Windows Support Forum

Infected with Artemis!5D6D0D37027

Q: Infected with Artemis!5D6D0D37027

I believe in May my wife opened something we got all these pop ups saying your computer had viruses and something like it needed to be scanned with Artemis!5D6D0D37027 Infected It was in an internet explorer window I use fire fox So I came hear and Quietman was very helpful and seemed to have solved the problem Topic referenced is here http www bleepingcomputer com forums t i-have-artemis-trojan-and-cant-remove-it OB Recently it started acting up When I came here it put up the lofi version and many Infected with Artemis!5D6D0D37027 of the pages on face book did not work It just did not work correctly I went through the same things that I did before When I deleted the off-line content in fire fox everything started working fine Shortly it went back to not working correctly and I deleted the Offline content and it is fine again It si fine today but there is obvioully a problem and I ran Mcafee again and it still exists DDS Ver - - - NTFSx Run by Michael at on Tue Internet Explorer Microsoft Windows Vista Infected with Artemis!5D6D0D37027 Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF SP SUPERAntiSpyware disabled Updated A C- - e- F- Infected with Artemis!5D6D0D37027 E AC DA Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system AUDIODG EXEC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Common Files ArcSoft Connection Service Bin ACService exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Windows system dlbxcoms exeC Windows system lxblcoms exeC Program Files McAfee SiteAdvisor McSACore exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Windows system rundll exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system svchost exe -k imgsvcC Program Files TVersity Media Server MediaServer exeC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system DRIVERS xaudio exeC Windows system WUDFHost exeC PROGRA McAfee MSC mcmscsvc exeC Windows system taskeng exec PROGRA mcafee com agent mcagent exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Windows Defender MSASCui exeC WINDOWS System igfxtray exeC WINDOWS System igfxpers exeC WINDOWS sttray exeC Program Files iTunes iTunesHelper exeC WINDOWS ehome ehtray exeC Users Michael Program Files DNA btdna exeC Program Files Palm Hotsync exeC Program Files Windows Media Player wmpnscfg exeC Windows system wbem unsecapp exeC Windows ehome ehmsas exeC Windows system wbem wmiprvse exeC PROGRA McAfee VIRUSS mcsysmon exec PROGRA COMMON mcafee mna mcnasvc exeC Program Files iPod bin iPodService exeC Windows system svchost exe -k SDRSVCC Program Files Cobian Backup cbService exeC Program Files Cobian Backup cbInterface exeC PROGRA McAfee VIRUSS mcods exec PROGRA mcafee VIRUSS mcvsshld exeC Program Files Mozilla Firefox firefox exeC Windows system rundll exeC Windows system sdclt exeC Users Michael Downloads dds scrC Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google comuSearch Bar hxxp www google com iemStart Page hxxp www gateway com g startpage html Ch Retail amp Br EM amp Loc ENG US amp Sys DTP amp M W mDefault Page URL hxxp www gateway com g startpage html Ch Retail amp Br EM amp Loc ENG US amp Sys DTP amp M W uInternet Settings ProxyOverride localuSearchURL Default hxxp search yahoo com search fr mcafee amp p smSearchAssistant hxxp www gateway com g sidepanel html Ch Retail amp Br EM amp Loc ENG US amp Sys DTP amp M W BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO Skype add-on mastermind bf b-c d - d - a -a f ba c - c program files skype toolbars internet explorer SkypeIEPlugin dllBHO McAfee Phishing Filter b a- - a -b -be afe ab - c progra mcafee msk mskapbho dllBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google googletoolbar dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllBHO McAfee SiteAdvisor BHO b e -a b - a -b - cd e a ff - c progra mcafee sitead mcieplg dllBHO CBrowserHelperObject Object ca c - b - e-a -a c db f - c google BAE dllTB amp Google c b - - d - b - a cd f - c program files google googletoolbar dllTB Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dllTB McAfee SiteAdvisor Toolbar ebbbe -bad - b c- e a- abecae - c progra mcafee sitead mcieplg dlluRun ehTray exe c windows ehome ehTray exeuRun DW c program files the weather channel fw desktop DesktopWeather exe uRun BitTorrent DNA c users michael program files dna btdna exe uRun Sidebar c program files windows sidebar sidebar exe autoRunmRun Windows Defender ProgramFiles Windows Defender MSASCui exe -hidemRun BigFix c program files bigfix bigfix exe atstartupmRun IgfxTray c windows system igfxtray exemRun HotKeysCmds c windows system hkcmd exemRun Persistence c windows system igfxpers exemRun SigmatelSysTrayApp sttray exemRun HotSync c program files palmsource desktop HotSync exe -AllUsersmRun DLBXCATS rundll c windows system spool drivers w x DLBXtime dll RunDLLEntry mRun Adobe Reader Speed Launcher c program files adobe reader reader Reader sl exe mRun mcagent exe c program files mcafee com agent mcagent exe runkeymRun QuickTime Task c program files quicktime QTTask exe -atboottimemRun AppleSyncNotifier c program files common files apple mobile device support bin AppleSyncNotifier exemRun iTunesHelper c program files itunes iTunesHelper exe mRun Cobian Backup interface c program files cobian backup cbInterface exe -serviceStartupFolder c progra micros windows startm programs startup hotsyn lnk - c program files palm Hotsync exemPolicies-system EnableUIADesktopToggle x IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE B E C - FCB- CF-AAA - C - CAFEEFAC- - - -ABCDEFFEDCBC - c program files java jre bin npjpi dllIE A- - f c- - EE C C - E -E D - - C-F F E C - c progra micros office ONBttnIE dllIE BF - - EC - -D B E B - BF - - EC - -D B E B - c program files skype toolbars internet explorer SkypeIEPlugin dllIE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLLLSP c windows system wpclsp dllHandler belarc - E AB- E - D -B ED- CC A F - c program files belarc advisor system BAVoilaX dllHandler sacore - F E- B- E - B - E CC - c progra mcafee sitead McIEPlg dllHandler skype com - FFC B - B - DFF- - C DD F D - c progra common skype SKYPE DLLNotify SASWinLogon - c program files superantispyware SASWINLO DLLNotify igfxcui - igfxdev dllSEH SABShellExecuteHook Class ae d - afb- e - a-ebb f a da - c program files superantispyware SASSEH DLL FIREFOX FF - ProfilePath - c users michael appdata roaming mozilla firefox profiles ljj g w default FF - prefs js browser startup homepage - hxxp cm my yahoo com http us mg mail yahoo com dc launch gx amp rand mpdk sd rh http mail google com mail contacts http www pandora com http www facebook com home php http www myfoxphilly com subindex weatherFF - component c program files mcafee siteadvisor components McFFPlg dllFF - plugin c progra palm packag NPInstal dllFF - plugin c program files google google updater npCIDetect dllFF - plugin c program files java jre bin npjava dllFF - plugin c program files java jre bin npjava dllFF - plugin c program files java jre bin npjava dllFF - plugin c program files java jre bin npjava dllFF - plugin c program files java jre bin npjava dllFF - plugin c program files java jre bin npjpi dllFF - plugin c program files java jre bin npoji dllFF - plugin c program files mozilla firefox plugins npbittorrent dllFF - plugin c users michael appdata roaming mozilla firefox profiles ljj g w default extensions moveplayer movenetworks com platform winnt x -msvc plugins npmnqmp dllFF - plugin c users michael program files dna plugins npbtdna dllFF - HiddenExtension Microsoft NET Framework Assistant a -c - ed- e - b - c windows microsoft net framework v windows presentation foundation dotnetassistantextension ---- FIREFOX POLICIES ----c program files mozilla firefox greprefs all js - pref media enforce same site origin false c program files mozilla firefox greprefs all js - pref media cache size c program files mozilla firefox greprefs all js - pref media ogg enabled true c program files mozilla firefox greprefs all js - pref media wave enabled true c program files mozilla firefox greprefs all js - pref media autoplay enabled true c program files mozilla firefox greprefs all js - pref browser urlbar autocomplete enabled true c program files mozilla firefox greprefs all js - pref capability policy mailnews wholeText noAccess c program files mozilla firefox greprefs all js - pref dom storage default quota c program files mozilla firefox greprefs all js - pref content sink event probe rate c program files mozilla firefox greprefs all js - pref network http prompt-temp-redirect true c program files mozilla firefox greprefs all js - pref layout css dpi - c program files mozilla firefox greprefs all js - pref layout css devPixelsPerPx - c program files mozilla firefox greprefs all js - pref gestures enable single finger input true c program files mozilla firefox greprefs all js - pref dom max chrome script run time c program files mozilla firefox greprefs all js - pref network tcp sendbuffer c program files mozilla firefox greprefs all js - pref geo enabled true c program files mozilla firefox greprefs security-prefs js - pref security remember cert checkbox default setting true c program files mozilla firefox defaults pref firefox-branding js - pref browser search param yahoo-fr moz c program files mozilla firefox defaults pref firefox-branding js - pref browser search param yahoo-fr-cjkt moz c program files mozilla firefox defaults pref firefox js - pref extensions blocklist level c program files mozilla firefox defaults pref firefox js - pref browser urlbar restrict typed c program files mozilla firefox defaults pref firefox js - pref browser urlbar default behavior c program files mozilla firefox defaults pref firefox js - pref privacy clearOnShutdown history true c program files mozilla firefox defaults pref firefox js - pref privacy clearOnShutdown formdata true c program files mozilla firefox defaults pref firefox js - pref privacy clearOnShutdown passwords false c program files mozilla firefox defaults pref firefox js - pref privacy clearOnShutdown downloads true c program files mozilla firefox defaults pref firefox js - pref privacy clearOnShutdown cookies true c program files mozilla firefox defaults pref firefox js - pref privacy clearOnShutdown cache true c program files mozilla firefox defaults pref firefox js - pref privacy clearOnShutdown sessions true c program files mozilla firefox defaults pref firefox js - pref privacy clearOnShutdown offlineApps false c program files mozilla firefox defaults pref firefox js - pref privacy clearOnShutdown siteSettings false c program files mozilla firefox defaults pref firefox js - pref privacy cpd history true c program files mozilla firefox defaults pref firefox js - pref privacy cpd formdata true c program files mozilla firefox defaults pref firefox js - pref privacy cpd passwords false c program files mozilla firefox defaults pref firefox js - pref privacy cpd downloads true c program files mozilla firefox defaults pref firefox js - pref privacy cpd cookies true c program files mozilla firefox defaults pref firefox js - pref privacy cpd cache true c program files mozilla firefox defaults pref firefox js - pref privacy cpd sessions true c program files mozilla firefox defaults pref firefox js - pref privacy cpd offlineApps false c program files mozilla firefox defaults pref firefox js - pref privacy cpd siteSettings false c program files mozilla firefox defaults pref firefox js - pref privacy sanitize migrateFx Prefs false c program files mozilla firefox defaults pref firefox js - pref browser ssl override behavior c program files mozilla firefox defaults pref firefox js - pref security alternate certificate error page certerror c program files mozilla firefox defaults pref firefox js - pref browser privatebrowsing autostart false c program files mozilla firefox defaults pref firefox js - pref browser privatebrowsing dont prompt on enter false c program files mozilla firefox defaults pref firefox js - pref geo wifi uri https www google com loc json SERVICES DRIVERS Created Last - - --d----- c programdata Cobian - - --d----- c progra Cobian - - --d----- c program files Cobian Backup - - --d----- C Rooter - - --d----- c programdata Office Genuine Advantage - - a------- c windows system kerberos dll - - a------- c windows system msv dll - - a------- c windows system lsasrv dll - - a------- c windows system schannel dll - - a------- c windows system wdigest dll - - a------- c windows system drivers ksecdd sys - - a------- c windows system lsass exe - - a------- c windows system secur dll - - a------- c windows system wlan tmf - - a------- c windows system wlanmsm dll - - a------- c windows system L SecHC dll - - a------- c windows system wlansvc dll - - a------- c windows system wlansec dll - - a------- c windows system drivers tcpip sys - - a------- c windows system netiohlp dll - - a------- c windows system NETSTAT EXE - - a------- c windows system ARP EXE - - a------- c windows system TCPSVCS EXE - - a------- c windows system finger exe - - a------- c windows system MRINFO EXE - - a------- c windows system HOSTNAME EXE - - a------- c windows system ROUTE EXE - - a------- c windows system netevent dll - - a------- c windows system mf dll - - a------- c windows system Apphlpdm dll - - a------- c windows system GameUXLegacyGDFs dll - - a------- c windows system tzres dll - - --d----- c program files iPod - - --d----- c program files iTunes Find M - - a------- c users michael appdata roaming wklnhst dat - - a------- c windows system drivers mbamswissarmy sys - - a------- c windows system drivers mbam sys - - a------- c windows apppatch AcXtrnal dll - - a------- c windows apppatch AcGenral dll - - a------- c windows apppatch AcLayers dll - - a------- c windows apppatch AcSpecfc dll - - a------- c windows inf infstrng dat - - a------- c windows inf infstor dat - - a------- c windows inf infpub dat - - a------- c windows system OGACheckControl dll - - a------- c windows system OGAAddin dll - - a------- c windows system OGAEXEC exe - - a------- c windows system wininet dll - - a------- c windows system iesysprep dll - - a------- c windows system iesetup dll - - a------- c windows system ieUnatt exe - - a------- c windows system atl dll - - a------- c windows system wmpdxm dll - - a------- c windows system dxmasf dll - - a------- c windows system spwmp dll - - a------- c windows system wmploc DLL - - a--sh--- c program files desktop ini - - a------- c windows inf drvindex dat - - a------- c programdata ezsid dat - - a------- c progra ezsid dat - - a------- c windows inf URC USBV sys - - a------- c windows inf perflib perfi dat - - a------- c windows inf perflib perfh dat - - a------- c windows inf perflib perfd dat - - a------- c windows inf perflib perfc dat - - a------- c windows inf perflib perfi dat - - a------- c windows inf perflib perfh dat - - a------- c windows inf perflib perfd dat - - a------- c windows inf perflib perfc dat FINISH

Relevancy 100%
Preferred Solution: Infected with Artemis!5D6D0D37027

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Infected with Artemis!5D6D0D37027

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards _temp_

http://www.bleepingcomputer.com/forums/t/259550/infected-with-artemis5d6d0d37027/
Relevancy 58.48%

Tried running a few virus scanners the kind that come up top trumps on av-comparatives and althoguh they say they ve cleaned it it just doesn t seem to be the case Picks up instances of Artemis HijackThis log dump Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows WinNT MSIE Internet Explorer v Boot mode NormalRunning processes Infected Artemis.. with C windows system taskhost exeC windows Explorer EXEC windows system Dwm exeC Program Files Realtek Audio HDA Infected with Artemis.. RtHDVCpl exeC Program Files Synaptics SynTP SynTPEnh Infected with Artemis.. exeC Program Files CyberLink LabelPrint MUITransfer MUIStartMenu exeC Program Files McAfee com Agent mcagent exeC Windows System StikyNot exeC Program Files Windows Sidebar sidebar exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files BBC iPlayer Desktop BBC iPlayer Desktop exeC Program Files WIDCOMM Bluetooth Software BtStackServer exeC Program Files CyberLink PowerDVD PDVD Serv exeC Program Files CyberLink Power Go CLMLSvc exeC windows system wuauclt exeC Program Files Trend Micro HiJackThis HiJackThis exeC windows system NOTEPAD EXEC Program Files Common Files Adobe ARM AdobeARM exeC windows system SearchProtocolHost exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dllO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO McAfee Phishing Filter - B A- - A -B -BE AFE AB - c progra mcafee msk mskapbho dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files Common Files McAfee SystemCore ScriptSn dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dllO - Toolbar McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dllO - HKLM Run NvCplDaemon RUNDLL EXE C windows system NvCpl dll NvStartupO - HKLM Run RtHDVCpl C Program Files Realtek Audio HDA RtHDVCpl exe -sO - HKLM Run SynTPEnh ProgramFiles Synaptics SynTP SynTPEnh exeO - HKLM Run UpdateLBPShortCut quot C Program Files CyberLink LabelPrint MUITransfer MUIStartMenu exe quot quot C Program Files CyberLink LabelPrint quot UpdateWithCreateOnce quot Software CyberLink LabelPrint quot O - HKLM Run CLMLServer quot C Program Files CyberLink Power Go CLMLSvc exe quot O - HKLM Run UpdateP GoShortCut quot C Program Files CyberLink Power Go MUITransfer MUIStartMenu exe quot quot C Program Files CyberLink Power Go quot UpdateWithCreateOnce quot SOFTWARE CyberLink Power Go quot O - HKLM Run UpdatePDRShortCut quot C Program Files CyberLink PowerDirector MUITransfer MUIStartMenu exe quot quot C Program Files CyberLink PowerDirector quot UpdateWithCreateOnce quot Software CyberLink PowerDirector quot O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVD Serv exe quot O - HKLM Run PDVD LanguageShortcut quot C Program Files CyberLink PowerDVD Language Language exe quot O - HKLM Run UpdatePPShortCut quot C Program Files CyberLink PowerProducer MUITransfer MUIStartMenu ex... Read more

A:Infected with Artemis..

Hello mjstyles ,Sorry for the delay. If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. Thanks,tea

http://www.bleepingcomputer.com/forums/t/368933/infected-with-artemis/
Relevancy 58.05%

Hi thereI have just bought a Toshiba Satellite Pro L and ran a scan on it the other day and a virus appeared known as Generic Artemis I have McAfee installed on my laptop and when I ran the scan Generic!Artemis Infected with it wasnt able to remove it completely Please see scan results below Hope ye can help roccoforteDDS Ver - - - NTFSx Run by Sinead at on Internet Explorer Microsoft Windows Vista Home Premium GMT Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows Microsoft Net Framework v WPF PresentationFontCache exeC Windows system svchost exe -k rpcssC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k Infected with Generic!Artemis LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files TOSHIBA ConfigFree CFSvcs exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield Infected with Generic!Artemis exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK Infected with Generic!Artemis MskSrver exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system svchost exe -k imgsvcC Program Files Toshiba TEMPRO TempoSVC exeC Program Files TOSHIBA TOSHIBA DVD PLAYER TNaviSrv exeC Windows system TODDSrv exeC Program Files TOSHIBA Power Saver TosCoSrv exeC Program Files TOSHIBA SMARTLogService TosIPCSrv exeC Program Files Common Files Ulead Systems DVD ULCDRSvr exeC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system DRIVERS xaudio exeC Windows system taskeng exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC PROGRA McAfee MSC mcmscsvc exec PROGRA mcafee com agent mcagent exeC Program Files Java jre bin jusched exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files TOSHIBA ConfigFree NDSTray exeC Program Files Toshiba TEMPRO Toshiba Tempo UI TrayApplication exeC Program Files TOSHIBA Toshiba Online Product Information TOPI exeC Windows System igfxtray exeC Windows System igfxpers exeC Windows RtHDVCpl exeC Windows system igfxsrvc exeC Program Files TOSHIBA Power Saver TPwrMain exeC Program Files TOSHIBA SmoothView SmoothView exeC Program Files TOSHIBA FlashCards TCrdMain exeC Program Files TOSHIBA Registration ToshibaRegistration exeC Program Files iTunes iTunesHelper exeC Program Files Windows Sidebar sidebar exeC Program Files TOSHIBA TOSCDSPD TOSCDSPD exeC Program Files TOSHIBA ConfigFree CFSwMgr exeC Windows system igfxext exeC Program Files iPod bin iPodService exeC Program Files Synaptics SynTP SynTPHelper exec PROGRA COMMON mcafee mna mcnasvc exeC PROGRA McAfee VIRUSS mcsysmon exeC Windows System wsqmcons exeC Program Files Common Files Real Update OB RealOneMessageCenter exeC Windows system taskeng exeC Program Files Adobe Reader Reader AcroRd exeC Program Files Common Files Adobe Updater AdobeUpdater exeC Program Files Common Files Real Update OB realsched exeC Program Files Mozilla Firefox firefox exeC Windows system wbem wmiprvse exeC Windows system SearchProtocolHost exeC Windows system SearchFilterHost exeC Windows system DllHost exeC Windows system DllHost exeC Users Sinead Downloads dds scrC Windows system conime exeC Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google com ig redirectdomain brand TSEA amp bmod TSEA uDefault Page URL hxxp www google com ig redirectdomain brand TSEA amp bmod TSEA mStart Page hxxp www google com ig redirectdomain brand TSEA amp bmod TSEAmDefault Page URL hxxp www google com ig redirectdomain brand TSEA amp bmod TSEAuInternet Settings ProxyOverride localBHO Adobe PD... Read more

A:Infected with Generic!Artemis

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/206538/infected-with-genericartemis/
Relevancy 58.05%

I have a virus Artemis EBE FF C as indicated by McAfee that nothing seems to remove permanently I have run Malwarebytes Spybot Spydoctor and McAfee several times After the first few with Infected Artemis!EBE48FF792C6 times Spybot and Malwarebytes came back clean Spydoctor and McAfee would continue to remove the infection but every time I run the scanners the infection re-appears for removal Please help Thanks DDS Ver - - - Infected with Artemis!EBE48FF792C6 NTFSx Run by Ric at on Mon Internet Explorer Running Processes C WINDOWS system spoolsv exe C Program Files RegCure RegCure exe C WINDOWS Explorer EXE C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system CTHELPER EXE C Program Files Adobe Acrobat Distillr Acrotray exe C WINDOWS system rmctrl exe C Program Files iTunes iTunesHelper exe C Program Files ScanSoft PaperPort pptd nt exe C Program Files Brother Brmfcmon BrMfcWnd exe C Program Files Java jre bin jusched exe C Program Files Spyware Doctor pctsTray exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Skype Phone Skype exe C Program Files TomTom HOME TomTomHOMERunner exe C Program Files Spybot TeaTimer exe C WINDOWS system ctfmon exe C Program Files Palm Hotsync exe C Program Files Brother ControlCenter brccMCtl exe C WINDOWS system igfxsrvc exe C Program Files Brother Brmfcmon BrMfimon exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Brother BRAdmin Professional bratimer exe C Program Files Common Files Intuit Update Service IntuitUpdateService exe C Program Files Java jre bin jqs exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files TomTom HOME TomTomHOMEService exe C WINDOWS system wentxp exe C Program Files iPod bin iPodService exe C WINDOWS System alg exe C Program Files Spyware Doctor TFEngine TFService exe C Program Files Spyware Doctor BDT BDTUpdateService exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA mcafee com agent mcagent exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcsysmon exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C PROGRA McAfee MSM McSmtFwk exe c PROGRA mcafee msc mcshell exe C PROGRA McAfee MSC McLgView exe C Program Files Google Chrome Application chrome exe C Program Files Google Chrome Application chrome exe C Program Files Google Chrome Application chrome exe C Program Files Google Chrome Application chrome exe C Documents and Settings Ric My Documents Downloads dds scr C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup C WINDOWS system svchost exe -k NetworkService C WINDOWS system svchost exe -k LocalService C WINDOWS system svchost exe -k LocalService C WINDOWS system svchost exe -k imgsvc C WINDOWS System svchost exe -k HTTPFilter Pseudo HJT Report uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dll BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO E F-C D - D -B D- B D BE B - No File BHO MediaBar ba e- ec- de-b a -e d - c program files bearsharetb BearShareDx dll BHO Skype add-on mastermind bf b-c d - d - a -a f ba c - c program files skype toolbars internet explorer SkypeIEPlugin dll BHO PC Tools Browser Guard BHO a f d b- - ff -b - cce e - c program files spyware doctor bdt PCTBrowserDefender dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO Search Helper ebf - f- bff-a f-b e aac b - c program files microsoft search enhancement pack search helper SearchHelper dll BHO DB D A - - E -B D- F C - No File BHO AcroIEToolbarHelper Class ae cd -e - f- - ee - c program files adobe acrobat acrobat AcroIEFavClient dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce ... Read more

A:Infected with Artemis!EBE48FF792C6

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/267096/infected-with-artemisebe48ff792c6/
Relevancy 58.05%

When I turned my computer on yesterday I got with Artemis trojan Infected a warning from McAfee that an infection had been detected Shortly after this a quot trial quot version of something called Antivirus System Pro came up and began quot scanning quot for viruses The only way I Infected with Artemis trojan could end this program was by ending its process in Windows Task Manager it was called sysguard exe which I did then I had McAfee run a full scan The scan results showed that McAfee had quarantined a bunch of stuff related to a trojan it called Artemis B C DFECCC both after the initial scan and after a post-restart scan However it couldn't remove a part of the infection in a file quot C WINDOWS SYSTEM IEHELPER DLL quot Sure enough when I restarted my computer again the bogus antivirus program immediately popped up flashing several warnings about severe infections keyloggers real-time infiltrations etc etc I ran McAfee again but got the same results I don't know how to get rid of this thing Any help would be HUGELY appreciated DDS Ver - - - NTFSx Run by Sam at on - - Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C WINDOWS stsystra exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system dla tfswctrl exe C PROGRA McAfee SPAMKI MskAgent exe C WINDOWS system HotfixQ exe C Program Files HP HP Software Update HPWuSchd exe C WINDOWS system RUNDLL EXE C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files McAfee com Agent mcagent exe C Program Files Corsair Corsair Flash Voyager Utility PLBkMon exe C Program Files Java jre bin jusched exe C PROGRA MUSICM MUSICM MMDiag exe C Program Files Digital Line Detect DLG exe C Program Files MUSICMATCH Musicmatch Jukebox mim exe svchost exe C PROGRA COMMON AOL ACS AOLacsd exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system nvsvc exe C WINDOWS system IoctlSvc exe svchost exe C WINDOWS system svchost exe -k imgsvc C WINDOWS wanmpsvc exe C WINDOWS system svchost exe -k netsvcs C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C WINDOWS system wuauclt exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files Mozilla Firefox firefox exe C WINDOWS system taskmgr exe C WINDOWS system HPZipm exe C Documents and Settings Sam Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com ig dell hl en mStart Page hxxp www dell com uSearchURL Default hxxp search yahoo com search fr mcafee amp p s BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO McAfee AntiPhishing Filter d ed - cff- - a - ebb af - c program files mcafee spamkiller mcapfbho dll BHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dll BHO scriptproxy db d a - - e -b d- f c - c progra mcafee viruss scriptsn dll BHO McAfee SiteAdvisor BHO b e -a b - a -b - cd e a ff - c progra mcafee sitead mcieplg dll BHO BHO bad d- b - cb- bcd- ca da b - c windows system iehelper dll BHO CBrowserHelperObject Object ca c - b - e-a -a c db f - c program files googleafe GoogleAE dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB McAfee SiteAdvisor Toolbar ebbbe... Read more

