One really fed up McAfee customer here with an Artemis trojan problem, real time scanning was disabled almost every time a Security Centre download had been completed which made me think I had a problem so I asked McAfee to sort it out remotely via their chat service. I only came across Artemis by chance whilst watching McAfee working on the computer. I turned on computer today and it did its usual scheduled scan with the result that one item had been detected and 1 item had been quarantined. Detection Log read:
18/02/10 18:50:03 Quick Scan Artemis! 89BB18D8OA Cannot be removed
(This was just at the end of my 1.5 hour session with McAfee)
19/02/10 12:18:38 Scheduled Scan Artemis! 89BB18D80A Quarantined
I don't want Artemis quarantined I want it GONE. What do I pay my McAfee subscription for if not to protect me and why did McAfee assure me all problems had gone when reading the Detection Log says differently. What do I want - either McAfee to do what I paid good money for last night and remove Artemis and any other problems that I might have or if they can't sort me out then refund my money.
I am not a techie person which is why I needed McAfee to sort it out for me but any comments would be welcome because I don't know who I can rely on to sort my problem out. Thank you!
Couple of clarifications need to be made here.
First, the Artemis detection "Artemis!89BB18D80A", is a detection name derived from the use of our "Artemis" technology. It's a specially crafted DNS query that checks with our server to see if a file is possibly malicious or not. It's not the name of a particular thread, but simply the text "Artemis!" with a few characters of the file's MD5 hasn appended to it.
So with all the techie stuff out of the way, the detection you are getting is good. And it being quarantined is the only half of the picture. It should also be deleting the file, and placing a copy in the Qtine folder. (we always put any detected file, into the quarantine folder, just in case of false detections)
With that said, you should only be getting this detection once, so it tells me that it's coming back for some reason. Most likely, it's being dropped by another piece of malware that is not yet detected at all. So, we just need to find that sample, and get it submitted to webimmune.net.
There are many tools available for finding files that may be malicious. For now, I'll use what is called "GetSusp" It's a tool we've created that will scan your system, and look for possibly malicious files.
I will PM you a link to the file, and instructions for running it. Along with steps to provide the samples back to me directly.
We'll get you taken care of, just hang in there.