Yesterday while on the internet, www1.dataguard-31p.com/...etc... popped up in a new internet tab, said: "Security Threat Analysis" and "Windows Security Alert", and asked to open "packupdate_build106_2045.exe" (binary file) through "www2.formyprotection34_pd.xmg.pl". From some internet searching it appears our computer was hit with a Fake Alert. McAfee then alerted me a few times when it caught some trojans, while I proceeded to shut down my browser windows to rid of the Fake Alert that was on the screen.
We use Mozilla Firefox as our internet browser and McAfee Total Protection as our security software program.
I checked security settings and it looks like our firewall through XP was turned off, so I turned that back on. Then I rebooted in Safe Mode with Networking. I also tried a system restore, but that did not seem to help. McAfee real-time scanning is currently disabled, but I think that is because I am in Safe Mode while I try to fix the issue???
A full scan using McAfee found nothing. Then I downloaded and ran McAfee's Stinger through a link I found in a McAfee Community Thread Post and the first scan didn't find anything. So I changed the preferences to "report only", "very high" heuristics, and disabled the option to "scan inside compressed files, and scanned again. This time the scan found the following:
**see attached report file** (scroll down to the second report in the file; 8 Artemis trojans)
I also downloaded and ran Malwarebytes (through a link I found in a McAfee Community Thread Post) and this is what it found and removed (and I rebooted computer again in Safe Mode with Networking after removing this infected file):
Objects scanned: 272359
Objects infected: 1 (vendor: malware.trace, category: file, item: C:\ProgramData\sysReserve.ini)
Full scan of C:\|D:\|E:\
Since McAfee Stinger found the Artemis trojans in report only mode, how do I remove these infected files from our computer? What does this Artemis trojan do (what is its function?)? What else do I need to do to rid of the infections? How will I know when the computer is safe to use again as normal? Let me know if you need any further information.
I have not logged into my email, etc. since this Fake Alert occurred. Also, Windows Security Center is turned off and will not let me turn it back on.
Thank you in advance for your help.
**Added following to post/thread after original post was made**:
The Stinger program I ran first (that turned up 8 Artemis trojans) was the Stinger specifically made for Fake Alerts (10.0.1.758). I just downloaded and ran the general version (10.0.1.854) too, but that one turns up nothing except for clean files (250069 clean files). I also ran another McAfee scan by right-clicking on Computer and clicking scan. The scan results show 300753 items scanned, 0 items detected, 0 items fixed, and 0 items remaining.
Oh, and I also moved this post/question from the main community page to the one called "Home User Assistance". I hope this post is in the right place to get some help with this issue and get our computer back in working condition again asap.
**Correction, using Windows Vista, NOT XP.**
Message was edited by: czander on 5/13/10 5:39:30 PM CDT
Message was edited by: czander on 5/13/10 5:43:42 PM CDT
Message was edited by: czander on 5/13/10 6:19:29 PM CDT
fakealertstinger.txt.zip 794 bytes