A:Infected with Artemis trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/231416/infected-with-artemis-trojan/
Relevancy 58.05%

Hello and Welcome to the forums My name is Gringo and I ll be glad to help artemis please trojan help w/ infected you with your computer problems Somethings to remember while we are working together Do not run any other tool untill instructed to do so strong Please Do not Attach logs or put in code boxes Tell me about any problems that have occurred during the fix Tell me of any other symptoms you may be having as these can help also Do not run anything while running a fix We apologize for the delay in responding to your request for help Here at Bleeping Computer we get overwhelmed at times and we are trying our best to keep up Please note that your topic was not intentionally overlooked Our mission is to help everyone in need but sometimes it takes just infected w/ artemis trojan please help a little longer infected w/ artemis trojan please help to get to every request for help No one is ignored here Click on the Watch Topic Button and select Immediate Notification and click on proceed this will help you to get notified faster when I have replied and make the cleaning process faster In order for me to see the status of the infection I will need a new set of logs to start with Please print out or make a copy in notpad of any instructions given as sometimes it is necessary to go offline and you will lose access to them DeFogger Please download DeFogger to your desktop Double click DeFogger to run the tool The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A Finished message will appear Click OKDeFogger may ask you to reboot the machine if it does - click OKDo not re-enable these drivers until otherwise instructed Download DDS Please download DDS by sUBs from one of the links below and save it to your desktop Download DDS and save it to your desktop Link Link Link Please disable any anti-malware program that will block scripts from running before running DDS Double-Click on dds scr and a command window will appear This is normal Shortly after two logs will appear DDS txt Attach txtA window will open instructing you save amp post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs amp post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop Now double-click on RKUnhookerLE exe to run it Click the Report tab then click Scan Check Tick Drivers Stealth Uncheck the rest then Click OK Wait till the scanner has finished and then click File Save Report Save the report somewhere where you can find it Click Close Copy the entire contents of the report and paste it in a reply here Note you may get this warning it is ok just ignore quot Rootkit Unhooker has detected a parasite inside itself It is recommended to remove parasite okay quot quot just click on Cancel then Accept quot information and logs In your next post I need the following logs from DDSlog from RKUnHookerlet me know of any problems you may have hadGringo

A:infected w/ artemis trojan please help

Hello! And don't worry about the delay! I appreciate what u guys do! I'd be lost without u!!Only other symptoms to report are that sometimes siple functions like opening up the volume won't work and I get alot of "Security Certificate erors" when opening up web pages.The RKUnHooker would not run, when I tried I received the following: Error loading driver, NTSTATUS code 0xC000036BDDS log:.DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Brad at 10:47:36.97 on Wed 09/30/2009Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2141 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exec:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exeC:\Program Files (x86)\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Windows\system32\svchost.exe -k imgsvcc:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exeC:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exec:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exeC:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exeC:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Dell\DellDock\DellDock.exeC:\Program Files (x86)\BellSouthWCC\McciTrayApp.exeC:\Program Fil... Read more

http://www.bleepingcomputer.com/forums/t/389831/infected-w-artemis-trojan-please-help/
Relevancy 57.19%

On my second usage of utorrent I was infected with evidently some adware and a trojan that are named in the topic title after agreeing to a false update message I suppose It was detected by my McAfree Security program which displayed this message after I scanned my computer with McAfree --- See your security history and which actions were recently taken on your PC Gex Wc exe part Location C Documents and Settings & with Artemis Infected Adware-DomalQ Jay Local Settings Temp Gex Wc exe part Threats Detected Adware-DomalQ Program Artemis B D E Trojan Threat Profile Adware-DomaIQ Infected with Adware-DomalQ & Artemis http home mcafee com VirusInfo VirusProfile aspx key --- Before coming here however I've ran Malwarebytes and Super-Antispyware as I already have them installed prior to the infection but when I ran them neither of the threats detected came up other things were detected though So far my computer runs normally but I'm not sure these infections are really gone Here is the DDS log DDS Ver - - - NTFS x Internet Explorer BrowserJavaVersion Run by Jay at on - - Option MBR scan is disabled Microsoft Windows XP Home Edition GMT - AV McAfee Anti-Virus and Anti-Spyware Enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Firewall Enabled Running Processes C Program Files Windows Defender MsMpEng exe C Program Files Tablet Pen Pen TouchService exe Infected with Adware-DomalQ & Artemis C WINDOWS system spoolsv exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files Adobe Elements Organizer PhotoshopElementsFileAgent exe C Program Files Java jre bin jqs exe C Program Files Malwarebytes' Anti-Malware mbamscheduler exe C Program Files Common Files Mcafee McSvcHost McSvHost exe C WINDOWS Explorer EXE C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Tablet Pen Pen TouchUser exe C WINDOWS system mfevtps exe C Program Infected with Adware-DomalQ & Artemis Files Microsoft SQL Server MSSQL MICROSOFTBCM Binn sqlservr exe C Program Files NETGEAR Genie bin NETGEARGenieDaemon exe C WINDOWS system nvsvc exe C Program Files Analog Devices Core smax pnp exe C WINDOWS system dla tfswctrl exe C Program Files NVIDIA Corporation NVIDIA Update Core daemonu exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Tablet Pen Pen Tablet exe C Program Files BroadJump Client Foundation CFD exe C Program Files Common Files McAfee SystemCore mcshield exe C Program Files Tablet Pen Pen TabletUser exe C Program Files McAfee com Agent mcagent exe C Program Files Tablet Pen Pen Tablet exe C Program Files Common Files McAfee SystemCore mfefire exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files Windows Defender MSASCui exe C Program Files Sony Content Transfer ContentTransferWMDetector exe C Program Files Citrix ICA Client concentr exe C WINDOWS system rundll exe C Program Files Bamboo Dock BambooCore exe C Program Files Citrix ICA Client wfcrun exe c Program Files Microsoft IntelliPoint dpupdchk exe C Program Files Logitech SetPointP SetPoint exe C Program Files HP hpcoretech hpcmpmgr exe C Program Files Common Files LogiShrd KHAL KHALMNPR EXE C Program Files Ask com Updater Updater exe C WINDOWS system RunDLL exe C Program Files Common Files Java Java Update jusched exe C WINDOWS system ctfmon exe C Documents and Settings Jay Application Data Search Protection SearchProtection EXE C WINDOWS System alg exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files McAfee Security Scan SSScheduler exe C WINDOWS system HPZipm exe C Program Files HP Digital Imaging bin hpqgalry exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe C WINDOWS system wbem wmiprvse exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup C WINDOWS system svchost exe -k NetworkService C WINDOWS system svchost exe -k LocalService C WINDOWS system svchost exe ... Read more

A:Infected with Adware-DomalQ & Artemis

Hello Jarod1 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.-Junkware-Removal-Tool-Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running.Gringo

http://www.bleepingcomputer.com/forums/t/517060/infected-with-adware-domalq-artemis/
Relevancy 57.19%

Hi Helpers First the basic stats I m running a DELL Latitute E with XPOne day I m minding my Up challenge? - Infected Trojan by the for Artemis! own business online and the next I ve got an Artemis trojan along for the ride My computer has slowed considerably and despite my best efforts I can t shake the thing Here s what it most typically does when Infected by Artemis! Trojan - Up for the challenge? I boot up in normal mode Message from Windows quot Data Execution Prevention quot saying it had to close Windows Explorer On-Access Scan Messages saying I have a virus spyware malware problem It then lists a number of detected and infected files usually between and Some sample files are detected as Generic dx sws or Artemis with a long letter number code as a suffix Most frighteningly just before posting this I got an error message along the lines of a serious problem and then the blue screen appeared If I just push the warning windows off to the side then usually I can get on with my work Otherwise if I close them the whole process starts over again Here s what I ve tried after consulting many blogs to get rid of the stuff HJT but I m too cautious to go about deleting registry files when I have no clue what I m doing Malwarebytes Anti-Malware usually finds from to infected files But after rebooting the files reappear ATF Cleaner saves me lots of disk space but hasn t gotten rid of the nasties SuperAntiSpyware same thing as Malwarebytes System restore now there s a wing and a prayer So I ve tried these in various sequences in safe mode and back again but nothing has worked so far to obliterate the trojan Which brought me to this site I ve diligently followed the pre-posting instructions and hope this will make any gracious helper s work fast and easy I m at your mercy Per the instructions here s my DDS log I ve also disable CD Emulation as advised I ve also attached the other DDS file requested Attach txt and the GMER log DDS Ver - - - NTFSx Run by Administrator at on Internet Explorer Microsoft Windows XP Professional GMT AV VirusScan Enterprise AntiSpyware Enterprise On-access scanning enabled Updated A B B- C - -A AB-E DEABF F Running Processes C WINDOWS System Novell XTAgent exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsc Program Files Intel WiFi bin S EvMon exesvchost exeC WINDOWS System svchost exe -k eapsvcssvchost exeC WINDOWS System svchost exe -k dot svcC WINDOWS system spoolsv exec drivers audio r stacsv exeC Program Files Broadcom Corporation Broadcom USH Host Components CV bin HostControlService exeC Program Files Broadcom Corporation Broadcom USH Host Components CV bin HostStorageService exesvchost exeC Program Files Dell Dell ControlPoint Connection Manager SMManager exeC Program Files Intel ASF Agent ASFAgent exec Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files Dell Dell ControlPoint DCPButtonSvc exec Program Files Dell Latitude ON Reader CLMonitorService exec Program Files Dell Dell ControlPoint System Manager DCPSysMgrSvc exec Program Files Intel WiFi bin EvtEng exeC Program Files Intel Intel Matrix Storage Manager IAANTMon exeC Program Files Java jre bin jqs exeC Program Files McAfee VirusScan Enterprise engineserver exeC Program Files McAfee Common Framework FrameworkService exeC Program Files McAfee VirusScan Enterprise vstskmgr exeC Program Files Common Files Microsoft Shared VS DEBUG mdm exeC WINDOWS system mfevtps exeC Program Files Novell ZENworks nalntsrv exeC WINDOWS System svchost exe -k HPZ C WINDOWS System svchost exe -k HPZ c Program Files Common Files Intel WirelessCommon RegSrvc exeC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC WINDOWS system svchost exe -k imgsvcC Program Files Wave Systems Corp Trusted Drive Manager TdmService exeC Program Files McAfee VirusScan Enterprise mcshield exeC WINDOWS system SearchIndexer exeC WINDOWS system wscntfy exeC WINDOWS Explorer EXEC WINDOWS Temp wpv exec Progra... Read more

A:Infected by Artemis! Trojan - Up for the challenge?

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/321342/infected-by-artemis-trojan-up-for-the-challenge/
Relevancy 57.19%

Hi guys I have a year old Acer Laptop with Windows XP Basic running About a week or two ago I was infected somehow by the Live Security Platinum virus I had followed a tutorial I found on malwaretips com which had instructed me to install Malwarebytes to get rid Artemis, and Trojans other Infected ZeroAccess, by of the infection I did as told and it got rid of a great number of trojans and malware After I rebooted my computer as prompted everything seemed fine I -stupidly- didn t feel the need to install HitmanPro -which seemed to no longer have free service- or Rkill because things were going smoothly This past week or so however I started getting repeatedly infected with trojans such as ZeroAccess and Artemis It went from every other day to every hour I ve spent Infected by ZeroAccess, Artemis, and other Trojans my entire day with my computer in Safe Mode with Networking scanning my system with Malwarebytes and attempting to remove whatever is there It s gotten ridiculous I ve even restored my system twice now in order to battle the viruses McAfee is doing nothing to stop the viruses either It only notifies me that the Trojan has been found and that I need to reboot my computer I don t do that anymore thanks to the Artemis virus McAfee had instructed me to reboot my computer when it caught that virus and needless to say I could barely get my computer to function hence why I needed to restore the first time I m really very tired of having to combat these viruses daily because they have rooted themselves into my system I m an unemployed year old fresh out of high school who lives with a single parent on a super tight budget so I cannot afford to just back up my files -which I have no source to by the way- and buy a new laptop I just need a way to get rid of these viruses so I can continue to use my current laptop in peace If anyone could help me out here I would really appreciate it Thank you in advance

A:Infected by ZeroAccess, Artemis, and other Trojans

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

http://www.bleepingcomputer.com/forums/t/463823/infected-by-zeroaccess-artemis-and-other-trojans/
Relevancy 57.19%

Okay so recently whenever I run any exe file a McAfee popup comes up saying that it has quarantined the file where the Generic Artemis is and I always delete the file through McAfee However when I run another exe the same notification comes up with Generic Artemis in a Infected with Generic!Artemis Trojan different file I can't seem to find the files by hand I can only find them in McAfee Have Vista Basic the trojan is always found in C Windows Temp MAP with a random number every time So I have no idea how to permanently delete the trojan Logfile of random's system information tool written by random random Run by Serena at - - Microsoft Windows Vista Home Basic System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system Dwm exeC Windows Explorer EXEC Windows System hkcmd exeC Windows System igfxpers exeC Program Files Synaptics SynTP SynTPEnh exeC Windows RtHDVCpl exeC Program Files ltmoh ltmoh exeC Program Files Toshiba ConfigFree NDSTray exeC Program Files Synaptics SynTP Infected with Generic!Artemis Trojan SynToshiba exeC Windows system taskeng exec PROGRA mcafee com agent mcagent exeC Program Files Toshiba Utilities KeNotify exeC Program Files Toshiba Power Saver TPwrMain exeC Program Files Toshiba SmoothView SmoothView exeC Program Files Toshiba FlashCards TCrdMain exeC Program Files McAfee MWL MwlGui exeC Program Files Picasa PicasaMediaDetector exeC Program Files eFax Messenger J GDllCmd exeC Program Files Common Files Real Update OB realsched exeC Program Files Toshiba TOSCDSPD TOSCDSPD exeC Program Files Veoh Networks Veoh VeohClient exeC Program Files Veoh Networks VeohWebPlayer veohwebplayer exeC Program Files Windows Media Player wmpnscfg exeC Program Files eFax Messenger J GTray exeC Program Files Sony Handheld HOTSYNC EXEC Program Files WinZip WZQKPICK EXEC Program Files MobiPocket com MobiPocket Reader webcomp exeC Program Files Toshiba ConfigFree CFSwMgr exeC Program Files Mozilla Firefox firefox exeC Windows system wuauclt exeC Users Serena Downloads RSIT exeC Program Files Trend Micro HijackThis Serena exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www toshibadirect com dpdstartR - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Ask Search Assistant BHO - A B - - e -AB -E E AA B - C Program Files AskPBar SrchAstt bin A SRCHAS DLLO - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dllO - BHO McAfee Phishing Filter - B A- - A -B -BE AFE AB - c PROGRA mcafee msk mskapbho dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dllO - BHO Ask Toolbar BHO - F D F - - a- F-E F C F - C Program Files AskPBar bar bin ASKPBAR DLLO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Yahoo Toolb... Read more

A:Infected with Generic!Artemis Trojan

Uh... bump? Not sure if it helps.. :P

http://www.bleepingcomputer.com/forums/t/183950/infected-with-genericartemis-trojan/
Relevancy 57.19%

I am trying ot fix my aunt's computer It looks Myway & adware with Infected Artemis like she was infected with Artemis and myway adware Her main problems were computer was very slow and she lost her start button and progrma icons I repaired Wdinows Xp and reinstalled latest MS updates I scanned with Adaware and Mcafee I got the start button and program icons back It still seems to be running slow here is my dss DDS Ver - - - NTFSx Run by Patty at on Fri Internet Explorer Microsoft Windows XP Home Edition GMT - AV Anti-Virus - SBC Yahoo Online Protection On-access scanning disabled Outdated CFD EA- CF- B -A B-BD A C AV Infected with Artemis & Myway adware McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE svchost exe C Program Files Yahoo Antivirus ISafe exe C Program Files Java jre bin jqs exe C Program Files McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files McAfee VirusScan McShield exe C Program Files McAfee MPF MPFSrv exe C Program Files Dell Support Center bin sprtsvc exe C Program Files Yahoo Antivirus VetMsg exe C Program Files Viewpoint Common ViewpointService exe c PROGRA mcafee com agent mcagent exe C WINDOWS Explorer EXE C Program Files Analog Devices Core smax pnp exe C WINDOWS system dla tfswctrl exe C Program Files Musicmatch Musicmatch Jukebox mmtask exe C Program Files Real RealPlayer RealPlay exe C Program Files QuickTime qttask exe C WINDOWS system igfxpers exe C Program Files Java jre bin jusched exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files Digital Line Detect DLG exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Adobe Acrobat Reader AcroRd exe C Program Files Internet Explorer iexplore exe C Documents and Settings Patty Local Settings Temporary Internet Files Content IE Z BOC O dds scr Pseudo HJT Report uStart Page hxxp att yahoo com uSearch Page hxxp red clientapps yahoo com customize ie defaults sp sbcydsl http www yahoo com uDefault Page URL hxxp www dell me com mywaybiz uSearch Bar hxxp bfc myway com search de srchlft html uSearchMigratedDefaultURL hxxp search yahoo com search p searchTerms amp ei utf- amp fr b ie mSearch Bar hxxp red clientapps yahoo com customize ie defaults sb sbcydsl http www yahoo com search ie html uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyOverride uSearchURL Default hxxp red clientapps yahoo com customize ie defaults su sbcydsl http www yahoo com uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO d f -b fe- -bf - ab d d - c program files mywaysa srchasde bin deSrcAs dll BHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dll BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dll BHO McAfee SiteAdvisor BHO b e -a b - a -b - cd e a ff - c progra mcafee sitead mcieplg dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB BA B -B - c -B - F F - No File TB McAfee SiteAdvisor Toolbar ebbbe -bad - b c- e a- abecae - c progra mcafee sitead mcieplg dll TB D A-C B- -B B-B B E D C - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - EB BBE - E - D -AD - D AD - No File EB Real com fe fa -d c- ... Read more

A:Infected with Artemis & Myway adware

Hello and welcome to Bleeping Computer.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply .Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.NextDownload random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: MBAM log log.txt info.txtThanks

http://www.bleepingcomputer.com/forums/t/244241/infected-with-artemis-myway-adware/
Relevancy 56.76%

stinger stand alone scanner found the Generic!Artemis virus and cant remove it.I have the path of the virus ..and know that 4 files are infected.It is loccated in Winsxs backup. what do i have to do to get rid of this ? Any help is much appreciated...thank you

A:i am infected with the generic!artemis virus [Moved]

I am moving this from the Vista forum to the Am I Infected forum where folks can address this issue.

Orange Blossom

http://www.bleepingcomputer.com/forums/t/239714/i-am-infected-with-the-genericartemis-virus-moved/
Relevancy 56.76%

I've been having increasing difficulty with keeping malware off of my system The computer has been blue-screening quite a bit lately and sometimes my McAfee scan will not run displaying a message that says quot McAfee scan on demand has encountered a problem and needs to close quot Infected please other artemis with and analyze stuff, potentially Then it says it has had a serious error from which it could not recover it couldn't get scan details or something like that My first infestation was Advanced Virus Remover Since then I've had a lot of difficulty though I was sure I had that gone with Malwarebytes Infected with artemis and potentially other stuff, please analyze I think I might have some trojans or something letting these awful things through Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Infected with artemis and potentially other stuff, please analyze Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C windows System smss exeC windows system winlogon exeC Infected with artemis and potentially other stuff, please analyze windows system services exeC windows system lsass exeC windows system svchost exeC Program Files Windows Defender MsMpEng exeC windows System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS system LEXBCES EXEC windows system spoolsv exeC WINDOWS system LEXPPS EXEC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Java jre bin jqs exeC WINDOWS system lxdncoms exeC Program Files McAfee SiteAdvisor McSACore exeC PROGRA McAfee MSC mcmscsvc exec program files common files mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC Program Files Intel Wireless Bin RegSrvc exeC windows Explorer EXEC windows system svchost exec PROGRA mcafee com agent mcagent exeC WINDOWS system dllhost exeC WINDOWS ehome ehtray exeC Program Files QuickTime qttask exeC WINDOWS eHome ehmsas exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC windows stsystra exeC WINDOWS system igfxsrvc exeC windows sm hlpr exeC Program Files Lexmark Series lxbmbmgr exeC Program Files Lexmark Series lxcrmon exeC Program Files Lexmark Series ezprint exeC Program Files Java jre bin jusched exeC Program Files Lexmark Series lxdnmon exeC Program Files Nova Development Photo Explosion SE calcheck exeC Program Files SweetIM Messenger SweetIM exeC Program Files Common Files Real Update OB realsched exeC Program Files Windows Defender MSASCui exeC Program Files McAfee MBK McAfeeDataBackup exeC windows system ctfmon exeC Program Files Messenger msmsgs exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Common Files InstallShield UpdateService ISUSPM exeC WINDOWS system lxcrcoms exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC PROGRA McAfee VIRUSS mcsysmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC PROGRA Yahoo MESSEN ymsgr tray exeC Program Files BigFix bigfix exeC Program Files Yahoo Yahoo Music Engine ymetray exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd... Read more

A:Infected with artemis and potentially other stuff, please analyze

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/251606/infected-with-artemis-and-potentially-other-stuff-please-analyze/
Relevancy 55.9%

Good evening Last nite my laptop started to freak out soon after McAfee notified me that it quarantined a trojan virus Soon after the notification I noticed several files on the desktop started to disappear Also numerous windows notification pop ups started to appear one after another in a quick fashion The notifications would re-appear once I closed them I was able to scan in McAfee but it found nothing I looked at the logs and noted that it quarantined two trojans - ZeroAccess ia and Artemis CAFCEE E along with numerous suspicious incoming network blocked notifications This morning after reflecting on my lack of brains and back ups I started the game of getting these buggers out of this Win7 system Artemis until was restore I with did infected and ZeroAccess laptop THat is how I found this great site But I did goto the McAfee site beforehand and followed the basic recommendation of performing a system restore in safe mode I restored it back to a couple of weeks ago and the system looks fine but I lost many of my picture photo folders so it seems Some pictures were located int he recycle bin I notices I restored those back using the recycle option after Win7 was infected with ZeroAccess and Artemis until I did system restore selecting them I also did a disk cleanup and a total rescan using the McAfee After gaining some confidence that the system was ok I went back online with the laptop to follow Win7 was infected with ZeroAccess and Artemis until I did system restore up with Bleepingcomputer's advice that I was reading on my smartphone throughout the day Now I have joined the site and posted an ntroduction I am now posting this and my DDS log as instructed inthe malware removal forum I am very thankful for all of you volunteers and I am hoping that this is the end of my malware incident I hope I am doing this Win7 was infected with ZeroAccess and Artemis until I did system restore correctly Cheers Shawn DDS log DDS Ver - - - NTFS AMD Internet Explorer Run by charlie at on - - Microsoft Windows Home Premium GMT - AV McAfee Anti-Virus and Anti-Spyware Enabled Updated ADA C - F - - A- B E SP McAfee Anti-Virus and Anti-Spyware Enabled Updated C C - - - FA- E F F SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF FW McAfee Firewall Enabled DA E - - D - - AD FE Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Launch Manager dsiwmis exe C Program Files Acer Acer ePower Management ePowerSvc exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x Acer Registration GregHSRW exe C Program Files x LeapFrog LeapFrog Connect CommandService exe C Program Files x Intel Intel reg Management Engine Components LMS LMS exe C Program Files Common Files McAfee McSvcHost McSvHost exe C Windows system mfevtps exe C Windows system rundll exe C Windows system rundll exe C Windows system taskhost exe C Windows SysWOW rundll exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x AmIcoSingLun AmIcoSinglun exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Windows system igfxsrvc exe C Windows system svchost exe -k imgsvc C Program Files Realtek Audio HDA RAVCpl exe C Program Files Apoint K Apoint exe C Program Files Acer Acer ePower Management ePowerTray exe C Program Files Acer Acer Updater UpdaterService exe C Program Files x Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files x McAfee Security Scan SSScheduler exe C Windows system igfxext exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse ex... Read more

A:Win7 was infected with ZeroAccess and Artemis until I did system restore

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller--Download & SAVE to your Desktop RogueKiller or from here Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo

http://www.bleepingcomputer.com/forums/t/484799/win7-was-infected-with-zeroaccess-and-artemis-until-i-did-system-restore/
Relevancy 50.31%

