirtualStore\Program Files\Gameforge4D\AirRivals\1.0.0.13_1.0.0.18.zip\AirRivals.atm
Found the Artemis!D9D8D1DDB394 trojan !!!
C:\Users\C J\AppData\Roaming\Mozilla\Firefox\Profiles\tg0wbeu2.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07103010.dll
Found the Artemis!66820810D5D4 trojan !!!
C:\Users\C J\Documents\Downloads\NexonGameManager.exe\0019dec8.EXE
Found the Artemis!F7B91CDBC527 trojan !!!
C:\Users\C J\Documents\Downloads\NexonGameManager.exe\000b8d00.EXE
Found the Artemis!F7B91CDBC527 trojan !!!
C:\Users\C J\Documents\Downloads\TVUPlayer.exe\23.nsis
Found the Artemis!FEC75DAFED2B trojan !!!
C:\Users\C J\Games\Emu\Gen, SMS, GG\gens+.exe
Found the Artemis!DDFE3AAA44E9 trojan !!!
Number of clean files: 656660
Number of Trojans: 18
But it looks like it is all false positives...
And I just completed a "Right-Click Scan" on the "Computer" and it came up with no hits. So what is my next action?
Any false detections should be submitted as per http://community.mcafee.com/thread/2016
However as this thread started withy you obviously having some kind of infection I would hold off doing that for now.
Try doing this in Safe Mode with Networking (reached by tapping F8 while booting up).
Go to http://www.malwarebytes.org/mbam.php and look for the FREE version.
Save the download as another name to your desktop, name it 123456.exe or similar.
Click on that and install it, update it and then run it - full scan and let it remove anything it finds. Reboot if asked to.
See if that cures what you reported in your first post.
My hijacked browser is preventing me from visiting the website.
Edit: but I think I can get it off of CNet
Message was edited by: UnknownStory on 5/13/10 2:24:27 PM CDT
Edit2:
Here is the log for mbam:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4097
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
5/13/2010 1:49:13 PM
mbam-log-2010-05-13 (13-49-13).txt
Scan type: Quick scan
Objects scanned: 141217
Time elapsed: 14 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{rfr4710v-0ujj-2134-33vh-8l3dm3e8ew6d} (Generic.Bot.H) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.32,93.188.166.159 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8608992a-b5ef-4553-917a-1d785016bafe}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.32,93.188.166.159 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bcedbdef-0775-40fe-aec2-172494db3901}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.32,93.188.166.159 -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\spool\prtprocs\w32x86\00002ded.tmp (Rootkit.TDSS) -> No action taken.
C:\Users\C J\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken.
C:\Users\C J\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe (Trojan.Agent) -> No action taken.
It prevents you even in Safe Mode with Networking? That's Safe Mode with the internet.
Nope, it's blocking me even in Safe Mode.
Spybot's website is blocked, windows update, certain sections of McAfee... this is a tough little piece of malware.
That's too bad. If it were my machine I would format and reinstall the system at this stage. Failing that I would go for paid virus removal or a PC repair shop
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA