3 Replies Latest reply on Jul 19, 2010 8:37 PM by DoZe

    Please help me. I believe my machine's infected with trojan(s).

      My computer has been exhibiting strange behavior for a while now.  The annoyances have reached 'critical mass' and MUST BE STOPPED!

       

      I have read the post "Home User Assistance Malware Troubleshooting" and have followed the instructions.  The Safe Mode scan found zero items infected, however, the Stinger Safe Mode scan the first time did not complete and shut down computer; the second time it found 18 trojans. I have attached a screen shot of the completed McAfee Safe Mode scan and the text file report from the Stinger Safe Mode scan listing the 18 trojans it found. Per the instructions, I set the 'Heuristics" level to VERY HIGH and the "On virus detection" to Report Only so Stinger did not repair the items it found.

       

      According to the instructions, posting these results here is the next step.  So here are my results:

       

      7-18-10 McAfee Safe Mode Scan:

       

      7-18-2010 McAfee Safe Mode Scan Screen Shot.jpg

      7-18-2010 Stinger Safe Mode Scan:

       

      McAfee® Stinger Version 10.0.1.934 built on Jul  2 2010

      Copyright © 2010 McAfee, Inc. All Rights Reserved.

      Virus data file v1000 created on Jul 2 2010.

       

      Ready to scan for 3659 viruses, trojans and variants.

      Scan initiated on Sun Jul 18 15:48:38 2010

       

      ·         C:\Users\DIVAD\AppData\Local\Temp\7zS0855\OJ6500vE709_Basic_13\setup\scan\Scan.c ab\HPQKYGRP.EXE.FF4F4AF1_8737_4AF6_AE69_9A5AA1AD1FD8

                    Found the Artemis!05CD76410B13 trojan !!!

      ·         C:\Users\DIVAD\AppData\Local\Temp\7zS555A\OJ6500vE709_Full_13\setup\destinations \Destinations.cab\HPQIRS08.EXE1

                    Found the Artemis!2837C3755F21 trojan !!!

      ·         C:\Users\DIVAD\AppData\Local\Temp\7zS555A\OJ6500vE709_Full_13\setup\destinations \Destinations.cab\HPQPRNTW.EXE1

                    Found the Artemis!A70404B1A638 trojan !!!

      ·         C:\Users\DIVAD\AppData\Local\Temp\7zS555A\OJ6500vE709_Full_13\setup\scan\Scan.ca b\HPQKYGRP.EXE.FF4F4AF1_8737_4AF6_AE69_9A5AA1AD1FD8

                    Found the Artemis!05CD76410B13 trojan !!!

      ·         C:\Users\DIVAD\AppData\Local\Temp\7zS78E4\OJ6500vE709_Basic_13\setup\scan\Scan.c ab\HPQKYGRP.EXE.FF4F4AF1_8737_4AF6_AE69_9A5AA1AD1FD8

                    Found the Artemis!05CD76410B13 trojan !!!

      ·         C:\Users\DIVAD\AppData\Local\Temp\SST\Setup\MotiveClient\MotiveClient.exe\7.nsis

                    Found the Artemis!6C1D222373AE trojan !!!

      ·         C:\Users\DIVAD\Downloads\ATT_SST_Installer.exe\207.nsis\7.nsis

                    Found the Artemis!6C1D222373AE trojan !!!

      ·         C:\Users\DIVAD\Downloads\HP SW and DRIVERS\ATT_SST_Installer.exe\207.nsis\7.nsis

                    Found the Artemis!6C1D222373AE trojan !!!

      ·         C:\Users\DIVAD\Downloads\NotepadPlusPlusPortable_5.6.8_Rev_2.paf.exe\30.nsis

                    Found the Artemis!6D1E8417D5D1 trojan !!!

      ·         C:\Users\DIVAD\Downloads\NotepadPlusPlusPortable_5.6.8_Rev_2.paf.exe\145.nsis

                    Found the Artemis!A749B55A4132 trojan !!!

      ·         C:\Users\DIVAD\Downloads\NotepadPlusPlusPortable_5.6.8_Rev_2.paf.exe\160.nsis

                    Found the Artemis!3D96554062B9 trojan !!!

      ·         C:\Users\RIDJAC1402\Documents\ATT Connection Mgr\ATT_SST_Installer.exe\209.nsis\6.nsis

                    Found the Artemis!B0183CED324A trojan !!!

      ·         C:\Users\RIDJAC1402\Documents\ATT Connection Mgr\ATT_SST_Installer.exe\212.nsis

                    Found the Artemis!0364C47350DE trojan !!!

      ·         C:\Users\RIDJAC1402\Documents\FROM 'ARIES1' FOLDER\Downloads\DirectoryListPrintEN.zip\DirectoryListPrint.exe

                    Found the Artemis!FF1F0CBDC886 trojan !!!

      ·         C:\Users\RIDJAC1402\Downloads\SECURITY\CNET-DOWNLOADS-COM\PARENTAL CONTROL\k9-webprotection-32.exe\8.nsis

                    Found the Artemis!411E0527ADBC trojan !!!

      ·         C:\Windows\hpoj6500e709\OJ6500vE709_Full_13\setup\destinations\Destinations.cab\ HPQIRS08.EXE1

                    Found the Artemis!2837C3755F21 trojan !!!

      ·         C:\Windows\hpoj6500e709\OJ6500vE709_Full_13\setup\destinations\Destinations.cab\ HPQPRNTW.EXE1

                    Found the Artemis!A70404B1A638 trojan !!!

      ·         C:\Windows\hpoj6500e709\OJ6500vE709_Full_13\setup\scan\Scan.cab\HPQKYGRP.EXE.FF4 F4AF1_8737_4AF6_AE69_9A5AA1AD1FD8

                    Found the Artemis!05CD76410B13 trojan !!!

      Number of clean files: 946089

      Number of Trojans: 18

       

      Step 3 of the instructions state to submit a sample to McAfee Labs so I will do that next.  And then I will begin the task of trying to remove these trojans using the best tools I can find.

      I appreciate any help the community can give me regarding my issues and keeping my computer secure in general.

      Thanks in advance for your assistance.