Hello my name is Jack and I am running Win running McAfee Total Protection There are a series of McAfee popups that continue to pop up on my screen stating that quot McAfee detected and automatically removed a Trojan from your PC No further action is required quot The popup then closes and another one pops up a little while later stating the same thing for another trojan This continuously goes on throughout the day repeating for each trojan The three trojans it states are ZeroAccess Artemis B F F CA and Generic dx b qj Any help would be appreciated I have followed the instructions in the prep guide see below for results As i am running bit i skipped the GMER per the instructions DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by Karford at on - - Microsoft Windows Home Premium GMT - AV McAfee Anti-Virus and Anti-Spyware Enabled Updated - - EA -ABB - B EB SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF SP McAfee Anti-Virus and Anti-Spyware Enabled Updated D B - E- - - C A FW McAfee Firewall Enabled BE ED - A B- FFF- EC-B C Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Program Files x Common Files logishrd LVMVFM UMVPFSrv exe C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows SysWOW svchost exe -k Akamai C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files x Hewlett-Packard HP Easy Backup HPBtnSrv exe C Windows SysWOW svchost exe -k hpdevmgmt C Program Files Common Files McAfee McSvcHost McSvHost exe C Windows system mfevtps exe c Program Files Microsoft SQL Server MSSQL SQLEXPRESS MSSQL Binn sqlservr exe C Windows system rundll exe C Windows system rundll exe C Windows SysWOW rundll exe C Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ c Program Trojans Infected ZeroAccess, (ZeroAccess Generic.dx!b2qj) Artemis!B1F9817F6CA5, with Files Microsoft SQL Server Shared sqlwriter exe C Windows system svchost exe -k imgsvc C Windows system taskhost exe C Windows system Dwm exe C Program Files Common Files Microsoft Shared Infected with Trojans (ZeroAccess ZeroAccess, Artemis!B1F9817F6CA5, Generic.dx!b2qj) Windows Live WLIDSVC EXE C Windows Explorer EXE C Program Files Common Files McAfee SystemCore mcshield exe C Program Files Common Files McAfee SystemCore mfefire exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system WUDFHost exe C Windows WindowsMobile wmdc exe C Program Files McAfee MAT McPvTray exe C Windows system svchost exe -k WindowsMobile C Program Files x Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Sidebar sidebar exe C Users Karford AppData Local Akamai netsession win exe C Program Files x Spybot - Search amp Destroy TeaTimer exe Infected with Trojans (ZeroAccess ZeroAccess, Artemis!B1F9817F6CA5, Generic.dx!b2qj) C Users Karford AppData Local Akamai Infected with Trojans (ZeroAccess ZeroAccess, Artemis!B1F9817F6CA5, Generic.dx!b2qj) netsession win exe C Program Files x McAfee Security Scan SSScheduler exe C Program Files x Microsoft Office Office ONENOTEM EXE C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system SearchIndexer exe C Program Files x Hewlett-Packard HP Remote Solution HP Remote Solution exe C Program Files x HP Digital Imaging bin HpqSRmon exe C Program Files x Google Quick Search Box GoogleQuickSearchBox exe C P... Read more

A:Infected with Trojans (ZeroAccess ZeroAccess, Artemis!B1F9817F6CA5, Generic.dx!b2qj)

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/462438/infected-with-trojans-zeroaccess-zeroaccess-artemisb1f9817f6ca5-genericdxb2qj/
Relevancy 50.31%

My pride has been in the way of asking for help in situations like this but I think I am in way over my head so here goes I have been infected with multiple trojans and malware including Trojan TDSSTrojan Vundo HTrojan VirtumondeTrojan VundoGeneric artemisTrojan FakeAlertTrojan SenekaMalware TraceTrojan AgentSpyware OnlineGamesand most recently generic artemisI have used multiple scanner programs Malwarebytes Malware Windows Defender Spyware Doctor Norton Corporate Anti-virus and Lavasoft Adware AND I uninstalled Symantec Norton Anti-virus with trojan.Vundo trojan.Virtumonde and Infected generic!artemis Corperate and installed AVG and ran it in safemode and it had a Infected with trojan.Virtumonde trojan.Vundo and generic!artemis ton of virus that it detected I then removed AVG after it Infected with trojan.Virtumonde trojan.Vundo and generic!artemis was done and reinstalled Symantec Norton Coperate Anti-virus I also used Vundofix to rid myself of the Vundo I think I have finally gotten rid of vundo I pray I did really NASTY virus and most of the other virii but I just recently for safety sake scanned my pc using Mcaffee Stinger and I have the generic artemis virus I have no idea the damage that has been done to my pc but It is running terrible and My anti-virus has crapped out a couple of times during a scheduled scan Most of the time I cannot do a scheduled scan as it hangs up When I was infected with the Vundo Virus It screwed up my registry and did some really nasty damage to my winsock files I had someone look at it and they had me run FixVundo exe VundoFix exe and WinsockXPfix v exeI have downloaded hijack this and copy pasted the logs for anyone to PLEASE help me with I have the log of for anyone to help me a rid myself of all infections Repair the damage all the virus have causedAny help would be greatly appreciated Here is the recent log of STINGER McAfee Stinger Version built on Jan Copyright McAfee Inc All Rights Reserved Virus data file v created on Jan Ready to scan for viruses trojans and variants Scan initiated on Sun Jan Number of clean files Scan initiated on Mon Jan D Program Files Lavasoft Ad-Aware Registration registration helper prg Found trojan or variant Generic ArtemisD Program Files Lavasoft Ad-Aware Registration registration helper prg could not be repaired D Program Files MagicISO MagicISO exe Found trojan or variant Generic ArtemisD Program Files MagicISO MagicISO exe could not be repaired D Program Files Spyware Doctor Update exe Found trojan or variant Generic ArtemisD Program Files Spyware Doctor Update exe could not be repaired G Program Files World of Warcraft WoW- -to- -enUS-downloader exe Found trojan or variant Generic ArtemisG Program Files World of Warcraft WoW- -to- -enUS-downloader exe could not be repaired G Program Files World of Warcraft WoW- -to- -enUS-downloader exe Found trojan or variant Generic ArtemisG Program Files World of Warcraft WoW- -to- -enUS-downloader exe could not be repaired G Program Files World of Warcraft WoW- -to- -enUS-downloader exe Found trojan or variant Generic ArtemisG Program Files World of Warcraft WoW- -to- -enUS-downloader exe could not be repaired G Program Files World of Warcraft WoW- -to- -enUS-downloader exe Found trojan or variant Generic ArtemisG Program Files World of Warcraft WoW- -to- -enUS-downloader exe could not be repaired G Program Files World of Warcraft WoW- -to- -enUS-downloader exe Found trojan or variant Generic ArtemisG Program Files World of Warcraft WoW- -to- -enUS-downloader exe could not be repaired Number of clean files Number of Trojans -------------------------------------------------------------HijackThis log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WI... Read more

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

I don't mean to bump, but am I in the correct section to be posting this?

http://www.bleepingcomputer.com/forums/t/198273/infected-with-trojanvirtumonde-trojanvundo-and-genericartemis/
Relevancy 50.31%

MY ORIGINAL POST IS and with trojan.Virtumonde generic!artemis trojan.Vundo Infected IN THE WRONG SECTION gt I APOLOGIZE My pride has been in the way of asking for help in situations like this but I think I am in way over my head so here goes I have been infected with multiple trojans and malware including Trojan TDSSTrojan Vundo HTrojan VirtumondeTrojan VundoGeneric artemisTrojan FakeAlertTrojan SenekaMalware TraceTrojan AgentSpyware OnlineGamesand most recently generic artemisI have used multiple scanner programs Malwarebytes Malware Windows Defender Spyware Doctor Norton Corporate Anti-virus and Lavasoft Adware AND I uninstalled Symantec Norton Anti-virus Corperate and installed AVG and ran it in safemode and it had a ton of virus that it detected I then removed AVG after it was done and reinstalled Symantec Norton Coperate Anti-virus I also used Vundofix to rid myself of the Vundo I think I have finally gotten rid of vundo I pray I did really NASTY virus and most of the other virii but I just recently for safety sake scanned my pc using Mcaffee Stinger and I have the generic artemis virus I have no idea the damage that has been done to my pc but It is running terrible and My anti-virus has crapped out a couple of Infected with trojan.Virtumonde trojan.Vundo and generic!artemis times during a scheduled scan Most of the time I cannot do a scheduled scan as it hangs up When I was infected with the Vundo Virus It screwed up my registry and did some really nasty damage to my winsock files I had someone look at it and they had me run FixVundo exe VundoFix exe and WinsockXPfix v exeI have downloaded hijack this and copy pasted the logs for anyone to PLEASE help me with I have the log of for anyone to help me a rid myself of all infectionsRepair the damage all the virus have causedAny help would be greatly appreciated

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

Actually it is in the correct forum for HJT logsI will close this thread and leave the other one intact

http://www.bleepingcomputer.com/forums/t/198274/infected-with-trojanvirtumonde-trojanvundo-and-genericartemis/
Relevancy 49.88%

When I do a Artemis!8EA7A0F2B64B with (Trojan) (Trojan) GenericFakeAlert.k be I infected might and search on google or yahoo I am being redirected to different websites Yesterday it was limited to that now I have audio coming from I don't know where and I can find a way to cut it off It's like a podcast of guys just rambling on about stuff This all started after visiting a site called emuparadise com where I should have known better This is suppose to be a I might be infected with Artemis!8EA7A0F2B64B (Trojan) and GenericFakeAlert.k (Trojan) site that offers cracked files for video game system I downloaded something for my year old andI think that's when I started having the issues like within an hour after trying to extract the file after downloadng I can still visit websites if I type in the url address but if I try to go to a website from a search engine I run into the redirection problem s Here are my files from the DDS program Please help DDS Ver - - - NTFSx Run by Garzas at on Wed Internet Explorer Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost I might be infected with Artemis!8EA7A0F2B64B (Trojan) and GenericFakeAlert.k (Trojan) exe -k WudfServiceGroup svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS CNYHKey exe C WINDOWS Dit exe C WINDOWS mHotkey exe C Program Files Common Files Microsoft Shared Works Shared WkUFind exe C PROGRA Yahoo browser ybrwicon exe C Program Files Leapfrog FlyWorld bin FlyMonitor exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C I might be infected with Artemis!8EA7A0F2B64B (Trojan) and GenericFakeAlert.k (Trojan) WINDOWS SOUNDMAN EXE C Program Files Mouse Driver MouseDrv exe C Program Files iTunes iTunesHelper exe C Program Files McAfee com Agent mcagent exe C PROGRA Yahoo browser ycommon exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files DNA btdna exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS System snmp exe C WINDOWS system svchost exe -k imgsvc C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files iPod bin iPodService exe c PROGRA mcafee msc mcshell exe C PROGRA McAfee MSC McLgView exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer Iexplore exe C Program Files Internet Explorer Iexplore exe C Documents and Settings Garzas Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google com uWindow Title Windows Internet Explorer provided by Yahoo uDefault Page URL hxxp www yahoo com fr fp-yie uInternet Connection Wizard ShellNext hxxp yahoo sbc com dial uInternet Settings ProxyOverride local uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dll BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO B CA - A - D -A DF- BB - No File BHO Yahoo IE Services Button bab b b- bc- b - d - fc de a - c progra yahoo common yiesrvc dll BHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dll BHO E D - A- EC... Read more

A:I might be infected with Artemis!8EA7A0F2B64B (Trojan) and GenericFakeAlert.k (Trojan)

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREKind regardsNet_Surfer

http://www.bleepingcomputer.com/forums/t/241919/i-might-be-infected-with-artemis8ea7a0f2b64b-trojan-and-genericfakealertk-trojan/
Relevancy 49.88%

Hi Thanks in advance with Artemis!21CF83958DC7 (Trojan) and Generic.dx!peb Infected (Trojan) for the time McAfee AV it s telling me since yesterday this message McAfee has automatically blocked and removed a Trojan About this TrojanDetected Generic dx peb Infected with Generic.dx!peb (Trojan) and Artemis!21CF83958DC7 (Trojan) Trojan Generic dx peb Trojan Location C WINDOWS TEMP eorh tmp svchost exeThe eorh tmp it s just an example The path will be always like C WINDOWS TEMP xxxx tmp svchost exe Now it has added another trojan McAfee has automatically blocked and removed a Trojan About this TrojanDetected Artemis CF DC Trojan Artemis CF DC Trojan Location C WINDOWS TEMP hsuy tmp svchost exeThis keeps appearing in like minute intervals Here it goes the DDS log DDS Ver - - - NTFSx Run by mmondeja at on - - Internet Explorer BrowserJavaVersion Microsoft Windows Vista Business GMT - SP Lavasoft Ad-Watch Live disabled Updated DAE- F - D - - E CFFDAA SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C WINDOWS system wininit exeC WINDOWS system lsm exeC WINDOWS system svchost exe -k DcomLaunchC WINDOWS System svchost exe -k CognizanceC WINDOWS system svchost exe -k rpcssC WINDOWS system Ati evxx exeC WINDOWS System svchost exe -k LocalServiceNetworkRestrictedC WINDOWS System svchost exe -k LocalSystemNetworkRestrictedC WINDOWS system svchost exe -k netsvcsC WINDOWS system svchost exe -k GPSvcGroupC WINDOWS system SLsvc exeC WINDOWS system svchost exe -k LocalServiceC WINDOWS system Hpservice exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exe -k NetworkServiceC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS System spoolsv exeC WINDOWS system svchost exe -k LocalServiceNoNetworkC WINDOWS system AEADISRV EXEC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Intel AMT atchksrv exeC Program Files Bonjour mDNSResponder exeC WINDOWS system svchost exe -k bthsvcsC Program Files Common Files InterVideo RegMgr iviRegMgr exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Google Update GoogleCrashHandler exeC Program Files Intel AMT LMS exeC Program Files McAfee SiteAdvisor McSACore exeC Program Files McAfee Common Framework FrameworkService exeC WINDOWS system rundll exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS McShield exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC Program Files WatchGuard Mobile VPN ncpclcfg exeC Program Files WatchGuard Mobile VPN ncprwsnt exeC Program Files WatchGuard Mobile VPN ncpsec exeC WINDOWS System svchost exe -k HPZ C Program Files PDF Complete pdfsvc exeC WINDOWS System svchost exe -k HPZ C Program Files WatchGuard Mobile VPN rwsrsu exeC WINDOWS system svchost exe -k imgsvcC WINDOWS System TUProgSt exeC Program Files Intel AMT UNS exeC WINDOWS System svchost exe -k WerSvcGroupC Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEC WINDOWS system SearchIndexer exeC WINDOWS system DRIVERS xaudio exeC Program Files Hewlett-Packard Shared hpqwmiex exeC Program Files HPQ Shared Sierra Wireless Win Unicode SWIHPWMI exeC WINDOWS system wbem wmiprvse exeC WINDOWS system wbem unsecapp exeC PROGRA McAfee MSC mcmscsvc exeC Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exec PROGRA mcafee com agent mcagent exeC WINDOWS system Dwm exeC Program Files Hewlett-Packard IAM bin asghost exeC WINDOWS Explorer EXEC WINDOWS system taskeng exeC WINDOWS system taskeng exeC WINDOWS SMINST scheduler exeC Program Files Hewlett-Packard HP ProtectTools Security Manager pthosttr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exeC Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exeC Program Files Intel AMT atchk exeC Program Files Analog Devices Core smax pnp exeC WINDOWS vsnpst... Read more

A:Infected with Generic.dx!peb (Trojan) and Artemis!21CF83958DC7 (Trojan)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/304778/infected-with-genericdxpeb-trojan-and-artemis21cf83958dc7-trojan/
Relevancy 40.85%

Turned on my laptop and every minutes over the past Artemis... half hour McAfee has popped up and said it quarantined Artemis numbers amp letters So far it has been found in Fresh HTML I have never used it but downloaded it month ago boot disk something and I can't remember the first location I'm running a full scan now Yesterday I downloaded -- but haven't touched -- images I also downloaded and installed WordPress Nothing saved but images so these new issues may have been sleeping or Last week I got the SweetPacks trojan toolbar but cleaned it all out Before that I'd never gotten infected McAfee msclmshell sapphire exe just quarantined popup after min Microsoft Security Essentials just popped up with firefox pif and I removed it I'm running it in the background New to me I thought it only ran when I Artemis... said to Nice to see it scans without prompt McAfee scan still running done issues found with fixed

A:Artemis...

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Spyware 1st Steps




link at the top of each page.


---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f100/artemis-703499.html
Relevancy 40.42%

Hi again Sadly while turning on my computer and logging on to DeviantArt com to check my messages and so forth i was attacked by a Trojan McAfee sprinted to action but of course they always have issues removing them by themselves Trojan labeled as by McAfee Artemis B B AB F D I was able to clear out the original file that attacked me via MoveonBoot but a few times my computer crashed when rebooting Although the file was removed it was still able to attach itself to my system and has been continually popping up with Spyware Protect which i know is a hoax to get credit card info from me bleh I changed my computer login admin password to avoid issues like i had with New Help Trojan Artemis! previous trojans I also had cleared some temporary internet files Please Help again DDS Ver - - - NTFSx Run by Devin at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated FW McAfee Personal Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program Files McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files McAfee VirusScan McShield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe -k imgsvc C New Trojan Help Artemis! WINDOWS Explorer EXE c PROGRA mcafee com agent mcagent exe C WINDOWS RTHDCPL EXE C Program Files Microsoft Xbox Accessories XboxStat New Trojan Help Artemis! exe C Program Files QuickTime QTTask exe C Program Files iTunes New Trojan Help Artemis! iTunesHelper exe C WINDOWS system RUNDLL EXE C Program Files Java jre bin jusched exe C Program Files U-ABIT uGuru uGuru exe C Program Files DAEMON Tools Lite daemon exe C WINDOWS sysguard exe C WINDOWS ALCFDRTM EXE C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C PROGRA McAfee VIRUSS mcsysmon exe C Documents and Settings Devin Desktop dds scr Pseudo HJT Report uInternet Settings ProxyOverride local BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO CA F - F E- B -A E- E E C C - No File BHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dll BHO McAfee SiteAdvisor BHO b e -a b - a -b - cd e a ff - c progra mcafee sitead mcieplg dll BHO BHO bbd a- b - cd- bcd- aa da b - c windows system iehelper dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB McAfee SiteAdvisor Toolbar ebbbe -bad - b c- e a- abecae - c progra mcafee sitead mcieplg dll uRun ABIT uGuruIII c program files u-abit uguru uGuru exe uRun DAEMON Tools Lite quot c program files daemon tools lite daemon exe quot -autorun uRun Steam quot m steam steam exe quot -silent uRun system tool c windows sysguard exe mRun RTHDCPL RTHDCPL EXE mRun SkyTel SkyTel EXE mRun JMB X IDE Setup c windows raidtool xInsIDE exe mRun X Raid Configurer c windows system xRaidSetup exe boot mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun nwiz nwiz exe install mRun mcagent exe c program files mcafee com agent mcagent exe runkey mRun McENUI c progra mcafee mhn McENUI exe hide mRun XboxStat quot c program files microsoft xbox accessories XboxStat exe quot silentrun mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun ... Read more

A:New Trojan Help Artemis!

Hello, rikitheshadow :)
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author:

How to run ComboFix:
Please download ComboFix from one of the following mirrors, and save it to your desktop.This is a mirror.
This is another mirror.
This is yet another mirror.

Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
Double click on your desktop.
Read and accept (Press Yes) to the disclaimer.
For Windows XP Systems: Install the Recovery Console:If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
When prompted to accept the EULA, press OK.
Accept Microsoft's EULA (Press Yes).
When you are told that the RC is installed correctly, please press YES to continue scanning for malware.

ComboFix will run. Simply wait for it to finish.
When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)

NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:ComboFix.txt

Billy3

http://www.techsupportforum.com/forums/f100/new-trojan-help-artemis-375335.html
Relevancy 40.42%

Some malware infected the computer yesterday In task manager it kept showing up as La eMA exe and I deleted whatever instances I could find through regedit It comes back under different names as well such as l g f The names appear to be very random AdAware caught it the first time as a quot suspicious program quot and requested that I send the info to their lab I've run all the requested scans since then Installed Artemis Infection the firewall Did Windows Update and cleaned out the cache Here are Artemis Infection the logs Thank you in advance for the help I'll be checking back to see if you've gotten a chance to eyeball the problem StingerMcAfee Stinger Version built on Sep Copyright McAfee Inc All Rights Reserved Virus data file v created on Sep Ready to scan for viruses trojans and variants Scan initiated on Mon Nov Number of clean files Scan initiated on Mon Nov C WINDOWS system LaO eMA exe Found trojan or variant Generic ArtemisC WINDOWS system LaO eMA exe could not be repaired C WINDOWS system LaO eMA zip LaO eMA exe Found trojan or variant Generic ArtemisC WINDOWS system LaO eMA zip LaO eMA exe Found trojan or variant Generic ArtemisC WINDOWS system LaO eMA zip could not be repaired Number of clean files Number of Trojans Panda's Free Readout ANALYSIS - - PROTECTIONS MALWARE SUSPECTS PROTECTIONSDescription Version Active Updated AVG Yes Yes MALWAREId Description Type Active Severity Disinfectable Disinfected Location Cookie Traffic Marketplace TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system trafficmp txt Cookie Doubleclick TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system doubleclick txt Cookie Atlas DMT TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system atdmt txt Cookie FastClick TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system fastclick txt Cookie Azjmp TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system azjmp txt Cookie Statcounter TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system statcounter txt Cookie YieldManager TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system ad yieldmanager txt Cookie Apmebf TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system apmebf txt Cookie BurstNet TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system burstnet txt Cookie Serving-sys TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system serving-sys txt Cookie Serving-sys TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system bs serving-sys txt Cookie BurstBeacon TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system www burstbeacon txt Cookie Adrevolver TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system media adrevolver txt Cookie RealMedia TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system realmedia txt Cookie QuestionMarket TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system questionmarket txt Cookie Zedo TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system zedo txt Cookie Adrevolver TrackingCookie No Yes No C Documents and Settings NetworkService Cookies system adrevolver txt Cookie Enhance TrackingCookie No Yes No C Documents and Settings LocalService Cookies system enhance txt SUSPECTSSent Location Yes C hp bin KillIt exe Yes C hp bin TrialHTML Office Edition Day Trial exe VULNERABILITIESId Severity Description HiJackThisLogfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Sygate SPF smc exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware... Read more

A:Artemis Infection

I dunno if me replying will bump this back up the list, but it's worth a try.

http://www.bleepingcomputer.com/forums/t/177805/artemis-infection/
Relevancy 40.42%

One of my computers (runs all night) displays a "file deleted" message from McAfee every morning. The specific name of the files deleted (generally it is always two files)changes each day, but they both have .vbt extensions. They are always in the C:\Windows\TEMP folder. McAfee each day shows what I think it believes to be the virus name Artemis! 13E9FC993847. I cannot find information on this variant.

Further, I also run STOPzilla, this too produces a flag each morning saying that it has deleted and blocked he following infections:

Explorer Policies.NoControlPanel
Explorer Policies.NoFolderoptions
System Policies.DisableRegistryTools
System Policies.DisableTaskMgr

I have run all the recommended standard maleware programs like MalwareBytes and SUPERAntiSpyware. Problem does not go away.

Thanks,

w

A:Artemis! 13E9FC993847

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

http://www.bleepingcomputer.com/forums/t/444746/artemis-13e9fc993847/
Relevancy 40.42%

Ok I was trying to respond to another thread because they were having problems like mine My laptop computer started going real slow and getting pop up advertisements last Thursday I updated and ran McAfee McAfee found files called Trojan Artemis and quarantined them I did the removal process and shut down the computer Today I turn my computer on and it is doing the same thing I tried to run Spy-bot it but said there were files missing wouldn t work I also tried to start the computer is Safe Mode but all that did was go to that blue screen So I was looking through forums and found most people saying to run ATF Cleaner and then download Malwarebytes and scan I Trojan HELP Artemis! ran ATF and that was fine But I can not get Malware bytes to install A screen pops up and says quot unable to execute file Create process failed code Can not find file quot and will not load or install I then went to the malwarebyts web page and looked at there forums and there was a process to get past that screen tried that and I get this message quot Error Code quot Here is whats happening that I think may be related to this issue When I start up the computer I get a pop up that says quot logon exe - can not find logon exe quot also a file opens that C Program Files Common I don t know if these things have anything to do with it or not but it al started at the same time I m about to see if I can do the hijackthis thing and post it on here any suggestions would be great Thanks nbsp

Relevancy 40.42%

DDS Ver - - - NTFSx Run by MKW at on Fri Internet Generic!Artemis Explorer Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated FW McAfee Personal Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv Generic!Artemis exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system cisvc exeC WINDOWS system svchost exe -k hpdevmgmtC Program Files Java jre bin jqs exeC Program Files McAfee SiteAdvisor McSACore exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC WINDOWS System svchost exe -k HPZ C WINDOWS System svchost exe -k HPZ C WINDOWS System snmp exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system SearchIndexer exec PROGRA mcafee com agent mcagent exeC PROGRA McAfee VIRUSS mcsysmon exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC PROGRA McAfee VIRUSS mcods exec PROGRA mcafee VIRUSS mcvsshld exeC PROGRA McAfee MSC mcshell exeC Program Files Internet Explorer iexplore exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC Program Files HP Digital Imaging Smart Web Printing hpswp clipbook exeC WINDOWS system SearchProtocolHost exeC Documents and Settings Marlon Weinberg Desktop dds scr Pseudo HJT Report uDefault Page URL hxxp www dell me com mywayuInternet Settings ProxyOverride localuSearchURL Default hxxp search yahoo com search fr mcafee amp p smSearchAssistant hxxp channels aimtoday com search aimtoolbar jspuURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO HP Print Enhancer c e- - -bf - c - c program files hp digital imaging smart web printing hpswp printenhancer dllBHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat reader activex AcroIEHelper dllBHO McAfee Phishing Filter b a- - a -b -be afe ab - c progra mcafee msk mskapbho dllBHO B CA - A - D -A DF- BB - No FileBHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dllBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dllBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO McAfee SiteAdvisor BHO b e -a b - a -b - cd e a ff - c progra mcafee sitead mcieplg dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllBHO FDD B - D - ffb- - B AD ACC - No FileBHO HP Smart BHO Class ffffffff-cf e- f b-bdc - e e a - c program files hp digital imaging smart web printing hpswp BHO dllTB BA B -B - c -B - F F - No FileTB AIM Search d a b-d b- d - a - ee f c - c program files aim toolbar AIMBar dllTB McAfee SiteAdvisor Toolbar ebbbe -bad - b c- e a- abecae - c progra mcafee sitead mcieplg dllTB Yahoo Toolbar ef bd -c fb- d - f- d f - EB FE FA -D C- D - FA- C F AFE - No FileuRun ctfmon exe c windows system ctfmon exemRun mcagent exe quot c program files mcafee com agent mcagent exe quot runkeymRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot IE amp AIM Search - c program files aim toolbar AIMBar dll aimsearch htmIE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE AC E - - d -BC D- B D A DE - c program files aim aim exeIE CD F -D E - d - FE- C F AFE IE d ca b-ef - af-bee - d a c d - http wwws musicmatch com mmz openWebRadio htmlIE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exeIE FB F -F - d -BB E- C F - c program f... Read more

A:Generic!Artemis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/199395/genericartemis/
Relevancy 40.42%

Have a nasty virus. started with a "new hardware found" pop up window. (I hadn't added any hardware)
Hardware discription was Root\Legacy PCD55RCV... disabled that. IE gets redirected and sometimes shuts down. Cannot update any virus software. McAfee popped up saying it found and quarantined the Artemis trojan. Computer's over all performance is getting worse. xp sp3. Try to start in safe mode and get the error message..."page fault in non page area"

A:artemis...? trojan...?

