9 Replies Latest reply on Sep 5, 2013 6:20 AM by gmolchanov

    Artemis found, help?

      Mcafee has detected Artemis !907EA476859C

      was detected on 7/16, 7/30, and 8/16 

      labeled trojan first two times third is unknown,

      first two detections are now in quaruntine the third i cannot find 


      have not noticed any errors (except in safe mode "AMD Graphics card is not working properly."

      except with mcafee itself which could have existed prior to but were noticed after a system restore

      all functions which involve the use of the internet do not work and an error message is given


      when trying to send to mcafee error says file is to large

      the list of potentially unwanted programs in quaruntine does not load properly - error a script is causing your web browser to run slowly.. may make computer unresponsive continue running script?


      I cannot acces virus library through mcafee "locale data files cannot be found please re-install" may be due to system restore which removed google chrome? similar message when the link on the virus' name in quaruntine is clicked on. 


      virus found in C:\Users\Yuliya\AppData\Local\Temp\is127559350\NexGenMediaPlayerSetup.exe each of the three times


      suggestions help? thanks. sorry hurried typing.

        • 1. Re: Artemis found, help?

          OK send the file via getsusp let it detect the file and submit it  Do this immediately after a reboot when the file is not detected and moved to quarantine area.

          McAfee Communities: Anti-Spyware/Malware & Hijacker Tools

          Add your email address to the programs preferences.


          Getsusp is a mcafee program that submits suspicious files to Mcafee. The labs then can test the file and create a removal method within the dat/engine.

          Try also to scan with some of the other scanners in the link above.


          Also after this clean up all your temp files both windows and browser and browser caches.


          An explaination of artemis detection

          Well, Artemis detections are not in a DAT, by definition. Artemis (or it's official name GTI, Global Threat Intelligence) is only used when a questionable behavior occurs AND No DAT signature is defined for the behavior. At that point, the scan engine creates a hash of the file in question and sends the hash to the on-line server at McAfee, to see if other systems have discovered the same. When a match has occurred, the GTI server sends back a number, say A58241894C3C, which states that this has been detected before.


          Unfortunately, this is not much information for you or I to go on. Additionally, the Artemis number issued only specifies that a quarantine should take place, as there is not enough information from the hash given, to define operations, like Clean.


          When enough information is gathered regarding a suspicious behavior or file, and enough testing is done, the Artemis detection is then added to the DAT file. At that time, more operations, like Clean, are available and a more traditional infection Name is given. Until this happens, the Threat Center is not able to help much.


          At the beginning of this process, the scan engine goes to Artemis when the issue is not defined within a DAT. Once the new DAT file contains the signature and process for cleanup, the Artemis lookup is not done.


          Artemis is useful to handling zero-day outbreaks, stopping the spread before full knowledge and understanding of the malware is known. Information about a detection (by Artemis number) is only available to McAfee. Once the malware is better defined and added to the DAT file, information about that detection can be looked up by the traditional name issued by McAfee.

          1 of 1 people found this helpful
          • 2. Re: Artemis found, help?

            The file detected as an artemis was 10 mb, it was installed by someone other than myself in the process of installing a college library e-reader, I have used shredder to erase the setup and a folder of similar name, I also uninstalled programs which appeared around the time of the "Media Player" 's installation, I used shredder to erase temporary internet files, after a reboot mcafee was updated with windows, scan came up clean in regular start up mode, after going online i scanned the computer again before powering off, computer detected f_002221 and f_02220 as trojans namely "JS/Exploit!JNLP.g" found in C:\User\Yuliya\AppData\Local\Google\Chrome\UsersData\Default\Cache when i try to search for this file location the search comes up empty, when i access the Yuliya folder i cannot find a folder labeled AppData, Mcafee seems to function better with regards to the internet the problem may have been that IE was not the default browser although when i tried to send the newly detected trojans to Mcafee i recieved a message which told me an error had occured and i was not able to send the files, while when i clicked on the virus' name as a link it worked (Also while using shredder i deleted files in quaruntine and potentially unwanted programs). 


            I do not know how to clean up temporary files for windows/ browser caches, is mcafee shredder enough for temporary browser files? how do i cleanup windows temporary files what would i use, where would i find them?

            • 4. Re: Artemis found, help?

              i have run getsusp, but this is after i have used shredder to erase the file detected as an artemis. the strange thing about the chrome folder is that chrome is not currently installed. The only thing i see going wrong right now is that i cannot send the files identified as JS/Exploit!JNLP.g to mcafee, is this because it is already a known threat? Getsusp did not detect JS/Exploit files, 3 files were found suspicious and 25 were unknown, 3 suspicious were...






              i have disabled system restore while running a scan and getsusp and stinger. Stinger came up with no detections on very high GTI sensitivity setting (under scan options "report applications' was not selected)


              so is the mcafee send error to mcafee normal due to the threat being known?

              will google cache be cleared when i clean temp files with disk cleanup?

              should i be concerened for the suspicious files detected in getsusp?

              • 5. Re: Artemis found, help?

                *should i bother trying Mcafee Rootkit Remover

                and stinger, Mcafee, and getsusp are not being run in safe mode, rather i am in normal startup

                • 6. Re: Artemis found, help?

                  The send error do you mean from the quarantine folder option? If so this works sporatically so best way is to send it.


                  I posted a link of clearing the cache though you said it was not installed. Is there an option in programs and features to remove chrome if so do so if you do not use it.


                  Try Malwarebytes it has a rootkit remover as well tho I do not think you have 1.

                  • 7. Re: Artemis found, help?

                    I had already uninstalled chrome through control panel in programs and features when this viruses were detected in the chrome cache folder, i have checked and google is not currently on the list of programs in control panel


                    i have now used disk cleanup.. but a google chrome folder still exists under appdata despite my uninstallation should i use mcafee shredder to delete it?


                    In regard to send error, yes i do mean the option from the quaruntine folder when i hit send to mcafee i recieve a notification that an error has occured.

                    do you mean that quaruntine works sporatically or the send option does so? 

                    if i cannot send it should i delete the files in quaruntine?

                    • 8. Re: Artemis found, help?

                      I never trust the send option I always email Mcafee false +ves or use getsusp.


                      Re deletion check if the files are part of anything important ie windows if not delete them. If in temp folder or rather found there delete them


                      Message was edited by: Peacekeeper on 5/09/13 1:56:55 PM
                      • 9. Re: Artemis found, help?

                        where could i find the quaruntined files so i could send them?


                        I have found my google email account to have been disabled could this be because of getsusp. or would this be likely due to malware?