cancel
Showing results for 
Search instead for 
Did you mean: 
Topper
Level 7

Having Problems With Artemis Trojans

Hello,

I've recently been having problems with McAfee detecting and deleting artemis trojans.  It seems to pop up about every five minutes and say that McAfee has blocked an artemis trojan.  This started happening either yesterday or the day before I believe.  It will say it is blocking the same ones over and over under a slighlty different location.  After I shut down my computer and then restart it will do the same thing just under a different artemis name and number.  Also random pop ups will come up for different sites.  I'm not really sure what to do.  Any help would be greatly apprecited.

The following is the most recent messages that popped up:

McAfee has automatically blocked and removed a Trojan.

About this Trojan
Detected: Artemis!547C87C604D5 (Trojan), Artemis!547C87C604D5 (Trojan)
Location: C:\WINDOWS\TEMP\knvx.tmp\svchost.exe

Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.

McAfee has automatically blocked and removed a Trojan.

About this Trojan

Detected: Artemis!547C87C604D5 (Trojan), Artemis!547C87C604D5 (Trojan)

Location: C:\WINDOWS\TEMP\bcrv.tmp\svchost.exe

Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.


I also got  an alert for

artemis!b375829dfbd8

Thanks Topper

0 Kudos
12 Replies
nchattop
Level 12

Re: Having Problems With Artemis Trojans

Hi Topper,

I am working on your issue and will get back to you shortly.

Regards

0 Kudos
lauren1200
Level 7

Re: Having Problems With Artemis Trojans

I logged into McAfee because (a) I have McAfee and (b) my PC Builder deliberately uploaded from his USB an Artemis Trojan to my PC.

I was having problems with windows 8 keep popping up the settings screen all the time.  He uploaded the Artemis Trojan and the problem stopped.  However, my PC has been a tad slower and more importantly I am worried about what it does, how it works and whether or not it has allowed him to backdoor my system.  I only considered this after recently having a security alert from McAFee and paypal.  They may not be related but I would like to know why he did this and if it is sometimes used for good causes and its okay to leave it?

Thank you

0 Kudos
nchattop
Level 12

Re: Having Problems With Artemis Trojans

Hi Topper,

I checked further, this looks to be a type of FakeAV software, associated with FakeAlert Trojan family, you can find more details about it here

Feel free to write to us further

Regards

0 Kudos
Topper
Level 7

Re: Having Problems With Artemis Trojans

Are you recommending me to download the stinger and proceed with its instructions.  I read through that thread and it looked as though many people were not satisfied with the stinger, and in fact they felt that this made problems worse.

Would it be better to just try to do a system restore from a previous point.  Thank you for your help.


Topper

0 Kudos
Topper
Level 7

Re: Having Problems With Artemis Trojans

After I signed on the internet to post my previous post,  McAfee quarantined 2 new files along with the continual artemis! trojans.  They were:

(file name) atapi.sys  (detection name) patched-sysfile.a (location) C:/Windows/systems32/drivers

(file name) svchost.exe (detection name) new malware.j (location) C:windows/temp/xpbw.tmp

Not sure how bad these are.  Once again thank you for any help.


Topper

0 Kudos
pammirab
Level 11

Re: Having Problems With Artemis Trojans

Hello Topper,

From your description, we were able to analyse the files further. Both are FakeAlert trojan related, as Neha stated in her previous message. Please see details below:

Reported: Artemis!547C87C604D5
SVCHOST.exe ... Found the Generic FakeAlert!ec trojan !!!
(This detection will be available in today's DATs)

Reported: Artemis!b375829dfbd8
SVCHOST.EXE ... Found the FakeAlert-LS trojan !!!
(This detection is available in our current DAT set.)

Please make sure both your Engine and DAT files are up to date.


Regarding the following files, if you are still having problems, please send us a copy of them for analysis to virus_research@avertlabs.com, in a password-protected ZIP file (password - infected). You can find detailed instructions for how to do this at <http://vil.mcafeesecurity.com/vil/submit-sample.aspx>.

(file name) atapi.sys  (detection name) patched-sysfile.a (location) C:/Windows/systems32/drivers
(file name) svchost.exe (detection name) new malware.j (location) C:windows/temp/xpbw.tmp

Regards,

Patty Ammirabile
McAfee Labs

0 Kudos
Topper
Level 7

Re: Having Problems With Artemis Trojans

The Artemis! trojans seem to have gone away so I thank you for helping me with that  I still am sometimes getting redirected to random sights though.

As for the other files, I just have a few couple of questions about how to send samples of them.

When I go to get the new malware.j files, a folder is there with the specified name, but it says the folder is empty.  Do I send the empty folder or am I doing this wrong.  Also, do I send the file or a copy of the file.  I tried searching this but was unable to find an answer.

Once again thank you for your time.

Topper

Message was edited by: Topper on 2/3/10 2:19:37 PM CST
0 Kudos
nchattop
Level 12

Re: Having Problems With Artemis Trojans

Hi Topper,

Please follow below steps , in order to capture the samples, you cna email to us at virus_research@avertlabs.com or visit oor website: http://webimmune.net to submit teh samples:

First, in Windows environment, click Tools >> Folder Option in Windows Explorer. Click on the View tab:

1. Enable the "Display the Contents of the System Folder"
2. Enable "Show hidden files and folders"
3. Disable "Hide Protected Operating System File"
4. Disable "Hide Extensions for Known file Types"

Creating zip / archive files: If necessary, install WinZip.

1. Right-click 'Start'
2. Select 'Explore'
3. Browse to the file to go in the archive  4.Right-click the file  5.If you are using WinZip, select 'WinZip'
6. Select 'Add to Zip...'
7. Click 'New'
8. Specify the name you want to give the zip file, e.g. sample  9. Select a place to save the Zip file to (make a note of this)  10. Click 'OK'
11. Click 'Password'
12. Enter and confirm a password (infected)  13.Make a note of the password, you will need it for your email  14.Click 'Add'
15. Close the archive or add other files.

To add files to the archive

1. Browse to the next file
2. Right-click it
3. Select 'WinZip'
4. Select 'Add to Zip file'
5. Click 'Open'
6. Double-click your Zip file (it will probably be displayed, browse to it if     not)
7.Click 'Add'
8. Close the archive or add other files If you have a system where you can do a test scan, you may first wish to try our beta DailyDATs to get the latest detection available.   You can find this on our web-site at:
<http://vil.mcafeesecurity.com/vil/averttools.aspx>

Regards,

0 Kudos
Topper
Level 7

Re: Having Problems With Artemis Trojans

I'm still having problems.  I sent in the samples and McAfee found nothing wrong with them.  The same thing keeps occurring.  Instead of Artemis! detections, McAfee now keeps finding the following:

new malware.j

generic fakealert!ec

I'm open to any suggestions.  I hope you can figure out something becuase it looks like I'm not the only one with these problems.  Thank you for your help.

Topper

Message was edited by: Topper on 2/12/10 7:14:44 PM CST
0 Kudos