Hi, see this post was moved. Making sure it's in the correct forum. Hoping to get some help soon. Thanks.

http://www.bleepingcomputer.com/forums/t/296642/artemis-trojan/
Relevancy 40.42%

My problem started about a week ago when I logged onto the internet I was bombarded by a million instances of Internet Explorer popping up I shut down my computer Need of Rid Help Artemis Getting Trojan and restarted and did a virus scan with McAfee What it found was a trojan called Artemis that is attached to a few different files It quarantined the files but I searched the internet a bit to try to find out about it I then also ran scans with Malwarebytes and SuperAntispyware and quarantined what they found Malwarebytes found some more files in my system Need Help Getting Rid of Artemis Trojan registry Now this artemis trojan just seems to keep popping up I just can t seem to get rid of it and I would very much appreciate some help I keep running constant scans of my computer to try to keep the problem at bay My hijack this log is posted below Please let Need Help Getting Rid of Artemis Trojan me know if there is anything else you need to know Thanks Need Help Getting Rid of Artemis Trojan in advance for your help I really appreciate your time Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS EXE C WINDOWS System hkcmd exe C Program Files Winamp winampa exe C Program Files Dell AIO Printer A dlbkbmgr exe C Program Files iTunes iTunesHelper exe C Program Files QuickTime qttask exe C Program Files Dell Media Experience PCMService exe C Program Files Real RealPlayer RealPlay exe C Program Files HP HP Software Update HPWuSchd exe C Program Files McAfee com Agent mcagent exe C Program Files AIM aim exe C WINDOWS System spool DRIVERS W X E FATIEDA EXE C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files America Online a aoltray exe C Program Files Digital Line Detect DLG exe C Program Files FinePixViewer QuickDCF exe C Program Files HP Digital Imaging bin hpqtra exe C WINDOWS system ntvdm exe C Program Files Dell AIO Printer A dlbkbmon exe C Program Files HP Digital Imaging bin hpqimzone exe C Program Files Common Files LightScribe LSSrvc exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files McAfee MPF MPFSrv exe C Nexon Mabinogi npkcmsvc exe C WINDOWS System svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS wanmpsvc exe C WINDOWS system svchost exe C Program Files Canon CAL CALMAIN exe C Program Files iPod bin iPodService exe C PROGRA McAfee VIRUSS mcsysmon exe C WINDOWS system wuauclt exe C Program Files McAfee MSC mcshell exe C PROGRA McAfee VIRUSS mcods exe c PROGRA mcafee VIRUSS mcvsshld exe C PROGRA McAfee VIRUSS mcshield exe C Program Files America Online a waol exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Kellye Kruesel Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com myway R - URLSearchHook AIM Toolbar Search Class - f - dc - -bc - e fefafe - C Program Files AIM Toolbar aimtb dll R - URLSearchHook AOLSearchHook Class - EB EA-E BE- CFD- F F-C A C EAFA - C Program Files AIM Search AOLSearch dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO AOL Search Enhancement - EB EA-E BE- CFD- F F-C A C EAFA - C Program Files AIM Search AOLSearch dll O - BHO scriptproxy - DB D A - - E -B D- F C - c PROGRA mcafee VIRUSS scriptsn dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO AIM Too... Read more

A:Need Help Getting Rid of Artemis Trojan

Just bumping this up because I'm still waiting. I'd appreciate some help before this thing keeps causing more computer issues.
 

https://forums.techguy.org/threads/need-help-getting-rid-of-artemis-trojan.876960/
Relevancy 40.42%

attachment ark txt txt attachment Attach txt I Artemis!D8B9A62B6B1B get the following message appearing on my screen cannot find file C WINDOWS privacy danger index htm please make sure the path or internet address is correct The things I have noticed are as follows Unable to download security updates from microsoft updates Have a white desktop backgound Unable to set a backgound on desktop when I Artemis!D8B9A62B6B1B try the error Artemis!D8B9A62B6B1B messege appearsThe DDS report is as follows Internet Explorer Microsoft Windows XP Professional GMT AV McAfee VirusScan On-access Artemis!D8B9A62B6B1B scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS system igfxpers exeC WINDOWS RTHDCPL EXEC Program Files Common Files InstallShield UpdateService issch exeC Program Files Common Files AOL ee AOLSoftware exeC Program Files Lexmark Series lxcgmon exeC Program Files McAfee com Agent mcagent exeC Program Files Java jre bin jusched exeC Program Files Windows Defender MSASCui exeC WINDOWS system ctfmon exeC WINDOWS system igfxsrvc exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files Windows Media Player WMPNSCFG exeC Program Files AOL a aoltray exeC Program Files AOL Companion companion exeC Program Files Common Files AOL ACS AOLacsd exesvchost exeC WINDOWS system CTSVCCDA EXEC WINDOWS System svchost exe -k HTTPFilterC Program Files Java jre bin jqs exeC Program Files McAfee SiteAdvisor McSACore exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC Program Files Common Files Roxio Shared SharedCOM RoxWatch exeC Program Files TalkTalk bin sprtsvc exeC WINDOWS system svchost exe -k imgsvcC Program Files Common Files Supportsoft bin tgsrvc exeC WINDOWS wanmpsvc exeC WINDOWS system lxcgcoms exeC Program Files AOL a waol exeC Program Files AOL a shellmon exeC Program Files Common Files AOL aoltpspd exeC PROGRA McAfee VIRUSS mcsysmon exeC WINDOWS system wuauclt exeC Documents and Settings wpralph Desktop dds scr Pseudo HJT Report uStart Page hxxp www mytalktalk co ukuSearch Page hxxp www google co uk hws sb dell-usuk en side html channel ukuDefault Page URL www google co uk ig dell hl en amp client dell-usuk amp channel uk amp ibd uSearch Bar hxxp www google co uk hws sb dell-usuk en side html channel ukuInternet Connection Wizard ShellNext iexploreuSearchURL Default hxxp search yahoo com search fr mcafee amp p smSearchAssistant hxxp www google co uk hws sb dell-usuk en side html channel ukuURLSearchHooks McAfee SiteAdvisor Toolbar ebbbe -bad - b c- e a- abecae - c progra mcafee sitead mcieplg dllmURLSearchHooks H - No FileBHO D -C F - efb- B - ECA - No FileBHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO f fbd -cde - c- - eecfe - c windows system hgGxVMGY dllBHO McAfee Phishing Filter b a- - a -b -be afe ab - c progra mcafee msk mskapbho dllBHO IeCatch Class f -aa - b - f d- a b e ef - c progra flashget jccatch dllBHO C C A-E - b - D - CECB - No FileBHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dllBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO dc - - c -b - f fa b f - c windows system yaywwXrO dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllBHO McAfee SiteAdvisor BHO b e -a b - a -b - cd e a ff - c progra mcafee... Read more

A:Artemis!D8B9A62B6B1B

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/258224/artemisd8b9a62b6b1b/
Relevancy 40.42%

I have been using combofix for a long time to clean people computer. This morning I went to download from this site and Mcafee detected it as an Artemis (trojan). Is it a problem with Mcafee V13.11 dat 5668 detecting a false postive or the file itself. any help would be useful

Thanks

A:artemis (trojan)

I think McAfee detected it as a trojan via their Artemis technology. If you downloaded Combofix from Bleeping Computer or another trusted site it's probably a false positive. You should also read this description on Combofix:You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

http://www.bleepingcomputer.com/forums/t/239540/artemis-trojan/
Relevancy 40.42%

Hello I recently have been having troubles with my computer I have Windows Vista Home Premium My computer is a Dell Inspiron S Rather than give TMI I thought I would just list here what happened what I did in response and why I am posting this I usually have my computer on Artemis!/Trojan most of the Artemis!/Trojan time hence it goes in and out of sleep mode When it comes back on my Internet Explorer will start up with anywhere from to Internet pages with places that I have never visited I immediately started a scan with my McAfee program After doing a complete scan this is what came up One file detected AND quarantined that being and I hand copied this so I could enter it here Artemis D BE C A Trojan More specificall this and I hope I did this exact J SYSTEM APPS F CFFF- - -A D -E E C LOLA U P The second problem that may or may not be related is that when I attempt to shut down my computer I get this message PDF file is preventing this computer from shutting down In summary even though this Artemis thing has been quarantined I am not sure if this program is gone and my computer is now safe What should I do please I thank you aforehand for any and all help with this Regards Charles nbsp

A:Artemis!/Trojan

Please help. After using McAfee, it detected and quarantined an Artemis! Trojan. But how do I get rid of it because I still get self-starting IE windows opening. What is a HJT Log and how do I post one so that I can finally get someone to help me please.

Thank you,
Charles
 

https://forums.techguy.org/threads/artemis-trojan.867519/
Relevancy 40.42%

hi! i was on firefox, playing an internet game i regularily play and noticed my anti-virus was doing a scan out of nowhere, i have McAfee.. as it was scanning i noticed it said 1 detected 1 quarantined, as it finished scanning.. i checked the log and the log says... Artemis!68C34787212A (Trojan)
File: C:\SYSTEM VOLUME INFORMATION\RESTORE{BBB2C4CF-BFC8-4C30-AAAA-A4C060EC9E4C}\RP18\A0000602.DLL

what does all this mean? is it bad? it's quarantined but i know it's not deleted or removed.. how do i remove it? thanks for anyone's help!

A:Artemis!68C34787212A what is it??

Hello, it said it quarantined the trojan . So that means it can no longer harm the PC. Let's do one more scan to be sure there is nothing else here and then we'll remove the one in System Restore.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/247511/artemis68c34787212a-what-is-it/
Relevancy 40.42%

hi guys...
have mcafee...it won't remove it
malwarebytes...won't remove it
don't know if highjackthis has found it and don't know how to use it either

A:Name: Generic!Artemis

You will need the guidance of the HJT team to clean this.Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Post in this thread when you haven't received an answer in five days.".To avoid confusion, I am closing this topic.

http://www.bleepingcomputer.com/forums/t/200817/name-genericartemis/
Relevancy 40.42%

My kids recently noticed that our PC was taking much longer to boot up than it has in the past. Of late I've rarely used it myself, so this problem may have been gradually increasing.

A scan of our system uncovered that Artemis! 1F19FEF79C30 was present in C:\WINDOWS1\SYSTEM32\UPDATEUSER.EXE

I'm very much a novice when it comes to computers and I have no idea of how to tackle this problem to remove this virus.

In need of help!

A:How do I get rid of Artemis trojan?

On top of this page goto Spyware First Steps and follow those directions and post the logs back here in a reply.

http://www.techsupportforum.com/forums/f284/how-do-i-get-rid-of-artemis-trojan-565223.html
Relevancy 40.42%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8, 64 bit
Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 3800 Mb
Graphics Card: AMD Radeon HD 7310 Graphics, 256 Mb
Hard Drives: C: Total - 452558 MB, Free - 208288 MB;
Motherboard: Gateway, SX2110G
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

Artemis!6C1B5C6C79E6 Well how do you get rid of this creature. Keeps popping up.
 

A:Artemis removal

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

https://forums.techguy.org/threads/artemis-removal.1105240/
Relevancy 40.42%

I'm having a problem with pop-ups. I have ran CCleaner, superantispyware, Malware Bytes, and McAfee and nothing seems to be getting rid of this. They each keep finding it but can't seem to completely get rid of it. Any help on this would be GREATLY appreciated. Thanks

http://www.techsupportforum.com/forums/f284/generic-artemis-441696.html
Relevancy 40.42%

Computer is older Gateway desktop Operating system is MSWindowsXP Home edition SP with Pentium CPU GHz GB Ram I use McAfee Security Center and it updates Artemis took over computer regularly It did not detect the download of the Artemis trojan It did detect some of he havoc that resulted but would not detect the source of the problem I could not use that machine to google anything about removing the trojans as every Google link was redirected I had to use my laptop to download information about the virus I also used it to download Anti Spyware applictions but none of them found the source I tried SuperAntiSpyware Malwarebytes SpyBot vcleaner exe ATF cleaner HijackThis Microsofts Windows-kb -v RUBotted CCleaner AVGfree software System Mechanic and Micorsoft Security Essentials None of them got the root source of the virus I unistalled McAffee since it could not find any problems in hopes of replacing it with AVG However Artemis took over computer AVG would not install - it could not make a necessary change in the registry I found a web site that suggested ComboFix When I downloaded it opening it said it had the Artemis virus The instructions said to disable McAffee because that was a false positive Yeah sure So I tried everything else again Nothing worked and each one took over an hour for a full scan I found this forum and found mention of ComboFix again I copied all my documents and critical data to memory stick I downloaded ComboFix unistalled McAfee It said to install Microsoft Recovery Console from bootdisk I did not have a boot disk so made one from MS Download website copied it to the desktop and dropped the icon onto the Combofix icon as instructed It quot rooted out quot the problem so to speak It saved a bunch of viruses in a folder called Qoobox I reinstalled McAfee and ran it along with Malwarebytes Spybot McAfee found Artemis CAEA CEE A two copies Quarentined Artemis DD ACDEA A repaired FakeAlert-CK two copies repaired Tool-NIRCmd Cannot be repaired Microsoft Securing Essentials found two viruses in a Quarantied file which it said it removed SpyBot only found tracking cookies Then I looked to see if I should post to this forum It instructed me to first run DDS scr and RootRepeal exe before posting I downloaded DDS scr it loaded and ran I saved the files to desktop I moved on to download and run RootRepeal Downloaded fine but would not run It just hangs up and takes over all the CPU activity I tried four times rebooting between each time to get it to run I had to use TaskManager to End Process to get it to stop hanging not responding Now what do I do with all items in the Qoobox files the quarantined files and Registry dat files Can I use file shredder from SpyBot to shred them Do I disable System restore before I do shred then re-enable system restore Should I get rid of Registry back ups that were created by other applications during this process Should I post the dds txt and attach files the ComboFix-quarantined-files txt

A:Artemis took over computer

Should I post the dds.txt and attach files?Yes include that and let them know that you ran Combofix and have the filesPost it the forum that you originally posted in

http://www.bleepingcomputer.com/forums/t/290239/artemis-took-over-computer/
Relevancy 40.42%

McAfee detected Artemis E - I have followed their restart several times and rescan continues to show it Have run Adwcleaner amp attempted quarantine I have Artemis? Trojan also run Malwarebytes which has identified - Trojan FilePatch DNSApi and several Trojan Injector MSIL VLC program was downloaded to my computer a few days ago by my boyfriend and since then Trojan Artemis? these things have been occurring The entire desktop including my background have changed and numerous adclick and advertisements seemed to pin Trojan Artemis? themselves to my desktop the advertisements stopped after I ran malware bytes and adwcleaner All my web browsers open to the same search page that is foreign to me I attempted to change the start pages and it leaves what I changed it to but continues to open to their search page I ve followed the programs steps to quarantee fix clean but upon restart it all shows up again Tech Support Guy System Info Utility version OS Version Microsoft Windows Home Premium Service Pack bit Processor Intel R Core TM i - S CPU GHz Intel Family Model Stepping Processor Count RAM Mb Graphics Card Intel R HD Graphics Family - Mb Hard Trojan Artemis? Drives C Total - MB Free - MB Motherboard Dell Inc Vfv M Antivirus McAfee Anti-Virus and Anti-Spyware Updated and Enabled Malwarebytes Anti-Malware www malwarebytes org Scan Date Scan Time PM Logfile Administrator Yes Version Malware Database v Rootkit Database v License Free Malware Protection Disabled Malicious Website Protection Disabled Self-protection Disabled OS Windows Service Pack CPU x File System NTFS User Family Computer Scan Type Threat Scan Result Completed Objects Scanned Time Elapsed min sec Memory Enabled Startup Enabled Filesystem Enabled Archives Enabled Rootkits Enabled Heuristics Enabled PUP Enabled PUM Enabled Processes No malicious items detected Modules No malicious items detected Registry Keys No malicious items detected Registry Values No malicious items detected Registry Data Trojan DNSChanger HKLM SYSTEM CURRENTCONTROLSET SERVICES TCPIP PARAMETERS Interfaces B - DDD- -A - DF C F NameServer Good Bad a c f a bec c Trojan DNSChanger HKLM SYSTEM CURRENTCONTROLSET SERVICES TCPIP PARAMETERS Interfaces ee - - de- d - e f e NameServer Good Bad ec a d fc d ae f cb f e Trojan DNSChanger HKLM SYSTEM CURRENTCONTROLSET SERVICES TCPIP PARAMETERS Interfaces ADFC- - AD-B -C CF FDD NameServer Good Bad f a b e ad ce cf f Trojan DNSChanger HKLM SYSTEM CURRENTCONTROLSET SERVICES TCPIP PARAMETERS Interfaces B F D- E - EB-B DA-DF BD A NameServer Good Bad b bdcd eeaba dc e e baad Trojan DNSChanger HKLM SYSTEM CURRENTCONTROLSET SERVICES TCPIP PARAMETERS Interfaces B E F - E - BB-A D- EEEE FBB NameServer Good Bad cdc ea c da e bb ff a d Trojan DNSChanger HKLM SYSTEM CURRENTCONTROLSET SERVICES TCPIP PARAMETERS Interfaces CFFBE E- C - F -B A - B DCBC B E NameServer Good Bad d af d dc ae Folders PUP Optional ConvertAd Gen C Program Files x C C - - C - -B C F eeebed c c f e aaa db PUP Optional MaxDriverUpdater C Program Files x Max Driver Updater f b af cd e c caed PUP Optional WinZipRegOp C Users Family Computer AppData Roaming Nico Mak Computing WinZip Registry Optimizer ed b e e c cb ae PUP Optional WinZipRegOp C Users Family Computer AppData Roaming Nico Mak Computing WinZip Registry Optimizer Version ed b e e c cb ae PUP Optional WinZipRegOp C Users Family Computer AppData Roaming Nico Mak Computing WinZip Registry Optimizer Version Partial Backups ed b e e c cb ae PUP Optional VBates C Users Family Computer AppData LocalLow D D - D- E -B D - C F C E A b b a b ae b abe bb PUP Optional VBates C Users Family Computer AppData LocalLow D D - D- E -B D - C F C E A FBC C- B - FB - ADA- F B AD b b a b ae b abe bb PUP Optional VBates C Users Family Computer AppData LocalLow D D - D- E -B D - C F C E A FBC C- B - FB - ADA- F B AD b b a b ae b abe bb PUP Optional Privoxy PrxySvrRST C Users Family Computer AppData Roaming Admin Menager a c c ed f fd f PUP Optional SecurityApps C User... Read more

https://forums.techguy.org/threads/trojan-artemis.1169431/
Relevancy 40.42%

I downloaded a trainer for S.T.A.L.K.E.R Call of Pripyat and as soon as I unpack the file McAfee removed it and reported a trojan. I opened the quarantine and it said Artemis (Trojan). I know for a fact this doesn't have any viruses on it. When I press restore it removes it again. How can I make McAfee stop removing it?

A:Artemis Trojan help

Report it to McAfee if you are sure it's not an infected file.

Submit a Virus or Malware Sample | McAfee Labs
[email protected]

I believe Artemis is one of their generic heuristic detections.

Also, if you really trust the file, add it to McAfee Ignore list, if it has one. If it doesn't, then it's not very configurable and you may want to look elsewhere for antivirus protection.

PC Safety and Security - What Do I Need?

http://www.techsupportforum.com/forums/f100/artemis-trojan-help-663108.html
Relevancy 40.42%

The other day while in IE my browser page jumped to a fake malware scanner I forget exactly the name and what it said but I didn t click on anything but instead used the task manager to shut the thing down and end IE I ran a couple of anti malware scans Spybot and MBAM after that and all was ok so I didn t think anything more about it But today Mcafee s antivirus Artemis! trojan scan I have Mcafee Total protection found a trojan horse Artemis CB C and said it quarantined it according to the history log While Mcafee s main screen now says the computer is secure on the security report I Artemis! trojan noticed that it said I have had two trojan s that have been quarantined since Mcafee was installed Curious as to what this other one was it wasn t from today I tried to view the quarantined items but I am unable to open or view the quarantine So I can t even tell if anything is actually IN the quarantine Now I m just a little nervous that maybe not everything is fixed as it should be Can someone please give me some guidance as to what I should do next to make sure these trojans are gone for good and won t reinfect the computer By the way I had both MBAM and SAS already on the computer and prior to me posting this message to you all I was able to update both and ran scans Mbam found nothing and SAS run in safe mode found nothing other than a bunch of adware Computer runs Vista Thank you

A:Artemis! trojan

Artemis is the "Active Protection" component of McAfee's Security Center which uses a combination of signature and behavior analysis to check with McAfee servers in real-time to identify possible new malware threats. This is accomplished by adding heuristics to the virus database. McAfee then uses this heuristic detection to analyze the cataloged behaviors and assess the likelihood of possible new variants of malware before the vendor can get samples and update the program's definitions for detection.In general, heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "false positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware.Artemis is not the name of an actual virus, but an alert displayed by McAfee when it thinks it may have found a new virus. These detected files may or may not be malicious. McAfee advises to forward these files to the Avert Lab's Threat Center if you think it was a false detection so it can be excluded from the database automatically. For more specific information, please refer to "Artemis" & Other Possibly False Detections.If you're not sure about the detection, McAfee asks that you submit a sample directly to McAfee Labs so they can investigate further. To do this, please refer to Submit a Sample To McAfee.Edit: The information I provided did not change with this edit. I reworded a sentence for clarity and fixed a broken link.

http://www.bleepingcomputer.com/forums/t/379042/artemis-trojan/
Relevancy 40.42%

Hi.
Does someone know more: found this link @ bleepingcomputer
hxxp://screen317.spywareinfoforum.org/SecurityCheck.exe
https://www.virustotal.com/de/url/73e8b5fdde57965cc52e03e49902fd799ac0b04619f13ce5a1336a8313308862/analysis/
https://www.virustotal.com/de/file/03eb42ec04d9c360affad0015fa06343c85df48b74c01089fad708d34cec6a9b/analysis/
SEE:
http://www.bleepingcomputer.com/forums/t/507059/wormwin32vikingna-perhaps-more/
AND:
hxxp://screen317.changelog.fr/SecurityCheck.exe
https://www.virustotal.com/de/url/12aff916e90fc424bbfc237d6bde249c1679cfe398aa8ceaea0fa709f67ba64a/analysis/1417808383/
 
 
Regards

A:Artemis!76B5C2A92AEC ?

If you are simply referring to the to the fact that Screen317 Security Check shows as "suspect" then this is correct.
 
Screen317 currently has no "Digital Signature" with it, as he is in the process of updating it.
 
Many of the tools used on all forums (from Screen317 Security Check up to ComboFix) will always show as "suspect", and this includes several other Antivirus or Antimalware tools. The reason is basically because they must "invade or investigate" inside an Operating System as a foreign entry.
 
This is never regarded as "unusual" and with some programs you will be asked to "Temporarily Disable your Antivirus" so the tool will run unhindered.
 
I hope this basically explains things for you.

