Showing results for 
Search instead for 
Did you mean: 
Level 7

Followed malware troubleshooting, still need assistance

Here is our story...

July 1 - our webmail account was compromised and sent an e-mail to all of our Contacts

- the e-mail contained a link to a bogus prescription ordering site called Canadian Neighbor Pharmacy, where folks are being duped into providing personal information

- the scam is documented at

We deleted all of our Contacts, changed our e-mail password and security question, BUT are still concerned that something is lurking on one of our computers.

Does anyone have experience with this situation? Should we be concerned that one of our computers has been infected with malware?

We have a 3 user license for McAfee Total Protection. It is automatically updated and is current.

Laptop is running Windows Vista Service Pack 2. Desktop is running Windows XP Service Pack 3. Both are on automatic updates.

We used various tools as documented below, but have not been able to identify the malware or how to remove it. We  do not know what the virus is called so we cannot research it on  McAfee's VirusInfo web site.

Ran full McAfee scans on our laptop and desktop computers and came up with nothing.


Full McAfee scan in regular mode
01/07/2010    7:28:25 PM    Scan Started: 07/01/2010 07:28:25 PM
01/07/2010    8:01:56 PM    Total objects scanned: 222431
01/07/2010    8:01:56 PM    Objects detected: 0
01/07/2010    8:01:56 PM    Scan Done: 07/01/2010 08:01:56 PM

So we moved on to following the instructions in

The following was done from the laptop.

Ran scan in Safe Mode with Networking

While the scan was still in progress got a window that said it was from McAfee stating

Computer is at risk (RED)

- make sure real time scanning and firewall are on and subscription is active and up to date

- please check status

Checked status and message stated that Real Time Scanning was OFF! (RED)

       Tried to select button to Turn it ON, but only flashed to other McAfee window briefly that said Your Computer is Secure (GREEN)

Window would flip back to message saying Real Timing Scanning id OFF! (RED)

Scan ended with 0 objects detected

Window stating that Real Time Scanning was OFF! (RED) was still on screen so tried to set to ON, but the Apply button was greyed out.


scan in safe mode from laptop Computer (in Vista)
04/07/2010    1:20:27 PM    Scan Started: 07/04/2010 01:20:27 PM
04/07/2010    2:46:58 PM    Total objects scanned: 225388
04/07/2010    2:46:58 PM    Objects detected: 0
04/07/2010    2:46:58 PM    Scan Done: 07/04/2010 02:46:58 PM

Downloaded and Ran Stinger

Left computer in Safe mode to run Stinger

sensitivity "Very High" and "Report Only"

3 Artemis trojans found, but don't feel that these are likely false positives

the two files in $Recycle.Bin cannot be accessed (get message Location is not available)

the one TOSAPIN file is available and could be sent by WIN ZIP - file dated 7/12/2006


McAfee® Stinger Version built on Jul  2 2010

Copyright © 2010 McAfee, Inc. All Rights Reserved.

Virus data file v1000 created on Jul 2 2010.

Ready to scan for 3659 viruses, trojans and variants.

Scan initiated on Sun Jul 04 19:58:06 2010


     Found the Artemis!BEC8351B88F9 trojan !!!


     Found the Artemis!F00498EC9FC7 trojan !!!


     Found the Artemis!BEC8351B88F9 trojan !!!

  Number of clean files: 406469

  Number of Trojans: 3

Ran Stinger again

sensitivity "Medium" and "Repair"

no problems found


McAfee® Stinger Version built on Jul  2 2010

Copyright © 2010 McAfee, Inc. All Rights Reserved.

Virus data file v1000 created on Jul 2 2010.

Ready to scan for 3659 viruses, trojans and variants.

Scan initiated on Sun Jul 04 22:30:27 2010

  Number of clean files: 406474

Ran Malwarebyte's Anti-Malware

nothing found in Quick Scan


Malwarebytes' Anti-Malware 1.46

Database version: 4276

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

04/07/2010 11:52:35 PM
mbam-log-2010-07-04 (23-52-35).txt

Scan type: Quick scan
Objects scanned: 124104
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0 Kudos
3 Replies
Level 21

Re: Followed malware troubleshooting, still need assistance

Those bugs that send out bulk emails purporting to be from a certain email address can originate on any machine(s) that happen to have your email address in their address book, so don't necessarily originate at your end at all.  Of course if you have seen them in the "Sent" folder then they do.

Those Artemis detections appear to be in the Recyclers anyway so a disk cleanup can get rid of those and as they are classified as Artemis McAfee already knows about them and is investigating.   They are given Artemis designation until such time as they are given a proper name or found to be harmless.

We aren't qualified here to diagnose logs.   MalwareBytes has their own forum:

If you want to make sure that all is well now I suggest you run Hijackthis and post its log on one of the following forums for expert guidance (Malwarebytes is one of those forums and has a special section for HJT logs):


Do not post Hijackthis logs here,  we can't help with  those!

Post the logs at a specialist Forum:









Be sure to read all the sticky  announcements/instructions at the top of each malware forum!

Message was edited by: Ex_Brit on 05/07/10 9:31:09 EDT AM
0 Kudos
Level 7

Re: Followed malware troubleshooting, still need assistance

Thanks for the response Peter. The offending e-mail was definitely sent by us as it was in our sent box.

We have run the hijackthis program and will send the report to one of the forums you listed.

We'll post the outcome for others who may be having this problem.

Brenda and Sylvain

0 Kudos
Level 21

Re: Followed malware troubleshooting, still need assistance

Chances are that you are OK now especially after running Malwarebytes as well.  However, good luck and let's hope that's the case.

0 Kudos