cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 21 of 80

Re: Help... Artemis!56C9EF26F88B

Jump to solution

What level should we be scanning at in the stinger? Should I be doing it at high or very high sensitivity level, or leving it at the settings that I open it up at? I scanned last night (I'm in Australia) before I saw your post and came back with nothing. Will try again this morning in Safe Mode with networking...

The Getsusp did come up with the following yesterday -

Suspicious Files: both of which are apps on my desktop from weatherzone.com that I have had for ages

Status MD5 Location File Name Attribute Company Description Product Version File Version File Size Creation Date Modification Date Type Scan Error
UNKNOWN 2e9d51750e7748c78e58e95594ffb3b5 C:\Program Files (x86)\Pollen Tracker pollen_tracker.exe A         2,358,766 05/09/2011 17:46 12/04/2008 15:42 Process  
UNKNOWN 4048115ca3cdd87b59bf2eabc2b52204 C:\Program Files (x86)\Weatherzone Tracker weather_tracker.exe A         2,888,403 11/04/2010 17:22 07/17/2009 15:53 Process

 

Unknown files: which all look like they should be fine to me too... (My laptop is an MSI)

Status MD5 Location File Name Attribute Company Description Product Version File Version File Size Creation Date Modification Date Type
UNKNOWN 21ef01cbd2e5d126d51ef8ffdbb98390 C:\Program Files (x86)\Mozilla Firefox\plugins npqtplugin4.dll A Apple Inc. The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site. QuickTime 7.7 (1680.34) 7.7 (1680.34) 159,744 08/30/2011 07:28 08/30/2011 07:28 Module
UNKNOWN ee0c363f957ad7d9fdd42506a98a770a C:\Program Files (x86)\System Control Manager MGKBHook.dll A Micro-Star International Co., Ltd. MGKBHook 1.2009.0710.01 1.2009.0710.01 7,680 07/02/2010 02:26 07/18/2009 06:46 Module
UNKNOWN 5e9b6779f4ae3a472a668c01832ceee2 C:\Program Files (x86)\System Control Manager MGSysCtrl.exe A Micro-Star International Co., Ltd.   2.209.1127.006 2.209.1127.006 2,408,448 07/02/2010 02:26 02/06/2010 07:39 Process
UNKNOWN 71c6748ee8de938532057ef10b4b7e44 C:\Program Files (x86)\System Control Manager MSIService.exe A Micro-Star International Co., Ltd. MSI SCM Service 1, 0, 10, 0 1, 0, 10, 0 160,768 07/02/2010 02:26 07/10/2009 08:54 Process
UNKNOWN 65d88ca8bfb1c3af62a319a405d3eb1f C:\Program Files (x86)\System Control Manager MSIWmiAcpi.dll A Micro-Star International Co., Ltd. MSIWmiAcpi Dynamic Link Library 1, 0, 10, 0 1, 0, 10, 0 217,600 07/02/2010 02:26 07/10/2009 08:48 Module
UNKNOWN 19dd4282d7cddaea9711b388a2f6fcd7 C:\Windows\SysWOW64 nbirv4svr.exe A Neowiz Bugs Corporation. NBIR4Svr Module 1, 0, 9, 422 1, 0, 9, 422 159,744 05/15/2009 11:20 05/15/2009 11:20 Windows-Firewall
Highlighted

Re: Help... Artemis!56C9EF26F88B

Jump to solution

Ok this is getting out of control now. I ran both stingers for many hours today and neither found anything. I did this in safe mode. When I went back to normal windows the "Open Cloud" window came up. I tried to kill to no avail. I went to task manager and saw it spawning bogus process after bogus process. Now I'm pretty much stuck in safe mode. What can we do to get rid of this thing???? I need my machine and it's getting in to a very bad state. I've now tried malwarebytes, GetSup and both stingers and am getting nowhere. GetSup had nothing in the log. Need HELP!

Highlighted
Level 7
Report Inappropriate Content
Message 23 of 80

Re: Help... Artemis!56C9EF26F88B

Jump to solution

I had the same problem as everyone here.  McAfee Technical Support does not help.  They want you to pay for the service to have them clean the computer and fix the problem.  Which in essence is paying for the product - which obviously doesn't work and to pay for the technical service to fix their own product!! 

I have lost all confidence in this product and the company itself.  I had a virus (Open Cloud) and I managed to remove the culprit.  This is what I had to do to remove it.

