5 Replies Latest reply on Apr 16, 2014 11:44 AM by catdaddy

    Artemis!E5FE2A8179D2

    storm33

      Hi All,

       

      The mcAfee internet security detected trojan Artemis!E5FE2A8179D2 after downloading MS project 2010 from a third party website. it could be detected Everytime i run a full scan and whenever i remove with McAfee, it came back again at the same location : C:\Users\eric\AppData\Local\Temp\iswizard05\dwm.exe. Can anyone here advise me a method to remove this annoying bug. Your help is greatly appreciated. Thanks.

        • 1. Re: Artemis!E5FE2A8179D2
          catdaddy

          Please follow the inserted  thread/instructions for the Artemis Detection. Kindly post back the Analysis Id #

           

          http://vil.nai.com/vil/submit-sample.aspx

           

           

          Kind regards,

           

          Message was edited by: catdaddy on 4/12/14 1:48:58 PM CDT
          • 2. Re: Artemis!E5FE2A8179D2
            Peacekeeper

            Are you saying it is a flase detection or a real 1 that is persistant?

             

            If false do as CD says if persistant  scan with several of the following scanners mentioned here

            McAfee Communities: Anti-Spyware/Malware & Hijacker Tools

             

            Also delete the temp folder files and Internet temp files 1 way is via the system cleanup option in accessories or administrative tools area of windows.

             

             

            In windows/system32/   it is the cleanmgr.exe file

            • 3. Re: Artemis!E5FE2A8179D2
              Nitin Kumar

              Hello,

               

              I checked this sample and this file does not seem to belong to MS project 2010. It should not have any affect on wokring on MS project.

              as it was downloaded from third party website, it could be a part of other toolbar or budled software installation.

               

              Please uninstall any unwanted toolbar if installed without your knowledge.

              If this file is need, you can contact support for instruciton on "creating exclusion for this file".

               

              Regards,

              Nitin Kumar

              McAfee SME

              • 4. Re: Artemis!E5FE2A8179D2
                Peacekeeper

                Nownitin or Nitin this user is a consumer user he cannot as yet create a real time scanning exclusion.

                 

                The file is also in the temp folder so best to delete i I would assume (the file that is)

                 

                iwizard05 is I feel a known issue it is is a bitcoin miner trojan so the search links say do a search on it  have a read also

                https://community.mcafee.com/thread/66288?start=10&tstart=0

                 

                Try the scanners mentioned here as well as malwarebytes antirootkit

                McAfee Communities: Anti-Spyware/Malware & Hijacker Tools

                 

                maybe also a good idea to restore (go to a restore point) before this happened provided you do not lose anything you need and or disable the current restore points as the infection could be returning

                 

                Message was edited by: Peacekeeper on 16/04/14 7:53:41 PM
                • 5. Re: Artemis!E5FE2A8179D2
                  catdaddy

                  If I may add in addition, I agree with all of the suggestions Peacekeeper has given. Also here is a excellent removal Guide for the "Bitcoinminer" infection. It includes all of the Anti-Malware Tools with-in the link Tony gave,and additional steps.

                   

                  When running McAfee Rootkit Remover, it is recommended to "Right Click" on the program,and run as Administrator.

                   

                  I would keep the link at hand Peacekeeper suggested, in case need for further use arises.

                   

                  If one chooses to use, here is the link:  http://malwaretips.com/blogs/pup-bitcoinminer-virus/

                   

                  In certain scenarios, for really stubborn Malware one should run in "SafeMode/Networking"

                   

                  Regards,

                   

                  Message was edited by: catdaddy on 4/16/14 11:44:11 AM CDT