5 Replies Latest reply on May 12, 2014 11:12 PM by Hayton

    Artemis!4A6883609C4E

    302travel

      I keep getting pop-ups from McAfee saying that Artemis!4A6883609C4E has been detected on my laptop.  I've deleted it from quarntine and deleted all my temp files, which is where I thought it was, but I can't seem to get rid of it. The item is listed as kd_18D8.exe and in \AppData\Local\Temp.  Do you know I can get rid of it? I would really appreciate any help you can provide.

       

      Thanks

        • 1. Re: Artemis!4A6883609C4E
          Peacekeeper

          It could  be being restored from the restore folder

           

          Also remove all internet temp files and temp files use windows disk cleanup in accessories or administrative tools  to do this.

          • 2. Re: Artemis!4A6883609C4E
            302travel

            I deleted all my temp files, turned off restore, erased previous restore points, rebooted, and deleted what was in quarntine, more than once, and my computer still has it. Its in the same place, but now its kd_29C2.exe.  Any other ideas on how I can get rid of it? Not sure if it matters, but I have Windows 8....

            • 3. Re: Artemis!4A6883609C4E
              catdaddy

              Please kindly refer to the following thread PeaceKeeper advised. https://community.mcafee.com/message/330941#330941

               

              Please post back your results, should you need us to further assist you.

               

              All the very Best,

              • 4. Re: Artemis!4A6883609C4E
                Peacekeeper

                As well run some of the free scanners in CD's signature

                ie

                https://community.mcafee.com/docs/DOC-2168

                • 5. Re: Artemis!4A6883609C4E
                  Hayton

                  Microsoft does not, it seems, classify this as a threat - yet (although the Microsoft rules on adware are being made much more stringent) so there is no entry for it in the Microsoft malware encyclopedia. Nothing in McAfee's database either, if the detection is heuristic.

                   

                  This is adware, from a Tel Aviv based company (KeyDownload Ltd). A VirusTotal analysis of this or closely-related adware says that it employs dll injection, which is a technique often used by malware.

                   

                  DLL injection is often used by external programs to influence the behavior of another program in a way its authors did not anticipate or intend.

                   

                  The program may have modified browser settings, added extensions or add-ons to browsers, or created an extra browser toolbar. It seems likely that it has also created a hidden copy of itself and modified the registry to ensure that it re-creates itself if you delete files from the temp directory.

                   

                  The links to cleanup utilities that you have already been given should enable you to get rid of the remnants of the adware : AdwCleaner and Malwarebytes are the usual recommendations. McAfee at least has quarantined the executable, but you need to remove any associated files, browser add-ons settings and toolbars, and registry settings.