Yesterday McAfee did it's weekly scan and it found Artemis!B3C322F02778. I opened my security history to get the name because I was going to google it to see what it was. When I opened my security history I see "Suspicious incoming network connection blocked" 2950 times since 12:55 am on 6-19-13. It happens 3-4 times a minute. The Source IP address that comes up varies. Some of them are 192.168.182.1, 192.168.1.2, 192.168.182.87 and fe80::89c5:a74f:f192:26f9, which google tells me isn't even an actual IP address.
I ran a second virus scan and found nothing. I ran stinger and it found an Artemis trojan. I ran stinger a second time and it found nothing. I ran Malwarebytes and it found nothing. I did a system restore to a date before the suspicious activity started and it is still blocking 3-4 of them a minute. I went to McAfee.com and talked via chat with a technician and he said that as long as McAfee was blocking them I had nothing to worry about. I AM worried because SOMETHING on my computer is causing the "suspicious incoming network connections blocked", to happen. How do I stop these suspicious incoming newwork connections?Message was edited by: Ex_Brit on 23/06/13 9:25:40 EDT AM
After the system restore, McAfee propted me to do a scan. It found Artemis!B3C322F02778 again. When my computer restarted during the system restore McAfee was slow to start up. It ask me the "Do you trust this publisher?" before it would start. So either the Suspicious incomming connection gave me the Artemis trojan or the system restore, restored it.Message was edited by: Ex_Brit on 23/06/13 9:29:46 EDT AM
Superantispyware only found some adware, nothing major.
getsusp thought that lzma.dll suspicious. Don't know what that was, but I deleted it.
Still recieving suspicious incoming network connections.
Message was edited by: jones24 on 6/23/13 5:13:49 AM CDTMessage was edited by: Ex_Brit on 23/06/13 9:30:01 EDT AM
Moved this to Malware Discussions > Artemis for better attention and altered your header to reflect that so their people hopefully will spot it.
Artemis is what McAfee calls unknowns that have automatically been submitted to McAfee Labs for analysis. It may or may not be an infection.
Those IPs appear to be coming from your router and/or modem. make sure, especially if you are using a wireless connection, that encryption is being used, i.e. your router is password-protected to put it rather simply.
There are a few tools in the last link in my signature below that you could try.
Restoring the system may have simply restored whatever it was, but that's only a thought.Message was edited by: Ex_Brit on 23/06/13 9:30:42 EDT AM
I should have added that you houldn't be concerned about the huge number of entries in the Security History - Inbound Connections Blocked - those are merely a record of what your Firewall is blocking.Message was edited by: Ex_Brit on 23/06/13 11:50:05 EDT AM
Ok, first, thanks for responding and thanks for moving this to where it belongs. Second, I have been using wireless internet at two locations. One is my work, a hotel, that does NOT have a password protected router. The second is at my home that is password protected, although I live out in the country and nobody could connect to it.. And I get the Inbound connections blocked at BOTH. And sorry if I am being dense, I'm tired and this is frustrating me, but for 2 years I haven't had a single blocked connection and now in the matter of a few days I have over 3100. Something on my computer must be causing them, but other than the Artemis and the lzma.dll I can't find anything wrong.
Actually I saw the link in your profile when you responded to someone else, that is where I got Superantispywere, Spywareblaster, Stinger, and getsusp.
When using public networks/wi-fi hotspots etc. I would go into your computer's network settings and change it to "Public Network", that way it doesn't trust anything strange, McAfee will do the same. But in Network settings you could highlight your router or modem and select "Don't trust Network" as a precaution.
That Artemis may be nothing but let's hope someone form the labs posts here,
Meanwhile I could recommend you do a Hijackthis scan and post logs as per the links shown in my signature link.
I downloaded and ran Hijackthis and started a post on bleepingcomputer.com. While I'm waiting for anyone to respond I ran a McAfee Stinger scan again. The file that came back infected with Artemis was wildtangent. Thats games that came on the computer most of which I have never played. After looking online I see wildtangent show up on a lot of scans because they collect various user info. Why it would pop on a virus scan 3 years after I got the computer, I don't know, usless it just happened to be the file that was infected by somethine else. I deleted all wildtangent games. I'll see if Artemis shows up again or any more Suspicious incoming connections are blocked.
That's odd I know but not unheard of. At least you know what it is. They should clear it hopefully.
If it's deteted again note where it's being detected and post it here. I have an idea but it may not be any good until I know that.
Here is a link to bleepingcomputer.com with all of the logs that the guy there has had me run.