cancel
Showing results for 
Search instead for 
Did you mean: 

/sigh more Generic!Artemis x3

I have 3 infected folders and am unable to remove (via McAfee or through Vista), submit to WebImmune, or even zip so that I can submit them. They cannot be modified...

I don't know what to do now.

I am currently doing a full system scan with Malwarebyte's and will post log as soon as it is complete.

I am on Vista Home Basic.
McAfee found the viruses.
Below is the error log from WinZip when I tried to zip them to submit...


Action: Add (and replace) files Include subfolders: no Save full path: no
Include system and hidden files: yes
Adding Setup.exe
Warning: could not open for reading: C:\Users\RAC 4715\Downloads\Setup.exe
Adding Setup(2).exe
Warning: could not open for reading: C:\Users\RAC 4715\Downloads\Setup(2).exe
Adding Setup(3).exe
Warning: could not open for reading: C:\Users\RAC 4715\Downloads\Setup(3).exe
Copying Zip file


sad
2 Replies

Malwarebyte's log

In mid-scan, I got the blue crash screen (2nd time today...), PC rebooted, and I started in safe mode with networking to try and reach this page again, but I could not access the internet. I rescanned with Malwarebyte and here is the log:

Malwarebytes' Anti-Malware 1.34
Database version: 1778
Windows 6.0.6000

2/19/2009 1:17:43 PM
mbam-log-2009-02-19 (13-17-39).txt

Scan type: Full Scan (C:\|)
Objects scanned: 148898
Time elapsed: 18 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 29
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.BHO) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango (Adware.180Solutions) -> No action taken.
C:\ProgramData\ZangoSA (Adware.Zango) -> No action taken.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Reset Cursor.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Customer Support Center.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Games!.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Library.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Screensavers!.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Videos!.lnk (Adware.180Solutions) -> No action taken.
C:\ProgramData\ZangoSA\ZangoSA.dat (Adware.Zango) -> No action taken.
C:\ProgramData\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> No action taken.
C:\ProgramData\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> No action taken.




It found lots of Zango stuff, which were quarantined and deleted, but I can't find the Generic!Artemis files that McAfee reported.

They are located at:

C:\Users\RAC 4715\Downloads\Setup.exe
C:\Users\RAC 4715\Downloads\Setup(2).exe
C:\Users\RAC 4715\Downloads\Setup(3).exe

But in the McAfee detection logs, it shows that these files were found by Malwarebyte's Anti-Malware which is listed next to "Process"

I'm so confused.

I just want to get rid of those 3 files.

/sigh

RE: Malwarebyte's log

Just let Malwarebytes' Anti-Malware remove them and reboot if required.

By the way, Vista SP1 is available through Windows Update.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community