cancel
Showing results for 
Search instead for 
Did you mean: 

Help please. To remove Generic!Artemis

A recent scan detected an unwanted programme but mcafee was unable to completely remove it .
It's a Generic!Artemis virus and or Generic!Artemis.) trojen or both, and is currently residing in c:\windows\system32\ma\MTK63G.exe. It does not appear to affecting my computer but I have just renewed my mcafee for 2 years and I don't want it there. Any help would be appreciated
0 Kudos
6 Replies
paullotion
Level 11

RE: Help please. To remove Generic!Artemis

Hello,

Send the file(s) to the lab.
http://vil.nai.com/vil/submit-sample.aspx

Then do this:

Download Malwarebytes ' Anti-Malware from Here or Here Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
0 Kudos

Log attached

Thanks for your quick reply.Please find log below which looks promising.Malwarebytes' Anti-Malware 1.31
Database version: 1494
Windows 5.1.2600 Service Pack 3

12/12/2008 21:00:09
mbam-log-2008-12-12 (21-00-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 114915
Time elapsed: 31 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ma1\MTK63G.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
0 Kudos

Job done!!

Just run another scan and all is well . Thank you very much for your help , you're a star.
0 Kudos
paullotion
Level 11

RE: Job done!!

Glad we could help.
0 Kudos
jorgea
Level 7

Re: Help please. To remove Generic!Artemis

Has this virus been dealt with appropriately so I won't have to worry about it?   Thanks.

__________________________________________

George Alarcon

Email address and url removed for security and online safety reasons - Hayton

Message was edited by: Hayton on 18/12/11 07:24:13 GMT
0 Kudos
Hayton
Level 18

Re: Help please. To remove Generic!Artemis

This is a very old thread. I doubt whether after three years you will get a reply, and you're asking similar vague questions elsewhere, so I'm locking this thread.

0 Kudos