6 Replies Latest reply on Aug 28, 2013 12:55 AM by Peacekeeper

    Artemis!1827263D2D87

      I keep getting messages from McAfee Internet Security about some file within a folder that constantly changes in my Appdata/Local/Temp about this Trojan?

       

      The folder and the .exe file that trigger the response are always randomly lettered, and have never shared the same string of letters (no numbers)

       

      Is this a false positive or is there a virus embedded within my computer that's constantly restoring the Trojan?

       

      The last time this occoured (20 minutes ago) the folder was named "rwvrcuxqepwh", containing a set of various .dll files and the "infected" .exe file was called "rqjsxfkmjf.exe". McAfee has removed the infected file, but not the folder itself.

       

      Please help?

        • 1. Re: Artemis!1827263D2D87
          Peacekeeper

          Sounds like malware have you tried clearing all temp files and folders. Run the windows cleanup tool and see if that helps.

           

          Then try  restore point prior to this happening if the cleanup fails to stop this

          • 2. Re: Artemis!1827263D2D87

            I've cleaned out the temp folder manually, as well as using the tool, but it's still happening.

             

            Also, I've checked the restore points, and for some reason there are none before the issue arose.

             

            The latest folder and file to be created and scanned is /Temp/"kwxkcobaeo"/"wvrooczay.exe"

             

            Finally, after every reboot I try to send the infected file from my quarantine, but it always gives me an error screen saying "Error Occoured: Send Failed", every single time.

             

            Message was edited by: kongqy on 8/26/13 11:25:15 AM CDT
            • 3. Re: Artemis!1827263D2D87

              Should I attempt to restore to the earliest point and try to remove from there?

              • 4. Re: Artemis!1827263D2D87
                Peacekeeper

                OK send the file via getsusp let it detect the file and submit it  Do this immediately after a reboot when the file is not detected and moved to quarantine area.

                McAfee Communities: Anti-Spyware/Malware & Hijacker Tools

                Add your email address to the programs preferences.

                 

                Getsusp is a mcafee program that submits suspicious files to Mcafee. The labs then can test the file and create a removal method within the dat/engine.

                Try also to scan with some of the other scanners in the link above.

                 

                You could also try scanning in safe mode with the programs listed might be easier to remove. WRT restore I feel all points are infected you could try the oldest but better to clear all after scanning and a new cleaning of the temp files and explorer cache

                • 5. Re: Artemis!1827263D2D87

                  Ok, Getsusp found 3 false, infected hkcmd.exe files hidden in random folders on my computer.

                  I deleted those and now my computer's fine.

                  Thanks!

                  • 6. Re: Artemis!1827263D2D87
                    Peacekeeper

                    Monitor it for a while in case it returns good luck