5 Replies Latest reply on Apr 16, 2014 11:44 AM by catdaddy



      Hi All,


      The mcAfee internet security detected trojan Artemis!E5FE2A8179D2 after downloading MS project 2010 from a third party website. it could be detected Everytime i run a full scan and whenever i remove with McAfee, it came back again at the same location : C:\Users\eric\AppData\Local\Temp\iswizard05\dwm.exe. Can anyone here advise me a method to remove this annoying bug. Your help is greatly appreciated. Thanks.

        • 1. Re: Artemis!E5FE2A8179D2

          Please follow the inserted  thread/instructions for the Artemis Detection. Kindly post back the Analysis Id #





          Kind regards,


          Message was edited by: catdaddy on 4/12/14 1:48:58 PM CDT
          • 2. Re: Artemis!E5FE2A8179D2

            Are you saying it is a flase detection or a real 1 that is persistant?


            If false do as CD says if persistant  scan with several of the following scanners mentioned here

            McAfee Communities: Anti-Spyware/Malware & Hijacker Tools


            Also delete the temp folder files and Internet temp files 1 way is via the system cleanup option in accessories or administrative tools area of windows.



            In windows/system32/   it is the cleanmgr.exe file

            • 3. Re: Artemis!E5FE2A8179D2
              Nitin Kumar



              I checked this sample and this file does not seem to belong to MS project 2010. It should not have any affect on wokring on MS project.

              as it was downloaded from third party website, it could be a part of other toolbar or budled software installation.


              Please uninstall any unwanted toolbar if installed without your knowledge.

              If this file is need, you can contact support for instruciton on "creating exclusion for this file".



              Nitin Kumar

              McAfee SME

              • 4. Re: Artemis!E5FE2A8179D2

                Nownitin or Nitin this user is a consumer user he cannot as yet create a real time scanning exclusion.


                The file is also in the temp folder so best to delete i I would assume (the file that is)


                iwizard05 is I feel a known issue it is is a bitcoin miner trojan so the search links say do a search on it  have a read also



                Try the scanners mentioned here as well as malwarebytes antirootkit

                McAfee Communities: Anti-Spyware/Malware & Hijacker Tools


                maybe also a good idea to restore (go to a restore point) before this happened provided you do not lose anything you need and or disable the current restore points as the infection could be returning


                Message was edited by: Peacekeeper on 16/04/14 7:53:41 PM
                • 5. Re: Artemis!E5FE2A8179D2

                  If I may add in addition, I agree with all of the suggestions Peacekeeper has given. Also here is a excellent removal Guide for the "Bitcoinminer" infection. It includes all of the Anti-Malware Tools with-in the link Tony gave,and additional steps.


                  When running McAfee Rootkit Remover, it is recommended to "Right Click" on the program,and run as Administrator.


                  I would keep the link at hand Peacekeeper suggested, in case need for further use arises.


                  If one chooses to use, here is the link:  http://malwaretips.com/blogs/pup-bitcoinminer-virus/


                  In certain scenarios, for really stubborn Malware one should run in "SafeMode/Networking"




                  Message was edited by: catdaddy on 4/16/14 11:44:11 AM CDT