1 2 Previous Next 11 Replies Latest reply on Feb 1, 2010 8:16 AM by pammirab

    help w/trojan's

      My McAfee has been detecting and deleting over and over

       

      Detected: Artemis!AEAA2ABACAD9 (Trojan), Artemis!AEAA2ABACAD9 (Trojan)

      Location: C:\windows\TEMP\woeb.tmp\svchost.exe

      Detected: Artemis!AEAA2ABACAD9 (Trojan), Artemis!AEAA2ABACAD9 (Trojan)

      Location: C:\windows\TEMP\tabo.tmp\svchost.exe

      Detected: Artemis!AEAA2ABACAD9 (Trojan), Artemis!AEAA2ABACAD9 (Trojan)

      Location: C:\windows\TEMP\gmyw.tmp\svchost.exe

      Ok  not sure why or where these are comming from   McAfee is doing a great job catching them but can anyone help me figure out how to stop this annoying thing.

      Thanks

      Bob

        • 1. Re: help w/trojan's

          54 views and no ideas??  Where else should I ask or what should I do.  Even set IE to high security and privacy???

          • 2. Re: help w/trojan's
            SamSwift

            Hi Bob,

             

            This looks to be a type of fake av software - however to get a full response I recommend you contact our home user support team via chat who can escalate for a full description to be provided. It may also be useful to submit samples to us - again support will take you through the procedure to do this.

             

            Are you seeing any strange behaviour on the machine?

             

            Kind regards,

             

            Sam

            • 3. Re: help w/trojan's

              Does anyone have an update on this?  I have been having the exact same problem for the past few days.  I receive the McAfee Trojan Removed popup every five minutes and a new xxxx.tmp folder is created (that appears to be empty; no hidden files and no svchost.exe file).  I know I can check the "Do not show this alert again" box, but I would rather figure out what is going on.  Is this some type of false positive and, if so, does McAfee have an update to fix it?  Thanks.

              • 4. Re: help w/trojan's

                OK ??????

                Thanks Sam took your advise and went to McAfee help, CHAT w/tech.  Cryptoman this is what I got after giving the tech control of my computer.  Cool watching it do things remotely.

                It"s      McAfee Artimus Technology   what ever that is.  It still shows up in my temp file but he shut off the alert for this so no popups or the dreaded ding.  I still have no idea why or where this is comming from.  After he deleted all the "temp" files and shut off notification I still got 8 empty "temp" files before he signed off.

                 

                STILL LOOKING FOR    H E L P

                • 5. Re: help w/trojan's
                  dmeier

                  You should probably run process monitor, to determine who is dropping/creating that file. If it's a running process, (not a normal windows process, like svchost.exe), then you would want to submit that file to www.webimmune.net.  If it is something like svchost, or explorer.exe, then it's likely a .dll file injected into that legitimate process.

                   

                  I would run GMER (gmer.net) or icesword, to try find the bad file that is going undetected.

                   

                  It's not trivial to manuall hunt down samples, so you might consider contacting support, and/or the virus removal service for assistance.

                   

                  If you would like to first post a GMER log up here, I'd be happy to take a look at it.

                   

                  - David

                  • 6. Re: help w/trojan's

                    David    used DMER.NET and when I went to copy results 3X it shut off my comp ???????

                    not to mention I had 780 new temp files

                    • 7. Re: help w/trojan's

                      sorry Dave GMER

                      • 8. Re: help w/trojan's
                        SamSwift

                        Hi Bob,

                         

                        Can you please submit the C:\windows\system32\drivers\atapi.sys file to http://www.webimmune.net and post up the analysis ID you get?

                         

                        Thanks,

                         

                        Sam

                        • 9. Re: help w/trojan's

                          Ok Sam   thats done

                          1 2 Previous Next