3 Replies Latest reply on Dec 26, 2012 7:35 AM by tonynmi

    Artemis!BB125C730575 Trojan

      Happy Hollidays everyone!

       

      During my weekly backup, I received a nessage indicating this virus was on my hard drive. I ran a complete scan of my system but the virus was not detected during it. However, when I use the Backup and Restore function in Windows 7, the McAfee warning comes up and stops the backup process. I cannot even locate the directory where this virus is supposed to have been detected in. I've attached a screenshot of the warning dialogue box that pops up.

       

      Has anyone experienced anything like this or know how I can get around this to complete my backup?

       

      Thanks

      Tony

        • 1. Re: Artemis!BB125C730575 Trojan
          Hayton

          The file location shows that the Trojan is detected now but wasn't detected at some earlier time. It got backed up automatically, so you've got an infected Restore point. If you don't know which one is infected - and there could be more than one - you may have to delete them all. The alternative is to start with the oldest and delete a few, and repeat until the message no longer appears.

           

          The full directory path may not now exist. "Appdata\Roaming" of course corresponds to XP's "Application Data" and is Hidden.

           

          The AppData\Roaming folder ... is the same as the Documents and Settings\username\Application Data folder in Windows XP.

           

          You'll have to select 'View hidden files and folders' to see it.

          • 2. Re: Artemis!BB125C730575 Trojan

            Hi,

             

            Thank you for bringing this up to our notice. It does seem malicious. We strongly recommend you to submit the file for analysis once you have located it on the affacted machine. Sample submission processes are explained here:

             

            http://www.mcafee.com/uk/mcafee-labs/resources/how-to-submit-sample.aspx

             

            E-mail method should be suitable here.

             

            Regards,

            Showvik

            1 of 1 people found this helpful
            • 3. Re: Artemis!BB125C730575 Trojan

              Thanks for the suggestions, I appreciate it. I was able to locate the folder but not the file in question so I am unable to submit it for further analysis. However, I restored my previous system image, performed a full scan and then did my weekly backup and all is well.

               

              Thanks again.