Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan: Generic!Artemis, Generic.dx and Generic Rootkit.w infection


  • Please log in to reply
2 replies to this topic

#1 tskoo

tskoo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 17 February 2009 - 08:50 PM

Hi there! Thanks for taking the time to help me out.

Yesterday, McAfee started detecting trojans in my system: Generic!Artemis, Generic.dx and Generic Rootkit.w

I don't know if these are three different trojans or one and the same. I'm not getting any pop-ups (apart from the mcafee warnings), but it is making my computer run slower and me very worried.

I'm running Windows XP Pro.

Any help most appreciated.

I can post a hijack this log if that's of any use.

BC AdBot (Login to Remove)

 


#2 tskoo

tskoo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 17 February 2009 - 10:07 PM

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far

#3 tskoo

tskoo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 18 February 2009 - 09:26 AM

Further info:

Most times when I start up - but not every time - the computer is really sluggish for several minutes and then a box pops up saying:

"Generic Host Process for Win32 Services has encountered a problem and needs to close"

(this generally coincides with a box from mcafee detecting the trojan in another file)

I click on "to see what data this error report contains, click here" and it says:

szAppName : svchost.exe szAppVer : 5.1.2600.5512 szModName : ntdll.dll
szModVer : 5.1.2600.5512 offset : 0001b1fa

A couple of minutes later another box pops up saying, "System Shutdown", something about being intiated by NT AUTHORITY\SYSTEM and then, "Windows must now restart because the DCOM Server Process Launsher service terminated unexpectedly"

And a timer counts down from sixty seconds and then the computer restarts.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users