1 2 Previous Next 12 Replies Latest reply on Sep 18, 2013 12:40 PM by lauren1200

    Having Problems With Artemis Trojans

      Hello,

       

      I've recently been having problems with McAfee detecting and deleting artemis trojans.  It seems to pop up about every five minutes and say that McAfee has blocked an artemis trojan.  This started happening either yesterday or the day before I believe.  It will say it is blocking the same ones over and over under a slighlty different location.  After I shut down my computer and then restart it will do the same thing just under a different artemis name and number.  Also random pop ups will come up for different sites.  I'm not really sure what to do.  Any help would be greatly apprecited.

       

      The following is the most recent messages that popped up:

       

       

      McAfee has automatically blocked and removed a Trojan.

       

      About this Trojan
      Detected: Artemis!547C87C604D5 (Trojan), Artemis!547C87C604D5 (Trojan)
      Location: C:\WINDOWS\TEMP\knvx.tmp\svchost.exe

       

      Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.

       

       

      McAfee has automatically blocked and removed a Trojan.

       

      About this Trojan

      Detected: Artemis!547C87C604D5 (Trojan), Artemis!547C87C604D5 (Trojan)

      Location: C:\WINDOWS\TEMP\bcrv.tmp\svchost.exe

       

      Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.

       


      I also got  an alert for

       

      artemis!b375829dfbd8

       

       

       

      Thanks Topper

        • 1. Re: Having Problems With Artemis Trojans

          Hi Topper,

           

          I am working on your issue and will get back to you shortly.

           

          Regards

          • 2. Re: Having Problems With Artemis Trojans

            Hi Topper,

             

            I checked further, this looks to be a type of FakeAV software, associated with FakeAlert Trojan family, you can find more details about it here

             

            Feel free to write to us further

             

            Regards

            • 3. Re: Having Problems With Artemis Trojans

              Are you recommending me to download the stinger and proceed with its instructions.  I read through that thread and it looked as though many people were not satisfied with the stinger, and in fact they felt that this made problems worse.

               

              Would it be better to just try to do a system restore from a previous point.  Thank you for your help.

               


              Topper

              • 4. Re: Having Problems With Artemis Trojans

                After I signed on the internet to post my previous post,  McAfee quarantined 2 new files along with the continual artemis! trojans.  They were:

                 

                 

                (file name) atapi.sys  (detection name) patched-sysfile.a (location) C:/Windows/systems32/drivers

                 

                (file name) svchost.exe (detection name) new malware.j (location) C:windows/temp/xpbw.tmp

                 

                 

                Not sure how bad these are.  Once again thank you for any help.


                Topper

                • 5. Re: Having Problems With Artemis Trojans

                  Hello Topper,

                  From your description, we were able to analyse the files further. Both are FakeAlert trojan related, as Neha stated in her previous message. Please see details below:

                   

                  Reported: Artemis!547C87C604D5
                  SVCHOST.exe ... Found the Generic FakeAlert!ec trojan !!!
                  (This detection will be available in today's DATs)

                   

                  Reported: Artemis!b375829dfbd8
                  SVCHOST.EXE ... Found the FakeAlert-LS trojan !!!
                  (This detection is available in our current DAT set.)

                   

                  Please make sure both your Engine and DAT files are up to date.


                  Regarding the following files, if you are still having problems, please send us a copy of them for analysis to virus_research@avertlabs.com, in a password-protected ZIP file (password - infected). You can find detailed instructions for how to do this at <http://vil.mcafeesecurity.com/vil/submit-sample.aspx>.

                   

                  (file name) atapi.sys  (detection name) patched-sysfile.a (location) C:/Windows/systems32/drivers
                  (file name) svchost.exe (detection name) new malware.j (location) C:windows/temp/xpbw.tmp

                  Regards,

                  Patty Ammirabile
                  McAfee Labs

                  • 6. Re: Having Problems With Artemis Trojans

                    The Artemis! trojans seem to have gone away so I thank you for helping me with that  I still am sometimes getting redirected to random sights though.

                     

                    As for the other files, I just have a few couple of questions about how to send samples of them.

                     

                    When I go to get the new malware.j files, a folder is there with the specified name, but it says the folder is empty.  Do I send the empty folder or am I doing this wrong.  Also, do I send the file or a copy of the file.  I tried searching this but was unable to find an answer.

                     

                    Once again thank you for your time.

                     

                    Topper

                     

                     

                    Message was edited by: Topper on 2/3/10 2:19:37 PM CST
                    • 7. Re: Having Problems With Artemis Trojans

                      Hi Topper,

                       

                      Please follow below steps , in order to capture the samples, you cna email to us at virus_research@avertlabs.com or visit oor website: http://webimmune.net to submit teh samples:

                       

                      First, in Windows environment, click Tools >> Folder Option in Windows Explorer. Click on the View tab:

                       

                      1. Enable the "Display the Contents of the System Folder"
                      2. Enable "Show hidden files and folders"
                      3. Disable "Hide Protected Operating System File"
                      4. Disable "Hide Extensions for Known file Types"

                      Creating zip / archive files: If necessary, install WinZip.

                      1. Right-click 'Start'
                      2. Select 'Explore'
                      3. Browse to the file to go in the archive  4.Right-click the file  5.If you are using WinZip, select 'WinZip'
                      6. Select 'Add to Zip...'
                      7. Click 'New'
                      8. Specify the name you want to give the zip file, e.g. sample  9. Select a place to save the Zip file to (make a note of this)  10. Click 'OK'
                      11. Click 'Password'
                      12. Enter and confirm a password (infected)  13.Make a note of the password, you will need it for your email  14.Click 'Add'
                      15. Close the archive or add other files.

                      To add files to the archive

                      1. Browse to the next file
                      2. Right-click it
                      3. Select 'WinZip'
                      4. Select 'Add to Zip file'
                      5. Click 'Open'
                      6. Double-click your Zip file (it will probably be displayed, browse to it if     not)
                      7.Click 'Add'
                      8. Close the archive or add other files If you have a system where you can do a test scan, you may first wish to try our beta DailyDATs to get the latest detection available.   You can find this on our web-site at:
                      <http://vil.mcafeesecurity.com/vil/averttools.aspx>

                       

                      Regards,

                      • 8. Re: Having Problems With Artemis Trojans

                        I'm still having problems.  I sent in the samples and McAfee found nothing wrong with them.  The same thing keeps occurring.  Instead of Artemis! detections, McAfee now keeps finding the following:

                         

                        new malware.j

                         

                        generic fakealert!ec

                         

                         

                        I'm open to any suggestions.  I hope you can figure out something becuase it looks like I'm not the only one with these problems.  Thank you for your help.

                         

                        Topper

                         

                         

                        Message was edited by: Topper on 2/12/10 7:14:44 PM CST
                        • 9. Re: Having Problems With Artemis Trojans

                          I'm wondering if I should use the stinger.  I still see there are mixed reviews about it.  Any advice?  Thank you for your time.

                           

                          Topper

                          1 2 Previous Next