cancel
Showing results for 
Search instead for 
Did you mean: 
bob8258
Level 7

help w/trojan's

My McAfee has been detecting and deleting over and over

Detected: Artemis!AEAA2ABACAD9 (Trojan), Artemis!AEAA2ABACAD9 (Trojan)

Location: C:\windows\TEMP\woeb.tmp\svchost.exe

Detected: Artemis!AEAA2ABACAD9 (Trojan), Artemis!AEAA2ABACAD9 (Trojan)

Location: C:\windows\TEMP\tabo.tmp\svchost.exe

Detected: Artemis!AEAA2ABACAD9 (Trojan), Artemis!AEAA2ABACAD9 (Trojan)

Location: C:\windows\TEMP\gmyw.tmp\svchost.exe

Ok  not sure why or where these are comming from   McAfee is doing a great job catching them but can anyone help me figure out how to stop this annoying thing.

Thanks

Bob

0 Kudos
11 Replies
bob8258
Level 7

Re: help w/trojan's

54 views and no ideas??  Where else should I ask or what should I do.  Even set IE to high security and privacy???

0 Kudos
SamSwift
Level 12

Re: help w/trojan's

Hi Bob,

This looks to be a type of fake av software - however to get a full response I recommend you contact our home user support team via chat who can escalate for a full description to be provided. It may also be useful to submit samples to us - again support will take you through the procedure to do this.

Are you seeing any strange behaviour on the machine?

Kind regards,

Sam

0 Kudos
Cryptoman
Level 7

Re: help w/trojan's

Does anyone have an update on this?  I have been having the exact same problem for the past few days.  I receive the McAfee Trojan Removed popup every five minutes and a new xxxx.tmp folder is created (that appears to be empty; no hidden files and no svchost.exe file).  I know I can check the "Do not show this alert again" box, but I would rather figure out what is going on.  Is this some type of false positive and, if so, does McAfee have an update to fix it?  Thanks.

0 Kudos
bob8258
Level 7

Re: help w/trojan's

OK ??????

Thanks Sam took your advise and went to McAfee help, CHAT w/tech.  Cryptoman this is what I got after giving the tech control of my computer.  Cool watching it do things remotely.

It"s      McAfee Artimus Technology   what ever that is.  It still shows up in my temp file but he shut off the alert for this so no popups or the dreaded ding.  I still have no idea why or where this is comming from.  After he deleted all the "temp" files and shut off notification I still got 8 empty "temp" files before he signed off.

STILL LOOKING FOR    H E L P

0 Kudos
dmeier
Level 13

Re: help w/trojan's

You should probably run process monitor, to determine who is dropping/creating that file. If it's a running process, (not a normal windows process, like svchost.exe), then you would want to submit that file to www.webimmune.net.  If it is something like svchost, or explorer.exe, then it's likely a .dll file injected into that legitimate process.

I would run GMER (gmer.net) or icesword, to try find the bad file that is going undetected.

It's not trivial to manuall hunt down samples, so you might consider contacting support, and/or the virus removal service for assistance.

If you would like to first post a GMER log up here, I'd be happy to take a look at it.

- David

0 Kudos
bob8258
Level 7

Re: help w/trojan's

David    used DMER.NET and when I went to copy results 3X it shut off my comp ???????

not to mention I had 780 new temp files

0 Kudos
bob8258
Level 7

Re: help w/trojan's

sorry Dave GMER

0 Kudos
SamSwift
Level 12

Re: help w/trojan's

Hi Bob,

Can you please submit the C:\windows\system32\drivers\atapi.sys file to http://www.webimmune.net and post up the analysis ID you get?

Thanks,

Sam

0 Kudos
bob8258
Level 7

Re: help w/trojan's

Ok Sam   thats done

0 Kudos