cancel
Showing results for 
Search instead for 
Did you mean: 
oneiota
Level 7
Report Inappropriate Content
Message 1 of 10

NT AUTHORITY -0x3e7- loading Artemis!DCCD7AAB9BD6 Trojan via PrinterInstallerClientUpdater.exe

Jump to solution

My system was running abnormally slow so I was just checking the McAfee logs and the OnAccess log said:

WARNING!

WARNING!

OK OK

WARNING!

OK  OK

OK  OK

WARNING!
WARNING!

Which got my attention very quickly. So i called up my IT shop.

They said 'Not possible. we have great big firewall and heaping enterprise antivirus. Nothing gets through.' I disagreed

got him to dameware my pc. The log was blank! But I swear it said that stuff. I checked all the other event logs, which were way more confusing and just as scary.

I printed out stuff and gave it to my local IT and they said its all normal. I joined microsoft's security forum and they said its all normal.

I'm beginning to think its all normal. Then I realize all my McAfee settings went default, everything scheduled was gone, OnAccess kept failing - couldn't authenticate,

AutoUpdate also keeps failing. I was lucky and able to force a manual update that worked and after many tries was able to run a full system scan which found:

Artemis!DCCD7AAB9BD6 Trojan in the PrinterInstallerClientUpdater.exe.cpytmp that was just installed by NT AUTHORITY.

FOUR TIMES!

McAfee stated "The file was successfully deleted." and I have six copies in my Quarantine folder.

But I still cant AutoUpdate or even Manual Update nor can I run a system scan. Then last night I was able to start a System Scan which indicates a detection found, its completed, but its still running,

so it hasn't finalized the detection and there's no action on the detected affected file.

What do I do now. I'm worried that if I click close, that it will close and then forget that it detected anything and then I won't be able to get system scan to work again.

1 Solution

Accepted Solutions
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 5 of 10

Re: NT AUTHORITY -0x3e7- loading Artemis!DCCD7AAB9BD6 Trojan via PrinterInstallerClientUpdater.exe

Jump to solution

I have no idea, sorry.  You'd have to ask in the VSE forum here: 

9 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 10

Re: NT AUTHORITY -0x3e7- loading Artemis!DCCD7AAB9BD6 Trojan via PrinterInstallerClientUpdater.exe

Jump to solution

I've edited the thread header to include the Artemis detection ID and moved the whole thing to the Artemis section.

Your IT department should know that no antivirus is 100% guaranteed as there are so many ways that a computer user can introduce an infection, however that said Artemis by definition means the antivirus found something it thought was suspicious, not necessarily malicious.

If you feel it is false then you can appeal.  I wrote  something for consumers yet you say you use Enterprise software, but it may still help: 

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 3 of 10

Re: NT AUTHORITY -0x3e7- loading Artemis!DCCD7AAB9BD6 Trojan via PrinterInstallerClientUpdater.exe

Jump to solution

BTW it's been years since I used VSE so have no idea what to advise except the Artemis detection will be in your Quarantine folder where I believe it's possible to trust it if you wish.

oneiota
Level 7
Report Inappropriate Content
Message 4 of 10

Re: NT AUTHORITY -0x3e7- loading Artemis!DCCD7AAB9BD6 Trojan via PrinterInstallerClientUpdater.exe

Jump to solution

Hello Ex_Brit. Thank you for helping. For editing my thread header and for correctly placing into group section.

The most recent detection has not been identified. Its still running, though it says its completed. Is there any way to jiggle the program to bring it out of its loop?Scan progress.bmp

One side says detection occured the other side says Detections: 0

Also strange in this screenshot is the amount of files scanned vs. the total time that it took to scan them.

I think I'll try to run another scan on top of this one.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 5 of 10

Re: NT AUTHORITY -0x3e7- loading Artemis!DCCD7AAB9BD6 Trojan via PrinterInstallerClientUpdater.exe

Jump to solution

I have no idea, sorry.  You'd have to ask in the VSE forum here: 

Highlighted
oneiota
Level 7
Report Inappropriate Content
Message 6 of 10

Re: NT AUTHORITY -0x3e7- loading Artemis!DCCD7AAB9BD6 Trojan via PrinterInstallerClientUpdater.exe

Jump to solution

Thank you sir.

I've started a thread in the VSE forum. Got me a moderator!

No luck yet though. Still trying to ID malware.

Thanks for your help.

-oi-

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 7 of 10

Re: NT AUTHORITY -0x3e7- loading Artemis!DCCD7AAB9BD6 Trojan via PrinterInstallerClientUpdater.exe

Jump to solution

OK good luck

McAfee Employee dmeier
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: NT AUTHORITY -0x3e7- loading Artemis!DCCD7AAB9BD6 Trojan via PrinterInstallerClientUpdater.exe

Jump to solution

I've marked the file with MD5 hash of "dccd7aab9bd64c5f4ab7ba1211edd18c", as clean.  It shouldn't be detected going forward.

- David

oneiota
Level 7
Report Inappropriate Content
Message 9 of 10

Re: NT AUTHORITY -0x3e7- loading Artemis!DCCD7AAB9BD6 Trojan via PrinterInstallerClientUpdater.exe

Jump to solution

Hi David.

Why would you not want it to detect?

McAfee Employee dmeier
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: NT AUTHORITY -0x3e7- loading Artemis!DCCD7AAB9BD6 Trojan via PrinterInstallerClientUpdater.exe

Jump to solution

I couldn't find it doing anything malicious.  Of course, if you have more context on why it should be detected, please share.  We often have to make decisions in a vacuum, due to lack of information/behavior/replication, etc.

- David