Last weekend, something set my computer's clock back to February 27, 2003. Didn't think much about it because I have update-to-date McAfee Virus Scan. 2 days later, something deleted every privilege from my All_Users shared My Documents folder under Permissions / Security. Computer is also running slower. Prcesses are high and CPU Perf is maxed out a lot. I have since performed the following actions:
I am now dead in the water. Since I no longer have access to McAfee Chat (I found very useful which has since been buried under a Log in now and in order to get a log in you need a Grant # ???), I'm turning to the community. I have yet to determine if Aretmis was my culprit as I have not found what this trojan is suppose to do, limited documents on it that I have found.
Should I run GetSup for the McAfee team? Any advice would be appreciated.Message was edited by: Ex_Brit on 08/12/12 12:40:05 EST PM
A Grant Nbr would indicate you are using Enterprise software so I'm ill-equipped to advise you but as it's the weekend I will try. it's true to say for any antivirus however, nothing is 100% guaranteed.
Anyone can run GetSusp but if Stinger found Artemis detections it should have reported those already to the labs and it would have helped to know the Artemis numbers, at least show them here for anyone from the labs to have a look at.
Anyway back to GetSusp, it's linked in the last link in my signature below. Join the group.
The latest version of McAfee GetSusp is 18.104.22.1688 and can be download from here:
How to use GetSusp:
(If you enter your email in options they will get back to you on any findings).
You might consider the Hijackthis options lower down in my link too.
Message was edited by: Ex_Brit on 08/12/12 12:40:28 EST PM
The Artemis number was ADB10CF255A0.
Are you familiar with the Artemis aftermath symptoms / issues? Date change, Directory permission settings, slower performance?
If you think Artemis was transmitted to the labs, then should I still run GetSusp? Was Artemis my culprit?
Is there a tool in XP that shows me open port usage? I should not see MAX'd CPU when I'm sitting idle...
I think something is still here.
Thank you for such a quick reply - JMessage was edited by: Ex_Brit on 08/12/12 12:40:50 EST PM
I've moved this to Artemis in the hope someone from the labs will spot it and I added the Artemis detection number to the headers.
Artemis is simply an unknown detection submitted to the labs so it could be just about anything, or maybe nothing.
I'm not familiar with such tools regarding open ports but you could check your firewall integrity here: http://www.grc.com/lt/leaktest.htm
Meanwhile you could run some other tools linked in my signature such as Rootkit Remover and SuperAntiSpyware.
jamestrjr wrote:Is there a tool in XP that shows me open port usage? I should not see MAX'd CPU when I'm sitting idle...
If this is for XP you could try fport - see
But continuous high cpu means something is running hot, and for XP Task manager doesn't show enough information. As a first step install Process Explorer and use it to identifty the culprit. You might also need Autoruns. Both of these are from Microsoft - and so safe - and are useful in this sort of investigation.
Artemis!ADB10CF255A0 has been suppressed after verifying that the corresponding file is innocent. Kindly allow up to two hours for this update to reflect in GTI system, post which, the file can be restored from quarantine. Let us know the other Artemis detection that occurred as per your initial post. Also, provide us the submission ID after running GetSusp on the affected machine.