3 Replies Latest reply on May 5, 2010 5:15 AM by SamSwift

    Artemis cannot get rid of it

      I got the Artemis9E68E7c20BD2.  Security pop-ups would lock up my computer.  I ran the Mcafee scam and it detected/quarantined 2 trojans "Artemis9E68E7c20BD2" and "Artemis!9E68E7c20BD2".  It did not provide a way to remove it.  The screen would go completely blank except for the pop up stating "Warning your personal computer needs to install antivirus software.  Total PC Defender can perform a scan of your computer. "  "My Computer online scan WIE"  "computer danger of malware"

      I would need to go to task master to shut it down.  When I ended the "securty threat" IE it would shut all IEs.

      I deleted any process with a significant amount of numbers and emptied the rycyle bin.  I rebooted and ran the McAfee scan again and it showed no virus, however I kept getting the same pop-ups.

      I updated Windows, Mcafee and downloaded "Stinger" .  Went to the safemode and ran McAfee scan which stated it needed to be fixed.  When I am in normal mode it states Mcafee is updated but in the "Safe mode with networking" it states it needs to be fixed.  I ran Stinger in safe mode and it detected and deleted "Artemis04004E67268B" which is different than the virus Mcafee detected.

      Rebooted, ran scan and no virus yet the pop-ups keep coming.  If I start task master and stop process "bill106.exe*32"  and 2 "dllhost.exe*32 the popups seem to stop.

      Any ides?  Thanks

        • 1. Re: Artemis cannot get rid of it

          ran another McAfee Scan and have "genericdropper!cxr" trojan

          • 2. Re: Artemis cannot get rid of it

            Hello,

             

             

            The bill106.exe and dllhost.exe files would seem to be malicious, even though you have killed the running process via the task-manager the files are still active, since killing them via the task-manager does NOT delete them.

             

             

            Go to start and then run> type msconfig and click ok. Click on the startup tab and check to see if those entries are present, if so, make a note of there locations, i believe bill106.exe would be found in C:\Windows folder and dllhost.exe may also be found there are well; although it could also be found in C:\Windows\system32 folder.

             

             

            If they are to be found in those locations, kill those files in the task-manager and then go the location of where those files are to be found and delete them, they should offer no resistance. You could zip the files into archive by using Winrar and then send those files to the lab, before you delete them.

             

             

            Next, follow instructions in the link below, IGNORE the ads at the top and SCROLL down the page to read all the information

             

             

            http://www.bleepingcomputer.com/virus-removal/remove-total-pc-defender

             

             

            Only run Malwarebytes in safe mode if you are unable to run in normal mode.

            • 3. Re: Artemis cannot get rid of it
              SamSwift

              Marking as assumed anaswered due to age of post