cancel
Showing results for 
Search instead for 
Did you mean: 
jamestrjr
Level 7

Weird computer behavior - New Infection? Artemis!ADB10CF255A0

Last weekend, something set my computer's clock back to February 27, 2003.  Didn't think much about it because I have update-to-date McAfee Virus Scan.  2 days later, something deleted every privilege from my All_Users shared My Documents folder under Permissions / Security.    Computer is also running slower.  Prcesses are high and CPU Perf is maxed out a lot.  I have since performed the following actions:

  • Made sure I had the latest McAfee update
  • Ran a complete McAfee FULL scan - Results no findings
  • Reviewed the McAfee Community for help
  • Downloaded Stinger, ran as Administrator, Very High, Report Only, for full C:\ - Results found two botential Artemis hits (WINBEJ.exe from a Bejeweled game directory and DPSLIB2.bin from a PinnicaleSW load) .  Then ran as repair in just the two directories.   Probably a fake hit for the bin file because I loaded the Pinncale Studio myself.  In retro-spec, lessons learned, I should have renamed this file to .qar or something in case I really needed it verses letting Stinger delete it. 
  • Downloaded MalWareBytes and ran FULL scan.  - Results only found 2 potentially unwanted modifications (PUMs) to the registry for Microsoft windows firewall and Update.  Appeared by have special character in the middle of the names.  Neither I'n sure casued all these issued
  • I have also re-instated Directory permissions because of need for those files.

I am now dead in the water.  Since I no longer have access to McAfee Chat (I found very useful which has since been buried under a Log in now and in order to get a log in you need a Grant # ???), I'm turning to the community.   I have yet to determine if Aretmis was my culprit as I have not found what this trojan is suppose to do, limited documents on it that I have found.

Should I run GetSup for the McAfee team?  Any advice would be appreciated.

Message was edited by: Ex_Brit on 08/12/12 12:40:05 EST PM
0 Kudos
5 Replies
exbrit
Level 21

Re: Weird computer behavior - New Infection? Artemis!ADB10CF255A0

A Grant Nbr would indicate you are using Enterprise software so I'm ill-equipped to advise you but as it's the weekend I will try.   it's true to say for any antivirus however, nothing is 100% guaranteed.

Anyone can run GetSusp but if Stinger found Artemis detections it should have reported those already to the labs and it would have helped to know the Artemis numbers, at least show them here for anyone from the labs to have a look at.

Anyway back to GetSusp, it's linked in the last link in my signature below.  Join the group.

The latest version of McAfee GetSusp is 3.0.0.318 and can be download from here:

http://getsusp.mcafee.com

How to use GetSusp:

http://www.mcafee.com/us/downloads/free-tools/how-to-use-getsusp.aspx

(If you enter your email in options they will get back to you on any findings).

You might consider the Hijackthis options lower down in my link too.

.

Message was edited by: Ex_Brit on 08/12/12 12:40:28 EST PM
0 Kudos
jamestrjr
Level 7

Re: Weird computer behavior - New Infection? Artemis!ADB10CF255A0

The Artemis number was ADB10CF255A0.

Are you familiar with the Artemis aftermath symptoms / issues?  Date change, Directory permission settings, slower performance?

If you think Artemis was transmitted to the labs, then should I still run GetSusp?  Was Artemis my culprit?

Is there a tool in XP that shows me open port usage?  I should not see MAX'd CPU when I'm sitting idle...

I think something is still here.

Thank you for such a quick reply - J

Message was edited by: Ex_Brit on 08/12/12 12:40:50 EST PM
0 Kudos
exbrit
Level 21

Re: Weird computer behavior - New Infection? Artemis!ADB10CF255A0

I've moved this to Artemis in the hope someone from the labs will spot it and I added the Artemis detection number to the headers.

Artemis is simply an unknown detection submitted to the labs so it could be just about anything, or maybe nothing.

I'm not familiar with such tools regarding open ports but you could check your firewall integrity here: http://www.grc.com/lt/leaktest.htm

Meanwhile you could run some other tools linked in my signature such as Rootkit Remover and SuperAntiSpyware.

0 Kudos
Hayton
Level 18

Re: Weird computer behavior - New Infection? Artemis!ADB10CF255A0

jamestrjr wrote:

Is there a tool in XP that shows me open port usage?  I should not see MAX'd CPU when I'm sitting idle...

If this is for XP you could try fport - see

http://www.mcafee.com/uk/downloads/free-tools/fport.aspx

But continuous high cpu means something is running hot, and for XP Task manager doesn't show enough information. As a first step install Process Explorer and use it to identifty the culprit. You might also need Autoruns. Both of these are from Microsoft - and so safe - and are useful in this sort of investigation.

0 Kudos
showvik
Level 12

Re: Weird computer behavior - New Infection? Artemis!ADB10CF255A0

Hi,

Artemis!ADB10CF255A0 has been suppressed after verifying that the corresponding file is innocent. Kindly allow up to two hours for this update to reflect in GTI system, post which, the file can be restored from quarantine. Let us know the other Artemis detection that occurred as per your initial post. Also, provide us the submission ID after running GetSusp on the affected machine.

Regards,

Showvik

0 Kudos