cancel
Showing results for 
Search instead for 
Did you mean: 
lozah
Level 7

Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

Hi, I was wondering if you could help. My computer keeps coming up with the following message:

McAfee detected andatomatically removed a Trojan from your PC. No further action is required.

Detected:Artemis!56C9EF26F88B (Trojan)

Quarantined From:C:\windows\assembly\tmp\U\80000032.$

A couple of days ago my firewall stopped working and I could not turn on either the McAfee Firewall and or the Windows firewall, it just kept telling me there was an error. I'm not sure if this message popped up before or after I was having firewall issues. I tried scanning my computer to see if there was a virus stopping the firewall but came up with no results. I ended up uninstalling and reinstalling McAfee to get the firewall working again.

I have done two full scans with McAfee, two full scans using Malwarebytes' Anti-Malware, one full scan using Spybot Search and Destroy, and one full scan using ESET Online Scanner. All of these scans have come back clear.

I am also occaionally now being redirected to other websites in my Firefox brower (sorry I didnt note them down). [EDIT: The site I get sent to is <removed site in case it's malicious> I don't know if these are all related or just bad luck on my part. Is this file dangerous and what do I do to fix this problem?

Message was edited by: lozah on 28/09/11 07:12:29 CDT

Message was edited by: SamSwift - editing subject line on 04/10/11 16:43:37 IST

Message was edited by: SamSwift on 04/10/11 16:44:37 IST
1 Solution

Accepted Solutions
beagle123
Level 9

Re: Help... Artemis!56C9EF26F88B - ZeroAccess

Jump to solution

I ran another full scan on Friday using the automatically downloaded updates.  Zeroaccess.e and two other viruses were reported to be detected and quarantined (whatever that means).  The next time that I rebooted the machine, Windows failed to start.  It tried to repair itself, but it was unsuccessful.  This led me to do what I knew was inevitable anyway.  I wiped out everything and reloaded Windows.  At least I KNOW that it's gone now.

79 Replies
blusigma
Level 7

Re: Help... Artemis!56C9EF26F88B

Jump to solution

I am having the same problem!

0 Kudos
beagle123
Level 9

Re: Help... Artemis!56C9EF26F88B

Jump to solution

I too am having this same problem.  However, my problems started with Open Cloud Security infecting my computer.  The free Malwarebytes' Anti-Malware removed that.  Since that removal, I have run multiple full scans with the Malwarebytes tool, McAfee, and Spybot Search and Destroy.  All of them come up clean.  The remaining problems are that McAfee occasionally pops up the warning that Artemis!56C9EF26F88B is detected and removed, and my McAfee firewall will not stay up.  Sometimes, right after I reboot, it seems to stay up for a few minutes.  It then gives me a warning that my firewall is down.  When I try to turn it back on, it just tells me that my firewall is down again.  I have not noticed any redirections from my browser, but then I am not using that machine again until I can get the firewall fixed.

0 Kudos
jdl
Level 7

Re: Help... Artemis!56C9EF26F88B

Jump to solution

Same problem.  Same repeated pop-up of trojan found "Artemis!56C9EF26F88B".

I didn't know my firewall is down until reading these.  It shows as "on" until I click on firewall settings in security center.  There it shows as off.  when I click "turn on" it shows as on for about 1/2 a second and goes back to off.

When I leave the firewall settings, security center shows firewall: on.  And it shows "your computer is secure".  I don't believe either.

beagle123
Level 9

Re: Help... Artemis!56C9EF26F88B

Jump to solution

I unistalled and reinstalled McAfee and ran a full scan.  It reported a GenericFakeAlert!sc Trojan in C:\Users\<my user name>\AppData\Roaming\Z5sssQJ7dEK8gZh\sysl32.dll.  McAfee reported that the file was quarantined.  I looked in the ...\Roaming directory and found several files with names that started with random letters and ended with OpenCloud Security.ico.  For instance, there was a Z5sssQJ7dEK8gZhOpenCloud Security.ico.  Each of these files also had a corresponding directory with a name starting with the same characters, but they were all empty.  I deleted these files and directories.  Now I'm starting another full scan.

My firewall still isn't acting right.  The Security Center says that it's on.  The settings show that it's off.  The Security Center also says "Your computer is secure."  I don't believe it either.

0 Kudos
lozah
Level 7

Re: Help... Artemis!56C9EF26F88B

Jump to solution

Wow I didnt know that my firewall was still off too... CRAP!

0 Kudos
rags
Level 7

Re: Help... Artemis!56C9EF26F88B

Jump to solution

Don't forget about this LITTLE  inconvenience.

jdl wrote:

Same problem.  Same repeated pop-up of trojan found "Artemis!56C9EF26F88B".

I didn't know my firewall is down until reading these.  It shows as "on" until I click on firewall settings in security center.  There it shows as off.  when I click "turn on" it shows as on for about 1/2 a second and goes back to off.

When I leave the firewall settings, security center shows firewall: on.  And it shows "your computer is secure".  I don't believe either.

0 Kudos
jdl
Level 7

Re: Help... Artemis!56C9EF26F88B

Jump to solution

Follow up: I'm now getting notices of ZeroAccess.b!jsp as well.

0 Kudos
lozah
Level 7

Re: Help... Artemis!56C9EF26F88B

Jump to solution

Me too jdl...

I am now also getting the following since i first posted this message:

Artemis!8EA57E8B69F2

C:\windows\assembly\tmp\kwrd.dll

ZeroAccess.B!jsp

C:\windows\assembly\tmp\U\000000c0.$

Generic BackDoor!d2a(Trojan)

C:\Windows\assembly\tmp\U\800000c0.$

If no one from McAfee or whoever it is that helps people here can comment... even just to say "hold on we're checking into this"... then the only solution I can see is reinstalling windows on my system.. Which I don't really want to do because thats a massive job. But unfortunately I have bills to pay and I can't do that on an infected computer!

beagle123
Level 9

Re: Help... Artemis!56C9EF26F88B

Jump to solution

I have run numerous scans using Malwarebytes and Spyware Doctor.  They say my system is clean.  I uninstalled McAfee and installed Zone Alarm to see if I could get any firewall to work.  Zone Alarm seems to work fine, but it will not coexist with McAfee.  I uninstalled Zone Alarm and reinstalled McAfee.  When I run full scans, it says my system is clean.  However, the strange firewall behavior is still there.  Security Center shows that my firewall is on, but if I go to Settings, it says that the firewall is off.  If I click the button to turn it on, it momentarily says that its's on then says that it's off.  Since I don't trust this computer now, I keep the ethernet cable unplugged most of the time.  When I plug it in, McAfee usually pops up a message saying that a Trojan has been quarantined.  Some of the ones that I've seen are Zero Access.b!, Generic BackDoor!d2a, Artemis!56C9EF26F88B and Artemis!8EA57E8B69F2.  All of this happens after full scans have shown no problems.  Wiping the disk clean and starting over might be the only way around this.

It seems that we're seeing exactly the same symptoms at this point, but no one else has mentioned OpenCloud Security.  That's where all of my problems started on Friday. 

0 Kudos