 

 

NOTE - Malwarebytes  20141203
Screen317 is a developer and Moderator on Malwarebytes Forum
 

Thank you for your interest and care -

http://www.bleepingcomputer.com/forums/t/558785/artemis76b5c2a92aec/
Relevancy 40.42%

Ok I did it again and downloaded another virus I think My Mcafee antivirus came on and told me it repaired removed three viruses or trojans Artemis ED Virus Artemis D AND Generic PWS y bee twice Since then I am getting a pop up saying my computer is infected and I need to downloaded an antivirus program I am posting you my Malwares Log for you to view hope you can help me again as you did such a good job last time Thanks CJ Malwarebytes Anti-Malware Database version Windows Service Artemis Virus Pack PM mbam-log- - - - - txt Scan type Quick Scan Objects Artemis Virus scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected c Windows freddy exe Worm KoobFace - gt Unloaded process successfully c Windows pp exe Worm KoobFace - gt Unloaded process successfully Memory Modules Infected No malicious items detected Registry Keys Infected HKEY CLASSES ROOT explorerbar funexplorer Adware DoubleD - gt Quarantined and deleted successfully HKEY CLASSES ROOT explorerbar funexplorer Adware DoubleD - gt Quarantined and deleted successfully HKEY CLASSES ROOT explorerbar funredirector Adware DoubleD - gt Quarantined and deleted successfully HKEY CLASSES ROOT explorerbar funredirector Adware DoubleD - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface c -f ad- c - b c- bae a d Adware DoubleD - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface f a- - b -a d- c d Adware DoubleD - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface f eab- - df- - eafd fbf Adware DoubleD - gt Quarantined and deleted successfully HKEY CLASSES ROOT Typelib dfc - a - d- c- a e b d f Adware DoubleD - gt Quarantined and deleted successfully HKEY CLASSES ROOT Typelib ac ab -ed - f c- f -b b ffa Adware DoubleD - gt Quarantined and deleted successfully HKEY CLASSES ROOT Typelib c a -c - b-a -a bc cd Adware DoubleD - gt Quarantined and deleted successfully HKEY CURRENT USER ECA - D- BA - - B AB D Adware DoubleD - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE DoubleD Adware DoubleD - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Internet Saving Optimizer Adware DoubleD - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Media Access Startup Adware DoubleD - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE DoubleD Adware DoubleD - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Uninstall b b- ff - fb- bf - f dd f is Adware DoubleD - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Uninstall fb ab - - a - e -f ec dddc is Adware DoubleD - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Uninstall c - - e-b a- a ee is Adware DoubleD - gt Quarantined and deleted successfully Registry Values Infected HKEY LOCAL MACHINE SOFTWARE Mozilla Firefox Extensions ba d- a - e -b b - ec a a b ec Adware DoubleD - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Mozilla Firefox Extensions e - e - -a -ce fccaae Adware DoubleD - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Run sysfbtray Worm KoobFace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Run sysldtray Worm KoobFace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Run pp Worm KoobFace - gt Quarantined and deleted successfully Registry Data Items Infected No malicious items detected Folders Infected C Program Files DoubleD Adware DoubleD - gt Quarantined and deleted successfully C Program Files DoubleD GamingHarbor Toolbar Adware DoubleD - gt Quarantined and deleted successfully C Program Files FunWebProducts Adwa... Read more

A:Artemis Virus

Hello.. We can get this. First you need to Update MBAM.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next run ATF and SAS:Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Please ask any needed questions,post logs and Let us know how the PC is running now.

http://www.bleepingcomputer.com/forums/t/270868/artemis-virus/
Relevancy 40.42%

I have the Artemis trojan on my computer. McAfee detected this multiple times and quarantined and removed it but it keeps coming back. The trojan has disabled my windows defender and I cannot turn it back on. I have uninstalled the adware that it had put on my computer but the ads keep coming back.

Here is my computer information:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8061 Mb
Graphics Card: Intel(R) HD Graphics 4000, -1984 Mb
Hard Drives: C: Total - 940260 MB, Free - 837755 MB;
Motherboard: Dell Inc., 0YMFG1
Antivirus: Windows Defender, Disabled
 

A:Artemis Trojan Help

Hello gobears1.

Welcome to Tech Support Guy. I am Marie Curie and will gladly help you with any malware-related problems.

I am currently in training at WhatTheTech and every post of mine will be approved by a teacher. This leads to some delay in the response time. I will return as soon as possible with instructions. Please familiarize yourself with the following ground rules in the meanwhile.

Read my instructions thoroughly, carry out each step in the given order.
Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
Back up important files before we start.
I am also aware that your post is five days old. So tell me if you still need help.
 

https://forums.techguy.org/threads/artemis-trojan-help.1150461/
Relevancy 40.42%

I have Mcafee, and it has had this file In quarantine for a few months now. I was alerted of a Trojan, back awhile ago, I am guessing that this is it. It showed me the details and what the file was
 
this is the actual file name Mediaplayerclassic.exe
 
is this a Trojan? this was placed into the PUP...I click It and it wants me to grant it access to my computer. I have not done so yet. I wont do it either.
 
the fact I am not allowing it to run, does this mean I am safe and so far the Trojan has not been released and is not technically taking over my computer? Or does this mean that the Trojan is on my computer and has had control for some time now?Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

A:Artemis!C100D786CCFD ?? What is this?

Hello dannyd6 and Welcome to the BleepingComputer.   
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here
Thanks
---------------------------------------------------------------------------------------------------------
 
 Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 
Sincerely

http://www.bleepingcomputer.com/forums/t/591944/artemisc100d786ccfd-what-is-this/
Relevancy 40.42%

I can t seem to get rid of these two viruses I guess they re the same since everything I look up about them links Generic!/Artemis them together I can go months without seeing another one pop up I guess it could be a reinfection but just to be safe I feel it s important to note that the gmer scan came out with nothing on it And that when I went to scan all of the boxes to check were grayed out except for services registry files c and ads so i couldn t match the screenshot It won t me upload the notepad from gmer because there s nothing in it DDS Ver - - - NTFSX Run by Taylor at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - SP Spybot - Search and Destroy enabled Outdated ED FAF- B F- B -ACA - E C DADBE SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows Generic!/Artemis system Ati evxx exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system SLsvc exeC Windows system svchost exe -k Generic!/Artemis LocalServiceC Windows system Ati evxx exeC Windows system svchost exe -k NetworkServiceC Windows System svchost exe -k yksvcsC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files x McAfee SiteAdvisor McSACore exec PROGRA COMMON mcafee mcproxy Generic!/Artemis mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Windows system rundll exeC Windows SysWOW rundll exeC Program Files x McAfee MPF MPFSrv exeC Windows SysWOW PnkBstrA exeC Windows SysWOW PnkBstrB exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Program Files x Spybot - Search amp Destroy SDWinSec exeC Windows system WUDFHost exeC PROGRA McAfee MSC mcmscsvc exeC Windows system taskeng exec PROGRA mcafee com agent mcagent exeC Windows system Dwm exeC Windows system taskeng exeC Windows Explorer EXEC Windows system taskeng exeC Windows MHotKey exeC Program Files Realtek Audio HDA RAVCpl exeC Program Files x Spybot - Search amp Destroy TeaTimer exeC Windows CNYHKey exeC Program Files x Cyberlink Power Go CLMLSvc exeC Program Files x Epson Software Event Manager EEventManager exeC Program Files x bin jusched exeC Program Files x ATI Technologies ATI ACE Core-Static MOM exeC Windows ChiFuncExt exeC Program Files x ATI Technologies ATI ACE Core-Static CCC exeC Windows ModLedKey exeC Program Files x Mozilla Firefox firefox exeC PROGRA McAfee VIRUSS mcsysmon exec PROGRA COMMON mcafee mna mcnasvc exeC Windows system wuauclt exeC Windows system DllHost exeC Windows system DllHost exeC Users Taylor Desktop dds scrC Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www ask com o amp l disuDefault Page URL hxxp homepage gateway com rdr aspx b ACGW amp l amp s amp o vp amp d amp m dx uSearch Page uSearch Bar mStart Page hxxp homepage gateway com rdr aspx b ACGW amp l amp s amp o vp amp d amp m dx mDefault Page URL hxxp homepage gateway com rdr aspx b ACGW amp l amp s amp o vp amp d amp m dx uURLSearchHooks McAfee SiteAdvisor Toolbar ebbbe -bad - b c- e a- abecae - c progra mcafee sitead mcieplg dllBHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files x common files adobe acrobat activex AcroIEHelperShim dllBHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dllBHO C C A-E - b - D - CECB - No FileBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files x bin ssv dllBHO scriptproxy db d a - - e -b d- f c - c program files x mcafee virusscan scriptsn dllBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files x common files microsoft shared windows live WindowsLiveLogin dllBHO McAfee SiteAdvisor BHO b e ... Read more

A:Generic!/Artemis

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt Will be openedExtra.txt Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't ... Read more

http://www.bleepingcomputer.com/forums/t/307270/genericartemis/
Relevancy 40.42%

My computer is infected with the Artemis virus. How do I get rid of it?

A:Artemis virus

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Download aswMBR to your desktop.Double click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On completion of the scan click "Save log", save it to your desktop and post in your next reply.NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

http://www.bleepingcomputer.com/forums/t/455968/artemis-virus/
Relevancy 40.42%

Hi i'm not very technical with computer's but was hoping for help

Today i got a pop up stating i've got 33 dections etc and other pop up's asking if i wanted them removing etc

I fell for it an clicked yes now i can't open any .exe files can't really connect to internet properly i've managed to get on going through the 'check web for right program bit'

At the moment i'm in safe mode i've read and done the dds an attach which i will post if required.
also i cant get gmer to work as it's a .exe file

I am using windows vista home basic, i have mcfee which i ran a scan and detected 2 things but couldn't do anythin as nothing will open

can anyone help?? thanks in advance!

A:artemis trojan??

Hi i did a post about having fake alert's but my comp would not do anything so re-installed windows vista

thought everything was ok then got the security alerts again asking if i wanted to update, block attacks etc

i did a scan on mcafee and it brought up 2 detections 1 quaritined other not all same name ''Artemis!5B1EF94F06A9 (trojan)''

what can i do???

http://www.techsupportforum.com/forums/f284/artemis-trojan-474308.html
Relevancy 40.42%

My computer had the Artemis virus.  Now I can't open my PDF, Word, or Excel documents, even if I send them to another computer.  Is there any way to fix them?
 
 
 
 

A:The Artemis Virus.

Welcome tebljb

We should get it all with these.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Download TDSSKiller and save it to your desktop.
Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the toolClick on the Scan button.AdwCleaner will begin to scan your computer like it did before.After the scan has finished...
<-insert any special instructions here for what to uncheck OR remove this line if there are none->This time click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder..
.
.

Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.
Last run ESET.
Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button.NOTE:Sometimes if ESET finds no infections it will not create a log.

http://www.bleepingcomputer.com/forums/t/511738/the-artemis-virus/
Relevancy 40.42%

Using Mcafee I ve found a virus that it is not able to remove Sometimes it points to a dll file called quot musosami dll quot I apparently cant delete it and dont even know if I should It also pointed to quot pegojehe dll quot and quot zasiyugi dll quot Additionally when I virus Artemis use internet explorer I get advertisement windows that pop-up whenever I navigate anywhere this doesn t seem to be very harmful but it is quite annoying Another possible problem is I had Artemis virus my bank account hacked and drained by someone online and haven t the slighest idea how that happened I m desperate at this point My log is below Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS CTHELPER EXE Artemis virus C WINDOWS system CTXFIHLP EXE C Program Files Intel Intel Matrix Storage Manager Iaanotif exe C Program Files Dell SAS RAID Storage Manager MegaPopup Popup exe C Program Files Creative Sound Blaster X-Fi DVDAudio CTDVDDET EXE C WINDOWS SYSTEM CTXFISPI EXE C Program Files McAfee com Agent mcagent exe C Program Files Dassault Systemes B intel a code bin CATSysDemon exe C Program Files Intel Intel Matrix Storage Manager Iaantmon exe C Program Files Java jre bin jqs exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS system nvsvc exe C Program Files Common Files SafeNet Sentinel Sentinel Protection Server WinNT spnsrvnt exe C Program Files Dell SAS RAID Storage Manager Framework VivaldiFramework exe C WINDOWS system cmd exe C Program Files Dell SAS RAID Storage Manager JRE bin javaw exe C Program Files Dell SAS RAID Storage Manager MegaMonitor mrmonitor exe c PROGRA mcafee msc mcshell exe C PROGRA McAfee VIRUSS mcsysmon exe C PROGRA McAfee VIRUSS mcods exe c PROGRA mcafee VIRUSS mcvsshld exe C PROGRA McAfee MSC McLgView exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd O - Hosts localhost O - Hosts osguardpro microsoft com O - Hosts os-guardpro com O - Hosts www os-guardpro com O - BHO Adobe PDF Reader Link Helper - BE - B- -A D - ED F ED - C WINDOWS system AcroIEHelpe dll O - BHO no name - CF AA- E E- D - E F- A E - C WINDOWS system xxyARkKd dll file missing O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - BHO BHO - F F E A-F D- a -BDC -A F F BCF - C WINDOWS system iehelper dll file missing O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run CTHelper CTHELPER EXE O - HKLM Run CTxfiHlp CTXFIHLP EXE O - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager Iaanotif exe O -... Read more

Relevancy 40.42%

Hi, McAfee says I have a Generic Artemis virus and can't get it all out. computer is slow but otherwise seems ok. Can any one help. I have a log from hijackthis.
Thanks,
Jackie

A:Generic Artemis

I am moving this topic which does not contain any logs from the HiJack This forum to the Am I Infected forum.

Orange Blossom

http://www.bleepingcomputer.com/forums/t/197386/generic-artemis/
Relevancy 40.42%

McAfee indicates my PC is possibly infected with a virus named quot Artemis F FE quot What is Artemis! infection? I have no idea if this is real or not Can you help Below the Hijackthis files of my pc Thanks Gerardfile H DOCUME E ADMINI E LOCALS E Temp moz-screenshot pngDeckard s System Scanner v Run by Administrator on - - Computer is in Normal Mode --------------------------------------------------------------------------------System Drive H has GiB less than free -- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode NormalRunning processes H WINDOWS system smss exeH WINDOWS system winlogon exeH WINDOWS system services exeH WINDOWS system lsass exeH WINDOWS system svchost exeH WINDOWS system svchost exeH WINDOWS system svchost exeH Program Files Lavasoft Ad-Aware aawservice exeH WINDOWS system spoolsv exeH Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exeH Program Files FRITZ DSL IGDCTRL EXEH Program Files Bonjour mDNSResponder exeH Program Files Nero Nero InCD InCDsrv exeH Program Files Java jre bin jqs exeH Program Files McAfee MSC mcmscsvc exeH Program Files Common Files McAfee MNA McNASvc exeH Program Files Common Files McAfee McProxy McProxy exeH Program Files McAfee VirusScan Mcshield exeH Program Files McAfee MPF MpfSrv What is Artemis! infection? exeH WINDOWS system svchost exeH Program Files Norton Ghost Agent VProSvc exeH WINDOWS system nvsvc exeH WINDOWS system svchost exeH WINDOWS system svchost exeH Program Files McAfee com Agent mcagent exeH WINDOWS explorer exeH WINDOWS system svchost exeH Program Files Analog Devices Core smax pnp exeH Program Files Analog Devices SoundMAX SMax exeH WINDOWS system rundll exeH Program Files Common Files Java Java Update jusched exeH Program Files AirPort APAgent exeH Program Files iTunes iTunesHelper exeH WINDOWS system rundll exeH Program Files SlySoft AnyDVD AnyDVDtray exeH Program Files DNA btdna exeH WINDOWS system ctfmon exeH Program Files Logitech SetPoint SetPoint exeH Program Files Microsoft Office Office OSA EXEH Program Files Common Files Logitech KHAL KHALMNPR EXEH Program Files iPod bin iPodService exeH Program Files McAfee VirusScan mcsysmon exeH Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeH Program Files Common Files Adobe Updater AdobeUpdater exeH Program Files McAfee VirusScan mcvsshld exeH Program Files Mozilla Firefox firefox exeH Program Files Messenger msmsgs exeH Program Files Outlook Express msimn exeH Documents and Settings Administrator Bureaublad dss exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http www google com ieR - HKCU Software Microsoft Internet Explorer Main Start Page http www msn nl R - HKCU Software Microsoft Internet Explorer SearchURL Default http www google com keyword sR - HKCU Software Microsoft Internet Explorer Main Startpagina http www microsoft com msoffice R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName KoppelingenR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Search URL http www microsoft com isapi redir dll prd ie amp ar iesearchR - HKLM Software Microsoft Internet Explorer Search SearchAssistant http www google com ieO - BHO Adobe PDF Reader Help bij koppelingen - E F-C D - D -B D- B D BE B - H Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Skype add-o... Read more

A:What is Artemis! infection?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREAndPlease download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OKIMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.ThenPlease download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/356310/what-is-artemis-infection/
Relevancy 40.42%

As per Bleeping instructions please find Artemis! 13E9FC993847 attached files ARK and DDS Attach and DDS log pasted just below One of my computers runs all Artemis! 13E9FC993847 night displays a quot file deleted quot message from McAfee every morning The specific name of the files deleted generally it is always two files changes each day but they both have vbt extensions They are always in the C Windows TEMP folder McAfee each day shows what I think it believes to be the virus name Artemis E FC I cannot find information on this variant Further I also run STOPzilla this too produces a flag each morning saying that it has deleted and blocked he following infections Explorer Policies NoControlPanel Explorer Policies NoFolderoptions System Policies DisableRegistryTools System Policies DisableTaskMgr I have run all the recommended standard maleware programs like MalwareBytes and SUPERAntiSpyware Problem does not go away Thanks w Begin DDS log DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Artemis! 13E9FC993847 Run by Walt Weissman at on - - Microsoft Windows Professional GMT - AV McAfee Security-as-a-Service Enabled Updated - - EA -ABB - B EB SP Windows Defender Artemis! 13E9FC993847 Disabled Outdated D DDC A- F- fae- E -DA C ACF SP STOPzilla Anti-Spyware Enabled Updated B E - DC- CA- A -AAB SP IObit Malware Fighter Disabled Updated A AC - B - - A- C BB D SP McAfee Security-as-a-Service Enabled Updated D B - E- - - C A Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system DTS exe C Windows system ibmpmsvc exe C Windows system AtService exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted c Program Files Common Files iS Anti-Spyware SZServer exe C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system svchost exe -k LocalServiceNoNetwork C Windows system WLANExt exe C Windows system conhost exe C Windows System spoolsv exe C Program Files IObit IObit Malware Fighter IMFsrv exe C Program Files LENOVO HOTKEY TPHKLOAD exe C Program Files LENOVO HOTKEY TPHKSVC exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files Lenovo Access Connections AcPrfMgrSvc exe C Program Files Bonjour mDNSResponder exe C Program Files EaseUS Todo Backup bin Agent exe C Program Files Intel WiFi bin EvtEng exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Program Files EaseUS Todo Backup bin GuardAgent exe C Program Files LENOVO VIRTSCRL lvvsst exe C Windows system mfevtps exe C Program Files McAfee Managed VirusScan Agent myAgtSvc exe C Program Files HTC Internet Pass-Through PassThruSvr exe c QUALCOMM QDLService QDLService exe C Program Files Common Files Intel WirelessCommon RegSrvc exe C Program Files Retrospect Retrospect Client RemotSvc exe C Program Files Retrospect Retrospect Client retroclient exe C Program Files McAfee Managed VirusScan Agent myAgtSvc exe C Windows system svchost exe -k imgsvc C Program Files McAfee Managed VirusScan Agent swAgent exe C Program Files Common Files McAfee SystemCore mcshield exe C Program Files Lenovo Access Connections AcSvc exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Program Files Common Files McAfee SystemCore mfeann exe C Windows system conhost exe C Windows System vds exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system taskhost exe C PROGRA LENOVO VIRTSCRL virtscrl exe C Windows system Dwm exe C Windows Explorer EXE C Program Files LENOVO HOTKEY tposdsvc exe c Program Files STOPzilla STOPzilla exe C Program Files Lenovo HOTKEY TPONSCR exe C Program Files Lenovo Zoom TpScrex exe C Windows System TpShocks exe C Windows System rundll exe C Windows System hkc... Read more

A:Artemis! 13E9FC993847

Hello waldobleeping ,My name is ratman and and I will be helping you with your computer problems.Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.====================================================================================Attach & GMER files do not appear to be attached. Can you resend please?

http://www.bleepingcomputer.com/forums/t/444855/artemis-13e9fc993847/
Relevancy 40.42%

I known this since I started to take interest in the AV world. SONAR or Symantec Online Network for Advanced Response was acquired by Symantec in 2005 with the purchase of WholeSecurity. McAfee Artemis Technology on the other hand was developed by McAfee to add to their security line. My question is if these two technologies have similarities. I'm just curious...

A:SONAR and Artemis

  
Quote: Originally Posted by alwinwinjoe


My question is if these two technologies have similarities.


yup......unknown...unclassified threats are supposedly caught by using collective intelligence aka quorum(norton) or community threat intelligence(mcafee) faster without relying on signatures.Sonar 2 of norton is a kind of behaviour blocker....a bit too aggressive at times and mcafee+artemis catches more than macfee alone but honestly macfee is a resource hog

better reads here....
sonar :
SONAR 2 - Norton Community
McAfee Artemis:
McAfee

http://www.sevenforums.com/system-security/70915-sonar-artemis.html
Relevancy 40.42%

I'm getting spam windows opening while surfing McAfee quarantines about trojans each Vundo.gen.ab Artemis! and scan but will do nothing with these two in the topic title Thank you soooo much for your valuable time DDS Ver - - - NTFSx Run by Owner at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Artemis! and Vundo.gen.ab Program Files CyberLink PowerDVD PDVDServ exeC WINDOWS RTHDCPL EXEC Program Files QuickTime QTTask exeC Program Files McAfee com Agent mcagent exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Sony Corporation Picture Package Picture Package Menu SonyTray exeC Program Files Sony Corporation Picture Package Picture Package Applications Residence exesvchost Artemis! and Vundo.gen.ab exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exeC PROGRA McAfee MSC mcmscsvc exeC Program Files HP Digital Imaging bin hpqSTE exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC Program Files Netscape Internet Service ncupdatesvc exeC WINDOWS System svchost exe -k HPZ C WINDOWS System svchost exe -k HPZ C Program Files Common Files New Boundary PrismXL PRISMXL SYSC WINDOWS system svchost exe -k imgsvcC PROGRA McAfee VIRUSS mcsysmon exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Owner Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com webhp sourceid navclient amp ie UTF- uSearch Page hxxp www google comuWindow Title Windows Internet Explorer provided by Yahoo uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Settings ProxyOverride localuSearchAssistant hxxp www google com ieuSearchURL Default hxxp www google com search q smSearchAssistant hxxp www google com ieuURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO McAfee Phishing Filter b a- - a -b -be afe ab - c progra mcafee msk mskapbho dllBHO PBlockHelper Class b- ff- dd - -f bede eb - c progra netsca netsca pbhelper dllBHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dllBHO CBrowserHelperObject Object ca c - b - e-a -a c db f - c windows system BAE dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB D A-C B- -B B-B B E D C - No FileEB Real com fe fa -d c- d - fa- c f afe - c windows system Shdocvw dlluRun MsnMsgr quot c program files msn messenger MsnMsgr Exe quot backgrounduRun ctfmon exe c windows system ctfmon exeuRun Power GoExpress NAuRun updateMgr quot c program files adobe acrobat reader AdobeUpdateManager exe quot AcRdB -reboot uRun Desktop Software quot c program files common files supportsoft bin bcont exe quot ini quot c program files comcastui desktop software uinstaller ini quot fromrun starthiddenmRun RemoteControl quot c program files cyberlink powerdvd PDVDServ exe quot mRun lt NO NAME gt mRun Gateway Extended Warranty quot c program files gateway gwcares GWCares exe quot mRun RTHDCPL RTHDCPL EXEmRun Alcm... Read more

A:Artemis! and Vundo.gen.ab

hi 71MUTT,

Your log is pretty old. If you still need help, reply to my post and we will begin.

http://www.bleepingcomputer.com/forums/t/268274/artemis-and-vundogenab/
Relevancy 40.42%

If anyone can help I trojan please with help artemis would greatly appreciate it My computer began acting strange a few days ago Not wanting to let us online running horribly slow and kicking us offline McAfee s scan please help with artemis trojan says that we have an artemis trojan and it is quarantined I don t know where to start Tech Support Guy System Info Utility version OS please help with artemis trojan Version Microsoft Windows Vista Home Premium Service Pack bit Processor Pentium R Dual-Core CPU T GHz Intel Family Model Stepping Processor Count RAM Mb Graphics Card Mobile Intel R Series Express Chipset Family Mb Hard Drives C Total - MB Free - MB E Total - MB Free - MB Motherboard Dell Inc G F B CH CN K CI Antivirus McAfee VirusScan Not Updated Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes c PROGRA mcafee com agent mcagent exe C Program Files x Intel Intel Matrix Storage Manager IAAnotif exe C Program Files x Dell DataSafe Online DataSafeOnline exe C Program Files x Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files x Dell Video Chat DellVideoChat exe C Users jason AppData Local Google Update GoogleUpdate exe C Program Files x Dell Remote Access ezi ra exe C Program Files x McAfee Security Scan SSScheduler exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Microsoft Office Office ONENOTEM EXE C Program Files CyberLink PowerDVD DX PDVDDXSrv exe C Program Files x Dell Support Center bin sprtcmd exe C Program Files x Common Files Adobe ARM AdobeARM exe C Program Files x LeapFrog LeapFrog Connect Monitor exe C Program Files x Mozilla Firefox firefox exe C Program Files x Mozilla Firefox plugin-container exe C Users jason AppData Local Google Google Talk Plugin googletalkplugin exe C Users jason Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g msn com USCON R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http asearch babylon com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http g msn com USCON R - HKLM Software Microsoft Internet Explorer Main Start Page R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - BCA FA- DBB- a -B - C F B - no file R - URLSearchHook no name - bd aab-ad - f -b bd- f c a - no file R - URLSearchHook Elf Toolbar - a a-aaf - -a d -c bee c - C Program Files x Elf tbElf dll F - REG system ini UserInit userinit exe O - Hosts localhost O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files x Yahoo Companion Installs cpn yt dll O - BHO MediaBar - BA E- EC- DE-B A -E D - C PROGRA BEARSH MediaBar ToolBar BearshareMediabarDx dll file missing O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO McAfee Phishing Filter - B A- - A -B -BE AFE AB - c PROGRA mcafee msk mskapbho dll O - BHO MediaBar - -e f - ed - c- e af a a - C PROGRA IMESHA MediaBar ToolBar imeshdtxmltbpi dll O - BHO Conduit Engine - F B -B - - B- FBA BD D - C Program Files x ConduitEngine ConduitEngine dll O - BHO Elf Toolbar - a a-aaf - -a d -c bee c - C Program Files x Elf tbElf dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO scriptproxy - DB D A - - E -B D- F C - c PROGRA mcafee VIRUSS scriptsn dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper -... Read more

https://forums.techguy.org/threads/please-help-with-artemis-trojan.985778/
Relevancy 39.99%

Its Trojan that Generic!Artemis I problem a have has attached I have a Generic!Artemis problem itself to one of my game files and every time excute the program it pops up and gives me a false positive I just registered today i ran the scan i got the reports i need so where do i go from here Thanks for your help in advance Syn Heres my DDS txt DDS Ver - - - NTFSx Run by Dean at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows I have a Generic!Artemis problem System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Program Files Lavasoft Ad-Aware aawservice exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system svchost exe -k hpdevmgmt C Program Files Intel Intel Matrix Storage Manager IAANTMon exe C Program Files Common Files LightScribe LSSrvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Windows System svchost exe -k HPZ C Nexon MapleStory npkcmsvc exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files HP QuickPlay Kernel TV QPCapSvc exe C Windows system taskeng exe C Program Files CyberLink Shared Files RichVideo exe C Program Files Sling Media SlingAgent SlingAgentService exe C Windows system svchost exe -k imgsvc C Program Files Viewpoint Common ViewpointService exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files HP QuickPlay Kernel TV QPSched exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA mcafee com agent mcagent exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Windows System rundll exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Motorola SMSERIAL sm hlpr exe C Windows RtHDVCpl exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files HP QuickPlay QPService exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files Hewlett-Packard HP QuickTouch HPKBDAPP exe C Windows System rundll exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exe C Program Files Java jre bin jusched exe C Program Files HP HP Software Update hpwuSchd exe C Windows ehome ehtray exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files HP Digital Imaging bin hpqtra exe C Windows system wbem wmiprvse exe C Program Files ArcSoft TotalMedia Backup amp Record uBBMonitor exe C Windows ehome ehmsas exe C Program Files Hewlett-Packard Shared HpqToaster exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Synaptics SynTP SynTPHelper exe C PROGRA McAfee VIRUSS mcsysmon exe c Program Files Hewlett-Packard HP Health Check hphc service exe c PROGRA COMMON mcafee mna mcnasvc exe C Program Files Mozilla Firefox firefox exe C Windows System svchost exe -k HPZ C Windows system svchost exe -k SDRSVC C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Users Dean Downloads dds com C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp wapp verizon net bookmarks bmredir asp region all amp bw dsl amp cd unattached amp bm ho central uDefault Page URL hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale en us amp c amp bd Pavilion amp pf laptop mStart Page hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale en us amp c amp bd Pavilion amp pf laptop mDefault Page URL hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale en us amp ... Read more

A:I have a Generic!Artemis problem

Mcaffe caught it by the way

http://www.techsupportforum.com/forums/f50/i-have-a-generic-artemis-problem-335288.html
Relevancy 39.99%

Hi I am Jespinosa101,
I have had a virus before or pc issues before and now I have this thing called artemis!EB40DC01EF0D that mcafee detected as a Trojan it currently put it into a quaritine place. Also my pc has been running slow lately and I don't know if this is from before or not. Also my Firefox takes a while to open like 2-5 minutes to open. Finally searching stuff up is slow and my internet connection is pretty good. Finally opening applications and like right clicking takes a while to pop up or show up.Thanks in advance.
Thanks,
Jespinosa101

A:artemis!EB40DC01EF0D Trojan!

