My system was running abnormally slow so I was just checking the McAfee logs and the OnAccess log said:
Which got my attention very quickly. So i called up my IT shop.
They said 'Not possible. we have great big firewall and heaping enterprise antivirus. Nothing gets through.' I disagreed
got him to dameware my pc. The log was blank! But I swear it said that stuff. I checked all the other event logs, which were way more confusing and just as scary.
I printed out stuff and gave it to my local IT and they said its all normal. I joined microsoft's security forum and they said its all normal.
I'm beginning to think its all normal. Then I realize all my McAfee settings went default, everything scheduled was gone, OnAccess kept failing - couldn't authenticate,
AutoUpdate also keeps failing. I was lucky and able to force a manual update that worked and after many tries was able to run a full system scan which found:
Artemis!DCCD7AAB9BD6 Trojan in the PrinterInstallerClientUpdater.exe.cpytmp that was just installed by NT AUTHORITY.
McAfee stated "The file was successfully deleted." and I have six copies in my Quarantine folder.
But I still cant AutoUpdate or even Manual Update nor can I run a system scan. Then last night I was able to start a System Scan which indicates a detection found, its completed, but its still running,
so it hasn't finalized the detection and there's no action on the detected affected file.
What do I do now. I'm worried that if I click close, that it will close and then forget that it detected anything and then I won't be able to get system scan to work again.
Solved! Go to Solution.
I've edited the thread header to include the Artemis detection ID and moved the whole thing to the Artemis section.
Your IT department should know that no antivirus is 100% guaranteed as there are so many ways that a computer user can introduce an infection, however that said Artemis by definition means the antivirus found something it thought was suspicious, not necessarily malicious.
BTW it's been years since I used VSE so have no idea what to advise except the Artemis detection will be in your Quarantine folder where I believe it's possible to trust it if you wish.
Hello Ex_Brit. Thank you for helping. For editing my thread header and for correctly placing into group section.
The most recent detection has not been identified. Its still running, though it says its completed. Is there any way to jiggle the program to bring it out of its loop?
One side says detection occured the other side says Detections: 0
Also strange in this screenshot is the amount of files scanned vs. the total time that it took to scan them.
I think I'll try to run another scan on top of this one.
Thank you sir.
I've started a thread in the VSE forum. Got me a moderator!
No luck yet though. Still trying to ID malware.
Thanks for your help.
I've marked the file with MD5 hash of "dccd7aab9bd64c5f4ab7ba1211edd18c", as clean. It shouldn't be detected going forward.
I couldn't find it doing anything malicious. Of course, if you have more context on why it should be detected, please share. We often have to make decisions in a vacuum, due to lack of information/behavior/replication, etc.