     Download: Malwarebytes and RKill

I ran both programs to get rid of the virus - WHICH McAfee should have taken care of.  I usually used freeware a/v and never had a problem with them.  I got a new laptop and decided to purchase McAfee for protection....that was a waste of money.

If you purchased McAfee - count your loses and move on to another a/v program that works.  Check out the ratings on CNET Downloads.  If you didn't purchase this worthless program....BRAVO!!  Get out of here and go get some protection that WORKS!! 

Oh and the uninstalling, reinstalling and all the other crap they expect you to do to fix the problem is a farse!  It is not fixable and SHAME ON YOU MCAFEE!!!  YOU KNOW THAT YOU HAVE A PROBLEM AND DON'T HAVE THE BALLS TO HELP YOUR CONSUMERS!!!

Highlighted

Re: Help... Artemis!56C9EF26F88B

Jump to solution

vinoo is now on this thread he will help when he starts back at work. He knows of this issue and will handle this asap. There is a dat 6489 later on today / tommorrow which should help.

Message was edited by: Peacekeeper on 4/10/11 3:31:12 PM
Highlighted

Re: Help... Artemis!56C9EF26F88B

Jump to solution

Well my frustration is at a peak. I'm stuck in safe mode now given that this OpenCloud crap spawns about a couple thousand bogus tasks when I try to run in normal mode. Yesterday my problem was just with the firewall staying off but today after running these stingers I can't even use my laptop. For grins I ran McAfee's VirusScan in safe mode and it believed after a couple hours it had found more than a couple thousand infected files. As soon as I went back to normal mode the same OpenCloud junk came up and pretty much locked me out again. From the log I saw that McAfee thought it had found about a half dozen variants of Artemis. Unfortunately I no longer have malwarebytes to even try. Can't install it from safe mode and can't get in to normal mode. I have to agree that my faith in Mcafee is dropping off by the minute ...

Highlighted
Level 11
Report Inappropriate Content
Message 26 of 80

Re: Help... Artemis!56C9EF26F88B

Jump to solution

All,

Please download the tool listed here-

http://vil.nai.com/images/562354_2.zip

extract the .exe file.

Once you have that tool saved to the computer that is affected ( you may downlaod it on a good pc and trasfer to bad one via a thumb drive) or login to safe mode with netwowking on bad pc and download it and save it.

Now boot the computer into normaly mode and execute the .exe file on the machine and reboot as instructed.

Repeat the Run process two or three times and report the status

Note if you encounter any Fake alert or open cloud type infection blocking access- just click allow unprotected and proceed- Reply back if you still need assistance.

Highlighted

Re: Help... Artemis!56C9EF26F88B

Jump to solution

Safe mode is hosed up for me now on the infected laptop. I downloaded from the link on a different laptop then copied the rootkit remover from a flash drive to the infected laptop running in normal mode. Tried executing and it came back with "64-bit OS not supported yet"

Highlighted

Re: Help... Artemis!56C9EF26F88B

Jump to solution

I tried that as well and it says 64 bit not supported.

Highlighted
Level 12
Report Inappropriate Content
Message 29 of 80

Re: Help... Artemis!56C9EF26F88B

Jump to solution

Hi,

We've logged the 64-bit issue with Engineering and will report back. This threat is a real pig to clean up (understatement of the Year) especially when it's tied in with multiple infections. There is a threat advisory posted already to the Top Threat community space - we will keep updating it as new information becomes available.

Kind regards,

Sam

Highlighted
Level 7
Report Inappropriate Content
Message 30 of 80

Re: Help... Artemis!56C9EF26F88B

Jump to solution

I have gotten rid of the virus without the help of McAfee.  Thank you very much.  Excuse my sarcasim but when you take your hard earned money to purchase a product that is suppose to protect you - or at least the company to stand behind their product - one loses faith when they (me) have to go to other companies to clean up what McAfee couldn't fix.

In order to gain good faith with me - the problem of the firewall not staying up is still an issue.  I have read in this thread that others are having the same issue.  At least come forth an produce some type of resolution to this issue.  If not for me (who is a McAfee consumer) - then for everyone else who is having an issue with the product.  This is bad business and not a good sign of Customer Service.

Now, since I am having the issue with the firewall (which I assume is steming from the virus) I can only assume that there maybe a chance that some part of the virus is still attached in some way.  If there is any info that you need from me to combat this please let me know.  Like I said in the beginning of this statement...I got rid of the virus - using the methods I stated in an earlier thread - I only have the issue of the firewall left.

I will be following this thread.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community