Welcome, let's look at the results of these.Artemis is a generic name given by McAfee Labs to detections of unknowns by the antivirus component of your software. The number that follows identifies it to the labs as to whatever group it belongs to and only they know what it is. It can be an infection, a PUP or even a false alarm, in fact it could be anything that isn't yet known. Within a few days they analyze any samples submitted and come to a decision as to exactly what it is.So lets see what we find.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.After reviewing the log, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).. Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.....Last run ESET.Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double ... Read more

http://www.bleepingcomputer.com/forums/t/555434/artemiseb40dc01ef0d-trojan/
Relevancy 39.99%

Help requested My dell inspirion has run smoothly for the last years - - mcafee flagged generic dx fvx trojan and said it repaired it Next - XP generic log win vundo, artemis, HJT RUNDLL errors started popping up quot error loading C DOCUME MATTRE LOCALS Temp E tmp continued win XP vundo, artemis, generic HJT log mcafee flags win XP vundo, artemis, generic HJT log for generic and then on - - a new one Atemis AD C B EA three more flags for generic then Vundo dj trojan was flagged all these were reported to be quarantined and repaired by mcafee During this time i ran three full scans with Mcafee which took about hours each There were files detected and quarantined the first time file detected file quarantined the second time these were generic and vundo files meanwhile i started getting pop ups in miscrosoft IE I NEVER use IE i am a firefox user the weebpages that popped up were all for virus software here are some of the links that have come up while i have been typing this http media tmlatn com images defaults approved html http media tmlatn com images defaults approved html http www pcsecurityshield com lp shield-deluxe- aspx trk WTK amp affid http www nexplore com search html pid aon-pop amp query computer amp source At first - the RUNDLL error would immediately pop up when i logged in to my XP account When i logged in to my wifes there were no errors and no pop ups - for about hours Then my wifes account started getting errors the mcaffee scans had not solved the problem and i started getting militant about tracking this vile evil digital beast down I am also now getting another RUNDLL error it is quot RUNDLL Error loading C WINDOWS system c D B dat Both RUNDLL errors are currently open on my screen I found highjack this and combofix I ran hijack this about minutes ago Here is the HJT log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS system CTsvcCDA EXE C Program Files Java jre bin jqs exe C Program Files McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files McAfee MPF MPFSrv exe C WINDOWS Explorer EXE c PROGRA mcafee com agent mcagent exe C Program Files Canon Multipass F MPSERVIC EXE C Program Files McAfee MSK MskSrver exe C WINDOWS system svchost exe C WINDOWS system MsPMSPSv exe C WINDOWS system hkcmd exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Dell AccessDirect dadapp exe C Program Files Dell QuickSet quickset exe C Program Files Dell Media Experience DMXLauncher exe C WINDOWS system dla tfswctrl exe C Program Files Real RealPlayer RealPlay exe C WINDOWS system RunDll exe C Program Files Java jre bin jusched exe C Program Files Canon Multipass F MPTBox exe C Program Files Dell Support DSAgnt exe C Program Files Toshiba MediaSource Detector CTDetect exe C Program Files Toshiba MediaSource RemoteControl RcMan exe C WINDOWS system ctfmon exe C Program Files Digital Line Detect DLG exe C Program Files Linksys WUSB N WUSB N exe C WINDOWS system rundll exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files Java jre bin jucheck exe C Program Files Canon Multipass F MPDBMgr exe C Program Files Mozilla Firefox firefox exe C WINDOWS system rundll exe c PROGRA mcafee VIRUSS mcvsshld exe C Documents and Settings Matt Reynolds Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet E... Read more

https://forums.techguy.org/threads/win-xp-vundo-artemis-generic-hjt-log.869677/
Relevancy 39.99%

Hi i scan religiously but I am getting repeated attacks by these three pests so i suspect something is lodged in my system. Thanks for your help in advance!

A:Hupigon, TDSS, Artemis

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/214583/hupigon-tdss-artemis/
Relevancy 39.99%

Hi useing Windows vista IE I ve done a scan using McAfee and it found Generic Artemis trojan and it says it cannot be deleted I ve noticed my keyboard is typeing erratic and missing random letters out Artemis removeing Help Generic I ve d l Hijack this and the log is below Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Program Files DellTPad Apoint exe C Program Files IDT WDM sttray exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Windows System WLTRAY EXE C Program Files Dell QuickSet quickset exe C Program Help removeing Generic Artemis Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files McAfee com Agent mcagent exe C Program Files Dell DataSafe Online DataSafeOnline exe C Program Files CyberLink PowerDVD DX PDVDDXSrv exe C Program Files Dell Support Center bin sprtcmd exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Windows Sidebar sidebar exe C Program Files The Weather Channel FW Desktop DesktopWeather exe C Program Files Windows Live Messenger msnmsgr exe C Windows system igfxsrvc exe C Users Brenda AppData Local kewis exe C Program Files Skype Phone Skype exe C Program Files Windows Media Player wmpnscfg Help removeing Generic Artemis exe C Program Files DellTPad ApMsgFwd exe C Program Files DellTPad Apntex exe C Program Files DellTPad HidFind exe C Program Files Windows Live Contacts wlcomm exe c PROGRA mcafee VIRUSS mcvsshld exe C Windows System wsqmcons exe C Program Files Internet Explorer IEUser exe C Program Files Microsoft Office Office WINWORD EXE C Program Files Microsoft Office Live OfficeLiveSignIn exe C Windows system dfrgui exe C Program Files Internet Explorer iexplore exe C Program Files Windows Live Toolbar wltuser exe C PROGRA FREEDO FDM exe C Program Files Trend Micro HijackThis HijackThis exe C Windows system SearchFilterHost exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g uk msn com USCON R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Local Page blank htm R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer provided by Dell R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook BigMAQ Toolbar - f b a- b- fa- -b aa ec - C Program Files BigMAQ tbBig dll O - Hosts localhost O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - c Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO CooperativeAdvertiser - BD F- DB -F A- AEF- A DE CAF - C Program Files CooperativeAdvertiser CooperativeAdvertiser dll O - BHO AskBar BHO - f d - - d - c -aa e ed - C Program Files AskBarDis bar bin askBar dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO McAfee Phishing Filter - B A- - A -B -BE AFE AB - c PROGRA mcafee msk mskapbho dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SearchHelper dll O - BHO Java tm Plug... Read more

A:Help removeing Generic Artemis

Hi All,
I managed to get rid of this trojan useing Malwarebytes so problem now solved.
 

https://forums.techguy.org/threads/help-removeing-generic-artemis.816983/
Relevancy 39.99%

McAfee has detected and fixed an Artemis trojan on my computer only to have it reappear a day or so later This has happened multiple times It actually seems that it is tied reappearing trojan keeps Artemis to a file Artemis trojan keeps reappearing on my backup drive As requested here s a copy of my DDS text log DDS Ver - - - NTFSx Internet Explorer Run by Dad at on - - Microsoft Windows XP Professional GMT - AV McAfee Anti-Virus and Anti-Spyware Enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Firewall Enabled Artemis trojan keeps reappearing Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files Common Files ArcSoft Connection Service Bin ACService exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour Artemis trojan keeps reappearing mDNSResponder exe C Program Files Seagate SeagateManager Sync FreeAgentService exe C WINDOWS system svchost exe -k hpdevmgmt C WINDOWS system svchost exe -k HPService C Program Files Common Files Mcafee McSvcHost McSvHost exe C WINDOWS system mfevtps exe C Program Files McAfee Online Backup MOBKbackup exe C WINDOWS System svchost exe -k HPZ C WINDOWS system nvsvc exe C WINDOWS System svchost exe -k HPZ C WINDOWS system svchost exe -k imgsvc C WINDOWS system SearchIndexer exe C Program Files AirPrint airprint exe C Program Files Common Files McAfee SystemCore mcshield exe C Program Files Common Files McAfee SystemCore mfefire exe C WINDOWS Explorer EXE C WINDOWS system rundll exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files Seagate SeagateManager FreeAgent Status StxMenuMgr exe C Program Files McAfee com Agent mcagent exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Messenger msmsgs exe C Program Files Google Google Calendar Sync GoogleCalendarSync exe C Documents and Settings Dad Start Menu Programs Startup hpqtra exe C Program Files iPod bin iPodService exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files HP Digital Imaging bin hpqbam exe C Program Files HP Digital Imaging bin hpqgpc exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files HP Digital Imaging Smart Web Printing hpswp clipbook exe C Program Files Internet Explorer iexplore exe c PROGRA mcafee SITEAD saui exe C WINDOWS system SearchProtocolHost exe Pseudo HJT Report uStart Page hxxp www philly com uInternet Settings ProxyOverride local uSearchURL Default hxxp search yahoo com search fr mcafee amp p s uURLSearchHooks McAfee SiteAdvisor Toolbar ebbbe -bad - b c- e a- abecae - c progra mcafee sitead mcieplg dll mURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dll BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO HP Print Enhancer c e- - -bf - c - c program files hp digital imaging smart web printing hpswp printenhancer dll BHO ContributeBHO Class c dc - - a a- d-c c - c program files adobe Adobe Contribute CS contributeieplugin dll BHO IEPlugin Class - b- e -bd -efb b - c progra arcsoft videod ARCURL DLL BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO scriptproxy db d a - - e -b d- f c - c program files common files mcafee systemcore ScriptSn dll BHO Adobe PDF Conversion Toolbar Helper ae cd -e - f- - ee - c program files common files adobe acrobat activex AcroIEFavClient dll BHO Skype Browser Helper ae - e c- ed - f b-f f a - c program files skype toolbars internet explorer skypeieplugin dll BHO McAfee SiteAdvisor BHO b e -a b - a -b - cd e a ff - c progra mcafee sitead mcieplg dll BHO SmartSelect Class f ee -daa - - ... Read more

A:Artemis trojan keeps reappearing

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/459686/artemis-trojan-keeps-reappearing/
Relevancy 39.99%

I tried to download ComboFix from a forum thread that pointed to http://download.bleepingcomputer.com/sUBs/ComboFix.exe. My McAfee throw a flag on an Artemis trojan detected. Is this normal?

A:Artemis trojan in ComboFix?

Please note the message text in blue at the top of the Am I infected? What do I do? forum. No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. That's the decision by the creator and we will abide by that decision.With that said, Combofix is not malware. However, certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes, malware strings it contains and the type of security engine that was used during the scan.Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".

http://www.bleepingcomputer.com/forums/t/305381/artemis-trojan-in-combofix/
Relevancy 39.99%

This is a repost of original issue but with the dds txt and attach txt trojan Artemis! removal files attached Computer is older Gateway desktop Operating system is MSWindowsXP Home edition SP with Pentium CPU GHz GB RamI use McAfee Security Center and it updates regularly It did not detect the download Artemis! trojan removal of the Artemis trojan It did detect some of he havoc Artemis! trojan removal that resulted but would not detect the source of the problem I could not use that machine to google anything about removing the trojans as every Google link was redirected I had to use my laptop to download information about the virus I also used it to download Anti Spyware applictions but none of them found the source I tried SuperAntiSpyware Malwarebytes SpyBot vcleaner exe ATF cleaner HijackThis Microsofts Windows-kb -v RUBotted CCleaner AVGfree software System Mechanic and Micorsoft Security Essentials None of them got the root source of the virus I unistalled McAffee since it could not find any problems in hopes of replacing it with AVG However AVG would not install - it could not make a necessary change in the registry I found a web site that suggested ComboFix When I downloaded it opening it said it had the Artemis virus The instructions said to disable McAffee because that was a false positive Yeah sure So I tried everything else again Nothing worked and each one took over an hour for a full scan I found this forum and found mention of ComboFix again I copied all my documents and critical data to memory stick I downloaded ComboFix unistalled McAfee It said to install Microsoft Recovery Console from bootdisk I did not have a boot disk so made one from MS Download website copied it to the desktop and dropped the icon onto the Combofix icon as instructed It quot rooted out quot the problem so to speak It saved a bunch of viruses in a folder called Qoobox I reinstalled McAfee and ran it along with Malwarebytes Spybot McAfee found Artemis CAEA CEE A two copies Quarentined Artemis DD ACDEA A repaired FakeAlert-CK two copies repaired Tool-NIRCmd Cannot be repaired Microsoft Securing Essentials found two viruses in a Quarantied file which it said it removed SpyBot only found tracking cookies Then I looked to see if I should post to this forum It instructed me to first run DDS scr and RootRepeal exe before posting I downloaded DDS scr it loaded and ran I saved the files to desktop I moved on to download and run RootRepeal Downloaded fine but would not run It just hangs up and takes over all the CPU activity I tried four times rebooting between each time to get it to run I had to use TaskManager to End Process to get it to stop hanging not responding Now what do I do with all items in the Qoobox files the quarantined files and Registry dat files Can I use file shredder from SpyBot to shred them Do I disable System restore before I do shred then re-enable system restore Should I get rid of Registry back ups that were created by other applications during this process Should I post the dds txt and attach files the ComboFix-quarantined-files txt

A:Artemis! trojan removal

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/290428/artemis-trojan-removal/
Relevancy 39.99%

Hello all,
as you can see I've been having some issues lately. I'm running Mcafee, it said it blocked Koobface and Artemis before they could do any damage. No problems to my knowledge with koobface. After initially saying Artemis was deleted it cam up again when i scanned. Deleted, scanned again came up in different location of same drive and folder. Quarantined then removed again. Since then no sings of reinfection. Also used CCLeaner to wipe everything and ran Malwarebytes, and Iobit360, plus SpybotS&D. Everything appears to be good. After reading on the internet though i was concerned my Lass or SamSS files might have been infected. This of course is just speculation, but i want to make sure I do everything I can to Ensure the Virus's are gone. Here is the log file from HijackThis
Thanks in advance!

A:Hit with Koobface & Artemis! In the same week!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/277504/hit-with-koobface-artemis-in-the-same-week/
Relevancy 39.99%

I have comcast and their version of mcafee It ran an automatic scan and detected items One of which is the Generic Artemis please it help Generic!Artemis remove me I Generic!Artemis please help me remove it could not find what the other were so I suppose they are registry keys from the Generic Artemis as mcafee was unable to completely remove the virus Please help me with this issue Below is the HJT log that was run after the failed attempt to remove by mcafee Thank you Logfile of Trend Micro HijackThis v Scan saved at PM on Generic!Artemis please help me remove it Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C WINDOWS system spoolsv exe C WINDOWS system CTsvcCDA EXE C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files Alcohol Soft Alcohol StarWind StarWindService exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE c PROGRA Generic!Artemis please help me remove it mcafee com agent mcagent exe C Program Files Creative SBAudigy Surround Mixer CTSysVol exe C WINDOWS system Rundll exe C Program Files Intel Audio Studio IntelAudioStudio exe C Program Files Creative MediaSource Detector CTDetect exe C WINDOWS system ctfmon exe C Program Files ATI Technologies ATI ACE Core-Static MOM EXE C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Microsoft ActiveSync wcescomm exe C Program Files Adobe Acrobat Distillr acrotray exe C PROGRA MICROS rapimgr exe C Program Files Common Files Skyscape SmartUpdate exe C PROGRA Mozilla Firefox firefox exe C Program Files ATI Technologies ATI ACE Core-Static ccc exe C PROGRA McAfee VIRUSS mcsysmon exe C PROGRA McAfee VIRUSS mcods exe c PROGRA mcafee VIRUSS mcvsshld exe C Program Files Skyscape Desktop smARTalerts smARTalerts exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run CTSysVol C Program Files Creative SBAudigy Surround Mixer CTSysVol exe r O - HKLM Run P Helper Rundll P dll P Helper O - HKLM Run SigmatelSysTrayApp sttray exe O - HKLM Run IntelAudioStudio quot C Program Files Intel Audio Studio IntelAudioStudio exe quot TRAY O - HKLM Run mcagent exe C Program Files McAfee com Agent mcagent exe runkey O - HKCU Run Creative Detector C Program Files Creative MediaSource Detector CTDetect exe R O - HKCU Run StartCCC C Program Files ATI Technologies ATI ACE Core-Static CLIStart exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run SUPERAntiSpyware C Program Files SUPERAntiSpyware SUPERAntiSpyware exe O - HKCU Run H PC Connection Agent quot C Program Files Microsoft ActiveSync wcescomm exe quot O - HKUS S- - - RunOnce RunNarrator Narrator exe User SYSTEM O - HKUS DEFAULT RunOnce RunNarrator N... Read more

A:Generic!Artemis please help me remove it

Its been over a week with no reply, so I am bumping in hopes of help. Thank you.
 

https://forums.techguy.org/threads/generic-artemis-please-help-me-remove-it.793820/
Relevancy 39.99%

hey i noticed all of the sudden i was getting popups from just being online. i tried to run malwarebytes to get rid of whatever it would be.. but when i clicked to open it it says the file could not be found. so i uninstalled it and reinstalled it and got the same problem. i ran mcafee, and it found 3 artemis trojans. 1 was quarentined and it said restart and scan again. the second time it only found 1 of the artemis trojans.

please help!

putting log in next post
 

Relevancy 39.99%

Has anyone heard of this. I reinstalled my OS and then McAfee. I needed help from Dell and they did a remote access called "gotoassist" and according to McAfee it gave me a Trojan Called Artemis!207F7046C37F Trojan. Now what do I do.

A:Artemis!207F7046C37F Trojan

It might be a false positive. What file did McAfee flag?

http://www.bleepingcomputer.com/forums/t/247378/artemis207f7046c37f-trojan/
Relevancy 39.99%

my mcafee keeps on telling me that a trojan Artemis!520EF59508C2 was found and deleted. This is a brand new computer about 1 week old can u please help and tell me what do that mean Artemis!520EF59508C2?
am i really infected or its just a false threat?

i did noticed that my interent connection is slow
thank you

A:mcafee keeps on saying Artemis!520EF59508C2

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Please download and run Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.Malwarebytes Anti-MalwareNOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.SUPERAntiSpyware:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you enco... Read more

http://www.bleepingcomputer.com/forums/t/443340/mcafee-keeps-on-saying-artemis520ef59508c2/
Relevancy 39.99%

My Mcafee says it can t be removed Google points me here with a HJT log Random windows popup while Artemis issues Generic online not normal popups that can be blocked Thinkpad w XP sp Thanks for any help Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe Generic Artemis issues C WINDOWS system ibmpmsvc exe Generic Artemis issues C Generic Artemis issues WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files ThinkPad ConnectUtilities AcPrfMgrSvc exe C Program Files Intel Wireless Bin EvtEng exe C Program Files FolderSize FolderSizeSvc exe C Program Files Common Files InterVideo RegMgr iviRegMgr exe C WINDOWS system HPZipm exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Analog Devices SoundMAX SMAgent exe C WINDOWS system svchost exe C Program Files Common Files Lenovo tvt reg monitor svc exe C WINDOWS System TPHDEXLG exe C WINDOWS system TpKmpSVC exe C Program Files ThinkPad ConnectUtilities AcSvc exe C Program Files ThinkPad ConnectUtilities SvcGuiHlpr exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system TpShocks exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C Program Files ThinkPad ConnectUtilities ACTray exe C PROGRA ThinkPad PkgMgr HOTKEY TPHKMGR exe C Program Files Analog Devices SoundMAX SMax PNP exe C Program Files Analog Devices SoundMAX Smax exe C Program Files Windows Defender MSASCui exe C Program Files ThinkPad PkgMgr HOTKEY TPONSCR exe C Program Files ThinkPad PkgMgr HOTKEY TpScrex exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system prunnet exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files HP Digital Imaging bin hpqimzone exe C Program Files Intel Wireless Bin Dot XCfg exe C Program Files HP Digital Imaging bin hpqnrs exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA mcafee com agent mcagent exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcsysmon exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files Mozilla Firefox firefox exe C PROGRA IZArc IZArc exe C DOCUME Steve LOCALS Temp ARC HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www yahoo com F - REG system ini UserInit C WINDOWS system userinit exe C Program Files IT Works Ez Internet Timer EzInternetTimer exe O - BHO no name - f- - acf-a a- d ac f - C WINDOWS system puleziwu dll O - BHO no name - A C - BDB- A - A - EE D D F C - C WINDOWS system geBtUkjH dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar no name - A E- - CA- E - E AE AE - no file O - Toolbar McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dll O - HKLM Run TpShocks TpShocks exe O - HKL... Read more

https://forums.techguy.org/threads/generic-artemis-issues.778197/
Relevancy 39.99%

Hello A week ago McAfee detected quot Artemis B C (HJT Virus? Artemis! included) AC C quot and I instructed McAfee to Artemis! Virus? (HJT included) remove it In a recent McAfee scan it was once again detected at C system volume information restore CF - A - E A- - BD A RP A dll I instructed McAfee to remove it again Not sure if it s truly gone Edit I also ran Spybot and it found PUPS entries of WildTangent I did not Artemis! Virus? (HJT included) immunize for fear of making a mistake Below is my HJT log Thanks in advance for advice on Artemis and or any other problems you may see in my log Janelle Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C WINDOWS RTHDCPL EXE C Program Files Intel Intel Matrix Storage Manager Iaanotif exe C Program Files HP DigitalMedia Archive DMAScheduler exe C Program Files McAfee com Agent mcagent exe C Program Files Microsoft IntelliPoint ipoint exe C WINDOWS system rundll exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Common Files Real Update OB realsched exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Intel Intel Matrix Storage Manager Iaantmon exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C WINDOWS system nvsvc exe C Program Files OpenCase OpenCASE Media Agent MediaAgent exe C Program Files HP Digital Imaging bin hpqSTE exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C Program Files Intel IntelDH Intel R Quick Resume Technology Drivers Elservice exe C HP KBD KBD EXE C Program Files iPod bin iPodService exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C PROGRA McAfee VIRUSS mcsysmon exe c windows system hpsysdrv exe C Program Files DISC DISCover exe C Program Files DISC DiscUpdMgr exe C Program Files DISC DiscStreamHub exe C Program Files Mozilla Firefox firefox exe C WINDOWS system wuauclt exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c amp bd PAVILION amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c amp bd PAVILION amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c amp bd PAVILION amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Start Page https login yahoo com config mail intl us R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c amp bd PAVILION amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft... Read more

