4 Replies Latest reply on Feb 9, 2010 12:11 PM by dmeier

    Artemis Trojan and pop-up ads

      We are having problems. When online using Firefox, every few minutes the McAfee bubble pops up and warns us of a series of trojans that it says it has removed. Some example messages are:


      McAfee has automatically blocked and removed a Trojan.


      About this Trojan

      Detected: Artemis!D61EA6F88471 (Trojan), Artemis!D61EA6F88471 (Trojan)

      Location: C:\Program Files\wpp.exe


      Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.


      McAfee has automatically blocked and removed a Trojan.


      About this Trojan

      Detected: Artemis!D61EA6F88471 (Trojan)

      Location: C:\Documents and Settings\Trina\Local Settings\Temporary Internet Files\Content.IE5\49VBZEXV\PC_protect[1].exe


      Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer..



      Then, every few minutes we get a pop-up ad for scam security software. Some of these ads are disguised to look like a Windows update.


      I've run 3 McAfee full scans since this started yesterday, and nothing has been detected or quarantined. It seems like the McAfee software is saying that it is blocking/removing these trojans, but the scammy pop-up ads keep appearing.


      Any help you could give us on this would be much appreciated.

        • 1. Re: Artemis Trojan and pop-up ads



          Well, as of this morning I'm not getting the McAfee warning bubbles anymore, but when online I'm still getting the scammy pop-up ads. Another change: yesterday the pop-ups were appearing mostly in Firefox Windows, and occasionally IE would start up in order to display a pop-up ad. Today, there are no more Firefox pop-ups, just IE ones. I've used the task manager to close all of the pop-ups. The thing is, I don't and have never used IE. I don't even know how I would go about opening IE--I don't have a desktop icon for it and don't know where it is located in my program files.


          Also, I've been trying to research this problem online, and every once in a while when I click on the link for a website, I am redirected to another website--usually a search engine website. This has happened even when I am clicking on a link to the McAfee website. When I click back and click on the link again, it takes me to the appropriate website.


          I have looked through the discussions here and I understand that there is a "stinger" that I can run that might take care of this problem, but I have also read some of the user experiences in using this "stinger" and I am awfully reluctant to try it. I am not very tech-savvy (ex: I have never heard of a "stinger" until now), and reading about other users' frozen computers worries me.


          I am currently running another full McAfee scan, and at 33% completion it says it has detected 77 items and quarantined 1, which is a lot more than the 0 and 0 that my previous 3 scans resulted in. So maybe McAfee has figured out how to fix this?


          I'll update at the end of my scan and after restart of my computer--perhaps the problem will be taken care of. If not, I sure would appreciate some guidance.

          • 2. Re: Artemis Trojan and pop-up ads

            Let us know how the scan went, and perhaps if necessary we can help you run that Stinger utility.  It can be configured to detect only, so you can see what it finds first.  Then you could scan again and allow it to scan and clean.  Under preferences, be sure to enable the network heuristic check (Artemis), to around medium or so.


            Post back your results, and we'll go from there.


            - David

            • 3. Re: Artemis Trojan and pop-up ads



              Things are looking up! I'm not getting any more pop-up ads, and the McAfee trojan detection balloons are still not appearing any more.


              The results of the scan are two trojans quarantined and one potentially unwanted program detected.


              The info for the trojans:

              Detection name: Artemis!670582C6C398

              File names: C:\Windows\system32\MEPOLOVE.EXE, C:\Program Files\ADB9_32.EXE


              The potentially unwanted program looks like a whole bunch (60 or so) of files with names like winFB.tmp, winFB.tmp, winF1.tmp, winE0.tmp...etc located in one folder: C:\Documents and Settings\User\Local Settings\Temp. The McAfee Detection Name for these files is Artemis!BD1035859553C.


              The McAfee software wanted me to choose to trust or remove these files. I went ahead and chose to remove--hope that was the right choice!


              I'm not sure why my previous scans turned up nothing and this scan turned up so much, but at this point I'm just happy that things appear to be fixed.


              Thanks very much for your reply to my question. I think that all is well at this point, but it is great to know that I can come back here to get help in the event that things aren't truly fixed.


              Thank you again!

              • 4. Re: Artemis Trojan and pop-up ads

                Great to hear you're on track again.  The Artemis detections are likely what has helped.  Within VirusScan, as well as that FakeAlert Stinger, there is a "network heuristic check", that actually uses DNS to reach out to our database, to see if a file has recently been added.  With this, we can close the detection gap created by released dat files every 24 hours.


                Anyway, I'm glad things are working, and by all means, let us know if you need anything in the future.


                - David