1 Reply Latest reply on Aug 27, 2013 4:30 AM by Peacekeeper

    Artemis trojans keep showing up on my computer

      McAfee keeps detecting Artemis trojans on my computer over the past month.  Every time McAfee removes them, another Artemis trojan pops up a few weeks later.  Also, these Artemis trojans have a different name each time.  The latest ones McAfee detected were Artemis!120B5043E992 and Artemis!8DD26E31B9D9.  Can anyone tell me what these specific trojans do, and why they keep showing up on my computer?  Thanks in advance.

       

       

      John

        • 1. Re: Artemis trojans keep showing up on my computer
          Peacekeeper

          rmetzger  here explains this type of detection as

          Well, Artemis detections are not in a DAT, by definition. Artemis (or it's official name GTI, Global Threat Intelligence) is only used when a questionable behavior occurs AND No DAT signature is defined for the behavior. At that point, the scan engine creates a hash of the file in question and sends the hash to the on-line server at McAfee, to see if other systems have discovered the same. When a match has occurred, the GTI server sends back a number, in your case Artemis!120B5043E992, which states that this has been detected before.

           

          Unfortunately, this is not much information for you or I to go on. Additionally, the Artemis number issued only specifies that a quarantine should take place, as there is not enough information from the hash given, to define operations, like Clean.

           

          When enough information is gathered regarding a suspicious behavior or file, and enough testing is done, the Artemis detection is then added to the DAT file. At that time, more operations, like Clean, are available and a more traditional infection Name is given. Until this happens, the Threat Center is not able to help much.

           

          At the beginning of this process, the scan engine goes to Artemis when the issue is not defined within a DAT. Once the new DAT file contains the signature and process for cleanup, the Artemis lookup is not done.

           

          Artemis is useful to handling zero-day outbreaks, stopping the spread before full knowledge and understanding of the malware is known. Information about a detection (by Artemis number) is only available to McAfee. Once the malware is better defined and added to the DAT file, information about that detection can be looked up by the traditional name issued by McAfee.

          This means they are new and Mcafee will have removal methods in teh dat/engine later on.

           

          Some things to consider they are being quarantined so from what folder are they being taken. If a temp folder might be a good idea to clean them up.