Relevancy 39.99%

Dear Tech Support People I have a problem with a trojan which mcafee detects but cannot remove It is now under quarantine after a mcafee-scan Mcafee says that it is a trojan with the name quot generic artemis quot And it Artemis Trojan Generic! shows the following name C WINDOWS SYSTEM DIGIWET DLL My Computer showd the mcafee-Security-Alert every few Minutes And it is very slow now I did the recommended scans I post the dds txt followingly and I attache the attach zip conataining Attach txt and ARK txt Thank you in advance for your help I appreciate it highly Thom DDS Ver - - - NTFSx Run by Thomas at on Internet Explorer Microsoft Windows XP Home Edition GMT AV McAfee VirusScan On-access scanning enabled Updated FW McAfee Personal Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Programme Java jre bin jusched exe C Programme Analog Devices SoundMAX SMax PNP exe C Programme CyberLink PowerDVD DVDLauncher exe C WINDOWS system dla tfswctrl exe C Programme iTunes iTunesHelper exe C Programme Adobe Photoshop Album Starter Edition Apps apdproxy exe C WINDOWS system igfxpers exe C Programme McAfee com Agent mcagent exe C Programme EPSON Creativity Suite Event Manager EEventManager exe C Programme Mindjet MindManager MMReminderService exe C WINDOWS System reader s exe C WINDOWS system ctfmon exe C Programme Skype Phone Trojan Generic! Artemis Skype exe C Programme Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Dokumente und Einstellungen Thomas reader s exe svchost exe C Programme Gemeinsame Dateien EPSON eEBAPI eEBSVC exe C Programme Cisco Systems vpnclient-win-is- Trojan Generic! Artemis -k cvpnd exe C Programme EpsonNet common bin ensrvmgr exe C Programme EpsonNet common bin emwchsrv exe C Programme McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c programme gemeinsame dateien mcafee mna mcnasvc exe Trojan Generic! Artemis c PROGRA GEMEIN mcafee mcproxy mcproxy exe C Programme McAfee VirusScan McShield exe C Programme Gemeinsame Dateien Microsoft Shared VS DEBUG MDM EXE C Programme McAfee MPF MPFSrv exe C WINDOWS system svchost exe -k netsvcs C Programme EpsonNet EpsonNet SOAP Server bin emsoaprr exe C Programme EpsonNet EpsonNet Web Pages Service bin ewpsrr exe C Programme EpsonNet common bin emalmmon exe C Programme EpsonNet EpsonNet Information Center bin emntfsrv exe C Programme EpsonNet EpsonNet HTTP Server bin apache exe C Programme iPod bin iPodService exe C Programme EpsonNet EpsonNet HTTP Server bin apache exe C WINDOWS System svchost exe C WINDOWS system svchost exe -k imgsvc C PROGRA McAfee VIRUSS mcsysmon exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe c PROGRA mcafee VIRUSS mcvsshld exe C PROGRA McAfee VIRUSS mcods exe C Dokumente und Einstellungen Thomas Desktop dds scr Pseudo HJT Report uStart Page hxxp www google ch uSearch Page hxxp www google com uSearch Bar hxxp www google com ie mDefault Search URL hxxp www google com ie mSearch Page hxxp www google com mStart Page hxxp www euro dell com mSearch Bar hxxp www google com ie uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c programme adobe acrobat activex AcroIEHelper dll BHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dll BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c programme java jre bin ssv dll BHO scriptproxy db d a - - e -b d- f c - c programme mcafee virusscan scriptsn dll BHO CmjBrowserHelperObject Object ac d f-b d- ad- e -b d c - c programme mindjet mindmanager Mm InternetExplorer dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c programme google googletoolbarnotifier swg dll BHO McAfee SiteAdvisor BHO b e -a b - a -b - cd e a ff - c progra mcafee s... Read more

A:Trojan Generic! Artemis

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

http://www.techsupportforum.com/forums/f100/trojan-generic-artemis-368221.html
Relevancy 39.99%

Artemis Trojan has restricted all access edit or change any files so im NOT able to install delete programs cant edit the Regedit cant print can run any any malware installers McAfee has detected and quarantined a few files but it has not help tried uninstalling McAfee to install AVAST or AVG but to no avail Any Ideas oh by the way i arrogantly took the liberty to run OTL nbsp ComboFixREPORT txt nbsp nbsp KB nbsp nbsp downloads nbsp Extras Txt nbsp nbsp KB nbsp nbsp downloads nbsp OTL Txt nbsp nbsp KB nbsp nbsp downloads nbsp removal Artemis! Trojan HELP Rkill txt nbsp nbsp KB nbsp nbsp downloads here is the report OTL logfile created on PM - Run OTL by OldTimer - Version Folder C Users tyler Desktop bit- Home Premium Edition Service Pack Version - Type NTWorkstation Internet Explorer Version Locale Country United States Language ENU Date Format M d yyyy Gb Total Physical Memory Gb Available Physical Memory Memory free Gb Paging File Gb Available in Paging File Paging File free Paging file location s pagefile sys binary data SystemDrive C SystemRoot C Windows ProgramFiles C Program Files x Drive C Gb Total Space Gb Free Space Space Free Partition Type NTFS Computer Name EMACHINE User Name tyler Logged in as Administrator Boot Mode Normal Scan Mode Artemis! Trojan removal HELP Current user Quick Scan Include bit Scans Company Name Whitelist On Skip Microsoft Files On No Company Name Whitelist On File Age Days Processes SafeList PRC - ---- M OldTimer Tools -- C Users Tyler Desktop OTL exe PRC - ---- M Adobe Systems Incorporated -- C Program Files x Common Files Adobe ARM armsvc exe PRC - ---- M NVIDIA Corporation -- C Program Files x NVIDIA Corporation NVIDIA Update Core daemonu exe PRC - ---- M McAfee Inc -- C Program Files x McAfee Security Scan SSScheduler exe PRC - ---- M Adobe Systems Inc -- C Program Files x Adobe Acrobat Acrobat acrotray exe PRC - ---- M AOL Inc -- C Program Files x Common Files AOL ee aolsoftware exe PRC - ---- M Sun Microsystems Inc -- C Program Files x Common Files Java Java Update jucheck exe PRC - ---- M Intuit Inc -- C Program Files x Common Files Intuit QuickBooks QBUpdate qbupdate exe PRC - ---- M Intuit -- C Program Files x Common Files Intuit QuickBooks QBCFMonitorService exe PRC - ---- M Acer Incorporated -- C Program Files x eMachines Registration GregHSRW exe PRC - ---- M Cisco Systems Inc -- C Program Files x Common Files Pure Networks Shared Platform nmsrvc exe PRC - ---- M Cisco Systems Inc -- C Program Files x Common Files Pure Networks Shared Platform nmctxth exe PRC - ---- M Acer -- C Program Files eMachines eMachines Updater UpdaterService exe PRC - ---- M iAnywhere Solutions Inc -- C Program Files x Intuit QuickBooks QBDBMgrN exe Modules No Company Name MOD - ---- M -- C Program Files x Common Files Apple Apple Application Support zlib dll MOD - ---- M -- C Program Files x Common Files Apple Apple Application Support libxml dll MOD - ---- M -- C Program Files x Common Files Pure Networks Shared Platform CAntiVirusCOM dll MOD - ---- M -- C Program Files x Common Files Pure Networks Shared Platform CFirewallCOM dll Services SafeList SRV bit - ---- M Microsoft Corporation On Demand Stopped -- C Program Files Windows Defender MpSvc dll -- WinDefend SRV bit - ---- M McAfee Inc Auto Running -- C Windows SysNative mfevtps exe -- mfevtp SRV bit - ---- M Auto Running -- C Program Files Common Files McAfee SystemCore mfefire exe -- mfefire SRV bit - ---- M Auto Running -- C Program Files Common Files McAfee SystemCore mcshield exe -- McShield SRV bit - ---- M McAfee Inc On Demand Stopped -- C Program Files McAfee VirusScan mcods exe -- McODS SRV bit - ---- M McAfee Inc Auto Running -- C Program Files Common Files McAfee McSvcHost McSvHost exe -- McProxy SRV bit - ---- M McAfee Inc Auto Running -- C Program Files Common Files McAfee McSvcHost McSvHost exe -- McNASvc SRV bit - ---- M McAfee Inc Auto Running -- C Program Files Common Files McAfee McSvcHost McSvHost exe -- McNaiAnn ... Read more

A:Artemis! Trojan removal HELP

Hello BxCapone I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.How to tell > 32 or 64 bitPlug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst64.exe or e:\frs... Read more

http://www.bleepingcomputer.com/forums/t/506962/artemis-trojan-removal-help/
Relevancy 39.99%

Now it isn t Redirect Artemis? up, pop search, I found the Artemis thing with Malwarebytes I thought I fixed it I thought it was gone I then noticed the problem hadn t gone away redirecting of search pages random opening of new windows to questionable sites SUPER slow computer I found a whole slew of things with McAfee They were all quarantined and or deleted but there were a Redirect search, pop up, Artemis? LOT of infected items My next move in retrospect may not have been the brightest I tried system restore for a point about a week ago I have used this in Redirect search, pop up, Artemis? the past to what seemed like success Anyway here I am My McAfee won t even work now and the computer is having the same problems I need help and I am very grateful you guys and girls are here I have had a problem with the pre-posting steps though I couldn t get the GMER log The first time I ran the program it turned into a blue screen saying that the program had caused a problem with the computer et cetera The second time I ran it I tried to stop the scan slightly prematurely so I could save the majority of what it found but it became unresponsive and I basically had to restart the computer I ll just give you what I have and wait for guidance Thanks in advance for the help and I apologize for my ignorance DDS LOGDDS Ver - - - NTFSx Run by Kevin and Barbara at on Thu Internet Explorer Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exeC WINDOWS system drivers KodakCCS exeC Program Files LeapFrog LeapFrog Connect CommandService exeC Program Files McAfee SiteAdvisor McSACore exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files McAfee MPF MPFSrv exeC WINDOWS system svchost exe -k imgsvcc PROGRA mcafee com agent mcagent exeC Program Files Analog Devices Core smax pnp exeC Program Files Dell Media Experience DMXLauncher exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS System DLA DLACTRLW EXEC Program Files Dell Photo AIO Printer dlccmon exeC WINDOWS system igfxpers exeC Program Files Common Files Real Update OB realsched exeC WINDOWS system dlcccoms exeC Program Files iTunes iTunesHelper exeC Program Files LeapFrog LeapFrog Connect Monitor exeC Program Files Internet Explorer iexplore exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC PROGRA McAfee VIRUSS mcsysmon exeC Program Files Digital Line Detect DLG exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer iexplore exeC Documents and Settings Kevin and Barbara Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google comuSearch Bar hxxp www google com ieuDefault Page URL hxxp www google com ig dell hl en amp client delluSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Connection Wizard ShellNext hxxp www google com ig dell hl en amp client delluSearchURL Default hxxp search yahoo com search fr mcafee amp p smSearchAssistant hxxp www google com ieuURLSearchHooks McAfee SiteAdvisor Toolbar ebbbe -bad - b c- e a- abecae - c progra mcafee sitead mcieplg dllBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO Java Plu... Read more

A:Redirect search, pop up, Artemis?

Hello baugherfam,I saw your intro post and I LOVED it! I live in Texas, so what you said made perfect sense to me. A few comments before we get going on this........What happened with gmer is pretty common, so don't worry. If we need it later we'll get it to run. What happened with the restore point is also common, but believe it or not I was glad to see this. Some people think the right thing to do is turn system restore off. It's not. When you do this and something happens, then you have nothing at all to go back to. So good on you. Later on you have some major updating to do. The things I noticed out of date are very vulnerable to attack, and we'll need to fix them.This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If McAfee gives you any problems, you may have to temporarily uninstall it. For some reason, this is common with McAfee. 1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.If you have trouble running it the first time, then rename ComboFix.exe to baugherfam.exe and try again.Thanks,tea

http://www.bleepingcomputer.com/forums/t/328572/redirect-search-pop-up-artemis/
Relevancy 39.99%

I ve had a virus on my computer for awhile now - have run McAfee and Malwarebytes and they can not get rid of it Now it has disabled Malwarebytes I also can not do a system restore - says quot System Restore has been turned off by group policy To turn on System Restore contact your virus (?) - Can't of rid get possibly Artemis domain administrator quot I ve tried restarting in safe mode but I get a blue screen I m also having trouble connecting to the internet I ll post my logs below and also attach my reports done per the preparation guide I m not super computer literate - really hope someone can help me Thanks in advance DDS Ver - - - NTFSx Run by Amy at on Tue Internet Explorer Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system spoolsv exesvchost exeC Program Files Common Can't get rid of virus (?) - possibly Artemis Files Apple Mobile Device Support bin Can't get rid of virus (?) - possibly Artemis AppleMobileDeviceService exeC Program Files Microsoft Small Business Business Contact Manager BcmSqlStartupSvc exeC WINDOWS system svchost exe -k netsvcsC WINDOWS system FastNetSrv exeC Program Files Java jre bin jqs exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC WINDOWS Explorer Can't get rid of virus (?) - possibly Artemis exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MPF MPFSrv exeC Program Files Dell Support Center bin sprtsvc exeC WINDOWS system igfxtray exeC WINDOWS system igfxpers exeC WINDOWS RTHDCPL EXEC Program Files CyberLink PowerDVD DX PDVDDXSrv exeC Program Files Google Google Desktop Search GoogleDesktop exec Program Files Microsoft SQL Server Shared sqlwriter exeC WINDOWS system igfxsrvc exeC Program Files McAfee com Agent mcagent exeC WINDOWS system ctfmon exeC Program Files RMClient PMClient exeC PROGRA McAfee VIRUSS mcsysmon exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer IEXPLORE EXEC Documents and Settings Amy Desktop dds scr Pseudo HJT Report uStart Page hxxp www cnn com uSearch Page hxxp www google comuDefault Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd uSearch Bar hxxp www google com hws sb dell-usuk en side html channel usuSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Settings ProxyServer http uInternet Settings ProxyOverride lt local gt mSearchAssistant hxxp www google com hws sb dell-usuk en side html channel usmWinlogon Shell Explorer exe rundll exe bwsb gio gltbrBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dllBHO CBrowserHelperObject Object ca c - b - e-a -a c db f - c program files dell bae BAE dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB EA- A- B-ADF - D E CC - No FileuRun DellSupportCenter quot c program files dell support center bin sprtcmd exe quot P DellSupportCenteruRun MSMSGS quot c program files messenger msmsgs exe quot backgrounduRun ctfmon exe c windows system ctfmon exeuRun AdobeUpdater quot c program files common files adobe updater AdobeUpdater exe quot mRun IgfxTray c windows system igfxtray exemRun HotKeysCmds c windows system hkcmd exemRun Persistence c windows system igfxpers exemRun RTHDCPL RTHDCPL EXEmRun Alcmtr ALCMTR EXEmRun PDVDDXSrv quot c program files cyberlink powerdvd dx PDVDDXSrv exe quot mRun Google Desktop Search quot c program files google google desktop search GoogleDesktop exe quot star... Read more

A:Can't get rid of virus (?) - possibly Artemis

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/286411/cant-get-rid-of-virus-possibly-artemis/
Relevancy 39.99%

Artemis!4bf2a453fce3 is one of the entries in the log but they all look about the same just the numbers are a bit different. Also is HTML/FakeAV Trojan. My wife clicked a link which would not have been from suspected to be malicious. She then opened the file and started getting the alerts from McAfee. Now when I open Mozilla I get a window from IE and it looks like the Computer window which shows your drives and starts to scan and says major problems exist. It also pops up every so often. I close the window and everything is fine. The only other thing it does is pause my virus scanner. I can't imagine it is bad just annoying and I would like to remove it. I am running Vista. I am running my virus scanner now and half way complete with nothing found.

A:I have Artemis! Trojan and can't remove it.

Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/229470/i-have-artemis-trojan-and-cant-remove-it/
Relevancy 39.99%

Guys, I have a Vista computer that when I run Macfee Stinger it finds one Trojan. But when I run Macfee Anti Virus, it doesn't find anything. I do have the latest version.

Here is the stinger log... below...

McAfee® Stinger Version 10.0.1.624 built on Jul 6 2009

Copyright © 2009 McAfee, Inc. All Rights Reserved.

Virus data file v1000 created on Jul 6 2009.

Ready to scan for 897 viruses, trojans and variants.

Scan initiated on Sun Jul 19 23:07:19 2009

C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3

Found the Artemis!A7F8BAD9590A trojan !!!

C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3 could not be repaired.

Number of clean files: 251146

Number of Trojans: 1

Please help
 

A:Artemis! - Trojan can't remove - please help.

Closing duplicate, please reply here:

http://forums.techguy.org/malware-removal-hijackthis-logs/843993-hp-latop-dell-desktop.html

eddie
 

https://forums.techguy.org/threads/artemis-trojan-cant-remove-please-help.845118/
Relevancy 39.99%

Hi,


My laptop (Windows 7) alerted me of a trojan and I was told to restart so that McAfee can sort the problem. When my computer went back on, I ran a full scan it said my computer is safe. But I went to check the report and saw that the trojan detected is still there. I went to History and Logs and it says Artemis! 53A0E3AF3637 was detected. Does this mean that my laptop has this virus? How do I remove it? What should I do? By the way, I am a computer idiot who only knows how to check emails. Please help me!

A:Help!!! Trojan Artemis! 53A0E3AF3637

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

http://www.bleepingcomputer.com/forums/t/417858/help-trojan-artemis-53a0e3af3637/
Relevancy 39.99%

Windows Mobile Smartphone/PDA

Greetings All

Functions:
Downloading and checking timetables/calender from websites on the move, connecting upto WIFI, arranging appointments, e-mails and word documents and all round decent Organiser functions

A windows mobile smartphone is likely to satisfy all of these requirements but I have very little knowledge regarding them.....

Is the HTC P3300 aka Artemis a good choice?
What are the general pitfalls/problems with PDAs
 

http://www.techspot.com/community/topics/pda-criteria-and-htc-artemis-aka-p3300.89855/
Relevancy 39.99%

McAfee reports a possible Artemis virus infection on my PC I have no idea waht this is real of hoax let alone how to remove I have include the various virus report Artemis! Possible Hijackthis and DSS reports I hope anyone can help me shed some light Regards Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes H WINDOWS System smss exe H WINDOWS system winlogon exe H WINDOWS system services exe H WINDOWS system lsass exe H WINDOWS system svchost exe H WINDOWS System svchost exe H WINDOWS system svchost exe H Program Files Lavasoft Ad-Aware aawservice exe H WINDOWS system spoolsv exe H Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe H Program Files FRITZ DSL IGDCTRL EXE H Program Files Bonjour mDNSResponder exe H Program Files Nero Nero InCD InCDsrv exe H Program Files Java jre bin jqs exe H PROGRA McAfee MSC mcmscsvc exe h PROGRA COMMON mcafee mna mcnasvc exe h PROGRA COMMON mcafee mcproxy mcproxy exe H PROGRA McAfee VIRUSS mcshield exe H Program Files McAfee MPF MPFSrv exe H Program Files Artemis! Possible virus report Norton Ghost Agent VProSvc exe H WINDOWS system nvsvc exe H WINDOWS system svchost exe H WINDOWS System svchost exe H PROGRA McAfee VIRUSS mcsysmon exe h PROGRA mcafee com agent mcagent exe H WINDOWS Explorer EXE H Program Files Analog Artemis! Possible virus report Devices Core smax pnp exe H Program Files Analog Devices SoundMAX Smax Artemis! Possible virus report exe H WINDOWS system RUNDLL EXE H Program Files Common Files Java Java Update jusched exe H Program Files AirPort APAgent exe H Program Files iTunes iTunesHelper exe H WINDOWS system rundll exe H Program Files SlySoft AnyDVD AnyDVDtray exe H Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe H Program Files DNA btdna exe H WINDOWS system ctfmon exe H Program Files Logitech SetPoint SetPoint exe H Program Files Microsoft Office Office OSA EXE H Program Files Common Files Logitech KHAL KHALMNPR EXE H Program Files iPod bin iPodService exe h PROGRA mcafee VIRUSS mcvsshld exe H Program Files Mozilla Firefox firefox exe H WINDOWS system rundll exe I Downloads AllerhandePCUtilities Anti Virussoftware TechGuy SysInfo exe H Program Files Mozilla Firefox plugin-container exe H Documents and Settings Administrator Bureaublad HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www msn nl R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Koppelingen O - BHO Adobe PDF Reader Help bij koppelingen - E F-C D - D -B D- B D BE B - H Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - H Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO scriptproxy - DB D A - - E -B D- F C - H Program Files McAfee VirusScan scriptsn dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - H Program Files Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - H Program Files Google GoogleToolbarNotifier swg dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - H Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - H Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Google Toolbar - C B - - d - B ... Read more

https://forums.techguy.org/threads/artemis-possible-virus-report.959290/
Relevancy 39.99%

Hello I have a Dell Inspiron m Laptop with Windows XP I had McAfee installed and real time protection enabled but out of the blue got a message from McAfee saying that it had blocked and Trojan Generic!Artemis removed a Trojan The original name of the Trojan was Generic Artemis After this happened I could not scan with McAfee any longer and all the graphics in the software are missing I did some research and did the following Scanned with Malwarebytes This scan took about hours Generic!Artemis Trojan and found several trojans and worms which it removed and some items were supposed to remove on reboot To make sure everything was gone I ran Generic!Artemis Trojan the scan again This time only about hours but some items were back again with different names then before After Generic!Artemis Trojan this I scanned with Adaware and it found more items and removed them A third scan with Malwarebytes made it clear that the item was just renaming itself every time and always manages to come back I called a friend and he said I needed to run the scanners in Safemode after turning off system restore So I did that and this time it seemed that Malwarebytes and Adaware were able to catch everything I also ran Registry Mechanic which found about problems and fixed them After reboot I went to the F-Secure site to run an online scan and all my graphics in Internet Explorer are not displaying anymore Both browsers IE and Firefox are running painfully slow and when I click on a link in Google it sometimes directs me to a totally different site So I know there is still something wrong The F-Secure scan took about hours to complete only about files so I gave up on that one It would take weeks to scan Next I used ATF cleaner to remove all temp files and cookies Then I went to Windows and downloaded the Malicious software Removal tool and ran that It found one more item and removed it I was hoping that I caught everything but I'm still experiencing the same painful slow browser and hijacking stuff and still no graphics in Mcafee program and IE I even uninstalled and re-installed Mcafee with no success I am very scared to use my Laptop now online and would really appreciate if someone could please help me finish this never ending story so that I can get back to my business instead of being a full time virus remover It's been three days Thanks a Million All the best Rob PS Here are some of the items that were found and supposedly removed Win Mloader Line Games w Autorun worm gen Win koobface Homatoy dll oyevosogic dll DDS Ver - - - NTFSx Run by Robea at on Sun Internet Explorer Microsoft Windows XP Home Edition GMT - Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS System S EvMon exe svchost exe svchost exe C WINDOWS system ZCfgSvc exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS System XConfig exe C Program Files Lavasoft Ad-Aware AAWService exe C WINDOWS system brsvc a exe C WINDOWS system spoolsv exe C WINDOWS system brss a exe C Program Files Cisco Systems VPN Client cvpnd exe C WINDOWS system svchost exe -k hpdevmgmt C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS System svchost exe -k HPZ C WINDOWS System svchost exe -k HPZ C WINDOWS System RegSrvc exe C Program Files Sunbelt Software CounterSpy SBAMSvc exe C WINDOWS System svchost exe -k imgsvc C Program Files Sunbelt Software CounterSpy SBAMTray exe C WINDOWS system wscntfy exe C Program Files Lavasoft Ad-Aware AAWTray exe C WINDOWS system ctfmon exe C WINDOWS system rundll exe C Program Files Mozilla Firefox firefox exe C Program Files Internet Explorer iexplore exe C Documents and Settings Robea Desktop Downloads dds scr Pseudo HJT Report uStart Page about blank uSearch Page hxxp www google com uSearch Bar hxxp www google com ie mDefault Page URL hxxp www yahoo com mStart Page hxxp www yahoo com mSearch Bar uInternet Connection Wizard S... Read more

A:Generic!Artemis Trojan

Hello,
I know, you're not supposed to bump your topic but I posted on Sunday and I see that people who just posted yesterday are already getting replies, so I thought my topic might have been overlooked.
Thank you for your help.
Bea and Rob

http://www.bleepingcomputer.com/forums/t/215152/genericartemis-trojan/
Relevancy 39.99%

Hi there So in an entire lifetime of websurfing I have never had a virus trojan problem except for the past month in which I have trojan? I an idiot am - Artemis managed to become infected with not one but two Trojans The previous round was with I am an idiot - Artemis trojan? ZeroAccess which the brilliant and wonderful CatByte solved for me I have been borderline paranoid in my online travels since then running SiteAdvisor and not going anywhere that doesn t have a quot green quot rating - but I apparently have still managed to become infected McAfee just popped up saying it had found the Artemis B CCD B B Trojan in C Windows SysWOW HIMYM DLL kpk tmp but couldn t delete it I actually haven t noticed any changes in my computer function or any problems other than when I reboot the computer I get the error message There was a problem starting C Windows system HIMYM DLL The specified module could not be found This gives me a little bit of hope that the thing isn t actually running I have posted the logs below I am beyond embarrassed to ask for help again so soon I can t figure out what I m doing wrong and how I m picking up all these Trojans But I am utterly clueless about how to fix this on my own Not sure how much help McAfee is if it can only detect these Trojans but never remove them DDS log DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by Administrator at on - - Microsoft Windows Home Premium GMT - AV McAfee Anti-Virus and Anti-Spyware Enabled Updated ADA C - F - - A- B E SP McAfee Anti-Virus and Anti-Spyware Enabled Updated C C - - - FA- E F F SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF FW McAfee Firewall Enabled DA E - - D - - AD FE Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskhost exe C Windows system taskeng exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Sony VAIO Gate VAIO Gate exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x Bluetooth Suite Ath CoexAgent exe C Program Files x Bluetooth Suite adminservice exe C Program Files x Bonjour mDNSResponder exe C Windows SysWOW svchost exe -k hpdevmgmt C Program Files x Realtek Realtek PCIE Card Reader RIconMan exe C Program Files Common Files McAfee McSvcHost McSvHost exe C Windows system mfevtps exe C Windows System svchost exe -k HPZ C Program Files x Nuance PDF Professional PDFProFiltSrv exe C Program Files x Sony PMB PMBDeviceInfoProvider exe C Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x Microsoft BingBar SeaPort EXE C Windows system svchost exe -k imgsvc C Program Files x Sony VAIO Event Service VESMgr exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Sony VAIO Event Service VESMgrSub exe C Program Files x Sony VAIO Event Service VESMgrSub exe C Windows SysWOW DllHost exe C Windows SysWOW DllHost exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system rundll exe C Windows system rundll exe C Program Files Common Files McAfee SystemCore mcshield exe C Program Files Common Files McAfee SystemCore mfefire exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system svchost exe -k HPService C Windows system svchost exe -k bthsvcs C Program Files CONEXANT cAudioFilterAgent cAudioFilterAgent exe C Program Files x Bluetooth Suite BtvStack exe C Program Files x Bluetooth Suite AthBtTray exe C Windows System igfxtray exe C Windows S... Read more

A:I am an idiot - Artemis trojan?

let's have another lookplease do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]now press the search button[*]when the search is complete, search.txt will also be written to your USB[*]type exit and reboot the computer normally[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

http://www.bleepingcomputer.com/forums/t/467348/i-am-an-idiot-artemis-trojan/
Relevancy 39.99%

Hi everyone! I need help in getting rid of this annoying Artemis Trojan from my laptop. I'm using Sony Vaio, Windows 7 home premium.

I've already done the recommendations that I've read from various forum. I've already used McAfee, Avast, Malwarebytes, Super anit-spyware to remove this virus but after few minutes it keeps popping up again! I need help pls! Anyone??

First, it prevented to browse websites. Then a day after, a spam e-mail was sent from my personal yahoo account to all my contacts, though that spam e-mail didn't appear in my Sent items! I badly needed a help!

A:can't get rid of Artemis!56C9EF26F88B Trojan! Need help pls!

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

http://www.bleepingcomputer.com/forums/t/421379/cant-get-rid-of-artemis56c9ef26f88b-trojan-need-help-pls/
Relevancy 39.99%

This problem began after my grandkids were introduced to my computer at this time Windows Defender would open but was not enabled for some reason They have downloaded many different kid's games and I have noticed new toolbars showing up over time AIM toolbar Google Yahoo MyWebSearch I have uninstalled the MyWebSearch toolbar and all of the quot extra quot programs Toolbars that the kiddos downloaded installed I have installed a new version of McAfee SecurityCenter SE from AOL which found other Generic!Artemis and issues four files associated with MyWebSearch and Generic Artemis virus McAfee quarrantined Generic!Artemis and other issues these files After the McAfee fix Generic!Artemis and other issues Windows Defender will not open or reinstall It also does not appear in the add uninstall programs screen for me to uninstall it I tried the three steps that Microsoft recommends to reinstall Defender but none worked McAfee does not find any more issues after running a complete scan Lastly the AIM toolbar reappeared in IE without prompting The fact that Windows Defender does not run is my concern at this point I am not really sure if there is something looming but this just does not sit right with me Thanks for your help DDS Ver - - - NTFSx Run by Bud at on Mon Internet Explorer Microsoft Windows Vista Home Premium GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD SP McAfee VirusScan enabled Updated C B C - - -BB - D CC E SP Windows Defender disabled Updated D DDC A- F- FAE- E -DA C ACF FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k Generic!Artemis and other issues LocalService C Windows system rundll exe C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C hp support hpsysdrv exe C hp KBD kbd exe C WINDOWS RtHDVCpl exe C Program Files Common Files aol ee aolsoftware exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C WINDOWS System rundll exe C Program Files McAfee com Agent mcagent exe C Program Files Windows Sidebar sidebar exe C WINDOWS ehome ehtray exe C Program Files Common Files microsoft shared Works Shared WkCalRem exe C Windows ehome ehmsas exe C Program Files Common Files AOL ACS AOLAcsd exe c Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system svchost exe -k imgsvc C Program Files Viewpoint Common ViewpointService exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system DRIVERS xaudio exe C Windows system WUDFHost exe C Windows System mobsync exe C Windows system taskeng exe C PROGRA McAfee MSC mcmscsvc exe C PROGRA McAfee VIRUSS mcsysmon exe c PROGRA COMMON mcafee mna mcnasvc exe C Program Files Internet Explorer ieuser exe C Program Files Internet Explorer iexplore exe c program files aim toolbar aimtbServer exe C Windows system taskeng exe C Windows system svchost exe -k SDRSVC C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe C Users Bud Desktop dds scr C Windows system wbem wmiprvse exe Pseudo HJT Report uSearch Page hxxp www google com uStart Page hxxp www... Read more

A:Generic!Artemis and other issues

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/244974/genericartemis-and-other-issues/
Relevancy 39.99%

I am running Windows 7 Home Premium with Service Pack 1 (64-bit OS).  My son was using my computer and downloaded some games and my computer started acting funny.
 
I have McAfee, Malwarebytes and CCleaner running. Malwarebytes found tons of stuff and quarantined it which I then deleted.  Same with McAfee which is how I found the name of the virus.  I uninstalled the items through CCleaner.  Every time I try to delete it with McAfee, it doesn't work.  I have also tried doing a system restore back to prior to the problems showing up and, not only did it fail, but it deleted all my system restores prior to the problems beginning.
 
Please help me.
 
Teresa

A:Can't get rid of Artemis!9A3A331881A1 virus

My name is Bezukhov. Let us try a couple of other tools.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorThe tool will start to update the database, please wait a bit.Click on I agree button.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool. Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.

http://www.bleepingcomputer.com/forums/t/585152/cant-get-rid-of-artemis9a3a331881a1-virus/
Relevancy 39.99%

How do I get rid of these two viruses I ve Artemis!f75852775406 PUP.x & Generic tried everything and nothing works McAfee won t do it Generic PUP.x & Artemis!f75852775406 nor will Malwarebytes email email protected Hi I read up a little and found you needed a quot Generic PUP.x & Artemis!f75852775406 hijackthis quot log I came back to post it here I hope this is o k Learning rules as I go My computer has other issues also but this will do for now quot generic pup x quot amp quot Artemus virus quot Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C WINDOWS ALCXMNTR EXE C Program Files ATI Technologies ATI ACE cli exe C Program Files Multimedia Card Reader shwicon k exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files HP HP Software Update HPWuSchd exe C Program Files HP hpcoretech hpcmpmgr exe C WINDOWS system spool drivers w x hpztsb exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files DivX DivX Update DivXUpdate exe C Program Files Seagate SeagateManager FreeAgent Status StxMenuMgr exe C WINDOWS system ctfmon exe C Program Files Ares Ares exe C Program Files Microsoft ActiveSync wcescomm exe C Program Files CleanMyPC Registry Cleaner RCHelper exe C PROGRA MI AA rapimgr exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Seagate SeagateManager Sync FreeAgentService exe C Program Files HP Digital Imaging bin hpqtra exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Mcafee McSvcHost McSvHost exe C Program Files Common Files Motive McciCMService exe C Program Files Common Files McAfee SystemCore mfevtps exe C Program Files Nero Nero Nero BackItUp NBService exe C WINDOWS System svchost exe C WINDOWS system IoctlSvc exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Common Files McAfee SystemCore mcshield exe C Program Files Common Files McAfee SystemCore mfefire exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files HP Digital Imaging bin hpqbam exe C Program Files ATI Technologies ATI ACE cli exe C Program Files ATI Technologies ATI ACE cli exe C Program Files HP Digital Imaging bin hpqgpc exe C Program Files uTorrent uTorrent exe C PROGRA McAfee MSM McSmtFwk exe C PROGRA COMMON McAfee MSC McUICnt exe C Program Files McAfee com Agent mcagent exe C Program Files McAfee VirusScan mcods exe C Program Files Common Files Real Update OB realsched exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe C Documents and Settings Juan Felix Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http search yahoo com search fr mcafee amp p s R - URLSearchHook McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dll O - BHO no name - D -C F - efb- B - ECA - no file O - BHO HP Print Enhancer - C E- - -BF - C - C Program Files HP Digital... Read more

https://forums.techguy.org/threads/generic-pup-x-artemis-f75852775406.965143/
Relevancy 39.99%

So about a week ago, I started getting error messages that said "dllhost.exe has stopped working." I tried just closing it a few times, but it kept re-opening, so I ignored it for a while. After that, I decided to search up dllhost.exe, and found that it was a normal part of Windows, but could also be a trojan. I ran a quick scan with McAfee, and it showed that dllhost.exe was indeed infected by a trojan named "Artemis!BA3296BE6A13".
 
So far, nothing serious has happened that I've noticed. Only the error messages, sometimes more than one at once now, have been appearing. I'm worried that something might be happening in the background, though, or something more major might happen in the near future, so I'm posting here.
 
Thanks for your help in advance. 

A:Artemis!BA3296BE6A13 in dllhost.exe

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.=== Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the  Scan  button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the  Scan  button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.=== Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: TurorialLink 1Link 2 IMPORTANT !!! Save ComboFix.exe to your Desktop 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed. How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.html Double click on ComboFix.exe and follow the prompts.When finished, it will produce a report for you.Please post the C:\ComboFix.txt Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.=== Third party programs if not up to date can be the cause of infiltration an infection. Please restart the computer before running this security check. Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.p.s.If the SecurityCheck program fails to run for any reason, run it as an Administrator.=== Please paste the logs in your next reply DO NOT ATTACH THEM.Let me know what problem persists.

http://www.bleepingcomputer.com/forums/t/517876/artemisba3296be6a13-in-dllhostexe/
Relevancy 39.99%

https://www.virustotal.com/en/file/...66ca7b3deb13ee901a543da232d848b89b1/analysis/
^ natmon.exe analysis
https://www.virustotal.com/en/file/...4b8fa2571e34b04161920a99/analysis/1440360010/
^ monitor.exe analysis
I've already removed "C:\Users\Jacob\AppData\Roaming\71897A57-9DDD-4338-86DA-D509957A8802\Nat Monitor\" and "C:\Users\Jacob\AppData\Roaming\windowsmonitor\" and then deleted the startup entries with autoruns.
Anything else I'm missing?
Oops, my system: http://hastebin.com/miyoxoqebe.tex
 

A:Artemis? Advice needed.

Hello and welcome to TSG,

My screen name is kevinf80, either that or Kevin is good for replies. Ok lets continue:

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.
On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may or may not see this message box.

'Could not load DDA driver'

Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options:

Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply?
If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish. Follow the instructions above....

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them... Read more

https://forums.techguy.org/threads/artemis-advice-needed.1154396/
Relevancy 39.56%

Hello i am super new to bleepingcomputer but i always use the help that i tend to find here if i have trouble but this one i cant seem to get rid of my mcafee keeps finding and blocking and supposedly trojan help/browser redirection Artemis deleting this trojan called artemis ee and whole lot of other numbers or whatever but when i scan for it mcaffe cant seem to find it ive used all the other spyware programs MBAM superantispyware and they find other things besides the artemis now i really believe that this is the cause of my search redirection as well which is getting real annoying by the way during random times i do get maybe one or two tabs that pop up as well i would be greatly appreciated for any help i understand you guys are busy Artemis trojan help/browser redirection i am a patient man the computer still runs ok with the exception of my DVD drive not working cds wont load program ones anyway Artemis trojan help/browser redirection i havent tested to see if music Artemis trojan help/browser redirection cds work or not im running Windows home premium i use google chrome internet browser i am posting a DDS log and a hijackthis log below This is my DDS log DDS Ver - - - NTFSx Run by Ty at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows Home Premium GMT - SP Spybot - Search and Destroy enabled Updated ED FAF- B F- B -ACA - E C DADBE SP SUPERAntiSpyware disabled Updated A C- - e- F- E AC DA Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k RPCSSC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system Dwm exeC Windows system taskhost exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows Explorer EXEC Program Files Acer Empowering Technology eDataSecurity x eDSService exeC Program Files Realtek Audio HDA RtHDVCpl exeC Program Files Common Files Research In Motion Auto Update RIMAutoUpdate exeC Program Files Acer Empowering Technology eDataSecurity x eDSLoader exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Logitech Logitech WebCam Software LWS exeC Program Files McAfee com Agent mcagent exeC Program Files Zune ZuneLauncher exeC Program Files Common Files Real Update OB realsched exeC Program Files Java jre bin jusched exeC Program Files AIM aim exeC Program Files BitTorrent bittorrent exeC Program Files Common Files InstallShield UpdateService ISUSPM exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Users Ty AppData Local Google Update GoogleCrashHandler exeC Program Files Common Files Logishrd LQCVFX COCIManager exeC Windows system svchost exe -k LocalServiceAndNoImpersonationC Program Files Common Files LogiShrd LVMVFM LVPrcSrv exeC Program Files Common Files McAfee McProxy McProxy exeC PROGRA McAfee VIRUSS McShield exeC Program Files McAfee MPF MPFSrv exeC Program Files NewTech Infosystems NTI Backup Now SchedulerSvc exeC Windows system svchost exe -k imgsvcC Program Files bin nSvcAppFlt exeC Program Files bin nSvcIp exeC Program Files Spybot - Search amp Destroy SDWinSec exeC Windows system SearchIndexer exeC Program Files McAfee MSC mcmscsvc exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files McAfee VirusScan mcsysmon exeC Program Files Common Files McAfee MNA McNASvc exeC Windows System svchost exe -k secsvcsC Program Files Zune ZuneNss exeC Windows system wuauclt exeC Windows system taskhost exeC Program Files Malwarebytes' Anti-Malware mbam exeC Windows system rundll exeC Windows system SearchProtocolHost exeC Program Files Spybot - Search amp Destroy SpybotSD exeC Users Ty AppData Local Google Chrome Application chrome exeC Users Ty AppData... Read more

A:Artemis trojan help/browser redirection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/274623/artemis-trojan-helpbrowser-redirection/
Relevancy 39.56%

I have McAfee Internet Security installed on my computer and about weeks ago while running McAfee updates I got a pop up stating that it detected Generic Artemis on my computer and it is not able needs Log HijackThis analysis!! Generic!Artemis, My to remove this Generic!Artemis, My HijackThis Log needs analysis!! Can anybody help me on getting rid of this thing Thanks Claudio ----------------------------------------------- ----------------------------------------------- Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINNT System smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C WINNT system spoolsv exe C WINNT system bgsvcgen exe C WINNT system cisvc exe C WINNT system svchost exe C Programmi McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA FILECO mcafee mna mcnasvc exe c PROGRA FILECO mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Programmi McAfee MPF MPFSrv exe C Programmi McAfee MSK MskSrver exe C WINNT system MSTask exe C WINNT system stisvc exe C WINNT System WBEM WinMgmt exe C WINNT Explorer EXE c PROGRA mcafee com agent mcagent exe C WINNT system S apphk exe C Programmi Adobe Photoshop Album Starter Edition Apps apdproxy exe C WINNT system LVCOMSX EXE C Programmi Real Alternative Update OB realsched exe C Programmi Java jre bin jusched exe C Programmi Mindjet MindManager PDF-XChange pdfSaver pdfSaver exe C Programmi TomTom HOME HOMERunner exe C Programmi Spybot - Search amp Destroy TeaTimer exe C PROGRA McAfee VIRUSS mcsysmon exe C WINNT system cidaemon exe C Programmi Mozilla Firefox firefox exe C Documents and Settings a Impostazioni locali Temp HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google it R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www libero it R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Collegamenti R - URLSearchHook Yahoo Toolbar con blocco Pop-Up - EF BD -C FB- D - F- D F - no file O - BHO Yahoo Toolbar Helper - D -C F - efb- B - ECA - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Programmi File comuni Adobe Acrobat ActiveX AcroIEHelper dll O - BHO McAfee Phishing Filter - B A- - A -B -BE AFE AB - c PROGRA mcafee msk mskapbho dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Programmi Java jre bin ssv dll O - BHO del icio us Toolbar Helper - AA AE - EF- EC- CA- D CD CCDB - C Programmi del icio us Internet Explorer Buttons dlcsIE dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Programmi McAfee VirusScan scriptsn dll O - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dll O - Toolbar msdxmLC dll email protected amp Radio - E - F- D - E- A C - C WINNT system msdxm ocx O - Toolbar del icio us - FE A - C- - F-C BC CB - C Programmi del icio us Internet Explorer Buttons dlcsIE dll O - Toolbar McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dll O - HKLM Run Synchronization Manager mobsync exe logon O - HKLM Run S apphk S apphk exe O - HKLM Run NeroCheck C WINNT system NeroCheck exe O - HKLM Run AudioDeck C Programmi VIA Technologies Inc Audio Deck ADeck exe O - HKLM Run Adobe Photo Downloader quot C Programmi Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run LVCOMSX C WINNT system LVCOMSX EXE O - HKLM Run TkBellExe quot C Programmi Real Alternative Update OB realsched ex... Read more

https://forums.techguy.org/threads/generic-artemis-my-hijackthis-log-needs-analysis.776634/
Relevancy 39.56%

Dell Dimension XP SP Firefox McAfee Three weeks ago I found a virus on my wife's computer I could isolate the offending files but had Vundo?) Sleepless (Artemis? in Toronto to engage the fine folks at McAfee to remove them Artemis and Vundo seemed to be history Gone from the system folder were geyofebi dll SAYIWIDO DLL yejuwesi dll yobiseha dll wuhumuro dll yegudime dll Sleepless in Toronto (Artemis? Vundo?) GAFILUMU DLL fcyyy dll and maybe some others those are all my notes show The McAfee rep didn't of course tell me all he did on my screen remotely with his fancy-looking tools After that the unit ran fine but last week weeks after virus purge it started running very very slowly Programs take a very long time to load and execute Sometimes they never complete their task The Task Mgr shows that the cpu is not running at a high It bounces around of course but the System Idle Process is usually - or more The o s tools eg Help My Computer Task Mgr are the same But it seems to boot fairly quckly I have several times run disk check - no problems run spybot - no problems run McAfee virus scan - no problems run CCleaner - fixed registry problems uninstalled some programs - didn't help disabled some startups - same appealed to higher powers - same I also uninstalled the quot ntiomin quot driver that was not working - it was installed as part of SpeedFan which I've now uninstalled And I've just spent the weekend trying various other fixes at least trying to isolate the problem I can't and in my hunt I happened upon your forum So I'm just a determined amateur can't read a log though quot Host Intrusion Detection quot doesn't exactly sound good and would be grateful for any help you might be able to offer The dds log follows and the other dds file and gmer file both zipped are attached My wife's surname has been redacted and replaced with quot XXXX quot as it appears in the dds log I do not have access to a Windows Install disk or boot cd I never made one when the computer arrived Lesson learned Many thanks Ralph ps as I type this the gmer program is taking a long time to grind through the McAfee Virus Scan quarantine files that have been generated in the last weeks eek never saw those before DDS Ver - - - NTFSx Run by Karen XXXX at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C WINDOWS system cisvc exe C Program Files Java jre bin jqs exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C WINDOWS system svchost exe -k imgsvc C PROGRA McAfee VIRUSS mcsysmon exe c PROGRA mcafee com agent mcagent exe C WINDOWS Explorer EXE C Program Files Analog Devices Core smax pnp exe C Program Files Intel Modem Event Monitor IntelMEM exe C WINDOWS system dla tfswctrl exe C WINDOWS system igfxpers exe C WINDOWS system ctfmon exe C WINDOWS system msiexec exe C PROGRA COMMON INSTAL UPDATE agent exe C PROGRA McAfee MSM McSmtFwk exe C PROGRA COMMON McAfee MSC McUICnt exe C WINDOWS system dwwin exe C Program Files Mozilla Firefox firefox exe C WINDOWS system dwwin exe C Documents and Settings Karen XXXX Desktop dds scr Pseudo HJT Report uStart Page hxxp www guardian co uk uSearch Page hxxp www google com uDefault Page URL mDefault Page URL mDefault Search URL hxxp www google com ie uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO Skype add... Read more

A:Sleepless in Toronto (Artemis? Vundo?)

Hi all.

Stand down on this for now. We've taken the unit to a local guru for a tuneup.

If it lands back in my lap I'll again seek your help.

Cheers...Ralph

http://www.techsupportforum.com/forums/f50/sleepless-in-toronto-artemis-vundo-432516.html
Relevancy 39.56%

I recently ran into quot Win Internet Security quot and followed the to Win 2012 ? Internet Artemis! 7 Security removal instructions on this site It seemed like it worked but almost right away within the day after my old McAfee began notifying me regularly of a Trojan that was found and removed called Artemis BF F lost the rest of the name I don t have it written anywhere and it happened to pop up briefly as I was typing I ve read up on it and tried to figure out how to remove this Artemis thing on my own but can t seem to get a handle on it MalwareBytes found and removed files but I keep getting the Artemis warning from McAfee Subsequent MalwareBytes scans Win 7 Internet Security 2012 to Artemis! ? have found nothing Win 7 Internet Security 2012 to Artemis! ? and for kicks I went Win 7 Internet Security 2012 to Artemis! ? through the Win Internet Security removal steps again with no result Everything else seems to be operating properly but I keep getting these warnings from McAfee and what I ve read online leads me to believe there s still some unwanted activity going on somewhere Does anyone know where I can go for some advice on this Thanks a ton for any guidance anyone is able to give Nick

A:Win 7 Internet Security 2012 to Artemis! ?

Welcome aboard What is the EXACT message from McAfee?File involved, location, etc.?

http://www.bleepingcomputer.com/forums/t/433442/win-7-internet-security-2012-to-artemis/
Relevancy 39.56%

Hello I just received a warning message from McAfee saying they'd detected a programme called Generic Artemis Virus Generic!Artemis Detected It's located on the C Generic!Artemis Virus Detected Drive under my downloads in the SetUp file When trying to remove it the following message appeared The potentially unwanted programme cannot be removed Something about maybe being linked to a bundle So far we haven't really noticed many problems with the computer except that it runs quite slowly and sometimes it just freezes and doen't allow us to open any programs Also we often get an error message about the synopsis touch pad not working whatever that means I would kindly ask for your help in resolving this as it's proving more persistant than expected Thanks so much Here's the DDS Log DDS Ver - - - NTFSx Run by Vicky at on Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows Microsoft Net Framework v WPF PresentationFontCache exeC Windows system svchost exe -k rpcssC Windows system Ati evxx exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system Ati evxx exeC Windows system svchost exe -k NetworkServiceC Windows system WLANExt exeC Windows System spoolsv Generic!Artemis Virus Detected exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system agrsmsvc exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Windows System bgsvcgen exeC Program Files Bonjour mDNSResponder exeC Program Files TOSHIBA ConfigFree CFSvcs exeC Program Files McAfee SiteAdvisor McSACore exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Windows system rundll exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system svchost exe -k imgsvcC Program Files TOSHIBA TOSHIBA DVD PLAYER TNaviSrv exeC Windows system TODDSrv exeC Program Files TOSHIBA Power Saver TosCoSrv exeC Program Files TOSHIBA SMARTLogService TosIPCSrv exeC Program Files Common Files Ulead Systems DVD ULCDRSvr exeC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system WUDFHost exeC Program Files TOSHIBA SmartFaceV SmartFaceVWatchSrv exeC PROGRA McAfee MSC mcmscsvc exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEc PROGRA mcafee com agent mcagent exeC Program Files Java jre bin jusched exeC Program Files TOSHIBA ConfigFree NDSTray exeC Program Files Synaptics SynTP SynTPEnh exeC Windows RtHDVCpl exeC Program Files ltmoh ltmoh exeC Program Files TOSHIBA Power Saver TPwrMain exeC Program Files TOSHIBA SmoothView SmoothView exeC Program Files TOSHIBA FlashCards TCrdMain exeC Program Files Camera Assistant Software for Toshiba traybar exec Program Files ATI Technologies ATI ACE Core-Static MOM exeC Program Files TOSHIBA ConfigFree CFSwMgr exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Common Files Real Update OB realsched exeC Program Files iTunes iTunesHelper exeC Program Files TOSHIBA TOSCDSPD TOSCDSPD exeC Program Files Skype Phone Skype exeC Program Files Google Google Desktop Search GoogleDesktop exeC Windows ehome ehtray exeC Program Files Windows Live Messenger msnmsgr exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Windows Media Player wmpnscfg exeC Program Files Panasonic VideoCamSuite VideoCamSuiteAutoStart exeC Program Files Microsoft Office Office ONENOTEM EXEC Program Files Camera Assistant Software for Toshiba CEC MAIN exeC Windows system taskeng exeC Windows ehome ehmsas exeC Program Files Windows Media Player wmpnetwk exe... Read more

A:Generic!Artemis Virus Detected

Hello ConfusedComputerUser,Artemis is something McAfee uses in its detections. What you're experiencing is most likely a false positive from McAfee. Can you please post for me the file(s) it's flagging so we can be sure?We can do a couple of scans after that, if you like, to be sure your system is all right. Regards,tea

http://www.bleepingcomputer.com/forums/t/206843/genericartemis-virus-detected/