Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic Artemis Virus - McAfee doesn't detect


  • Please log in to reply
7 replies to this topic

#1 kadame

kadame

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 26 March 2009 - 09:47 AM

I've contacted McAfee support, and they said I'll have to do the FEE BASED support to remove the virus. Initially, a few weeks ago, when I would search on the internet, I would be redirected to another site, but could click on the back arrow, and it would usually take me to where I wanted to go. Last night, a pop up with McAfee stated it blocked the generic artemis virus and then I got booted off the internet. I can't search at all without that happening, in fact I can't search at all, or paste addresses in the tool bar...I get booted off!

I ran a full scan, and nothing was found with my McAfee. Also, it says I'm protected in their start up screen..I'm running Windows XP Home Edition. HELP!!!!

Is going through McAfee support the only answer?

Edited by kadame, 26 March 2009 - 09:50 AM.


BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 26 March 2009 - 12:42 PM

Hi,

We can try some things else first. :thumbsup:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 kadame

kadame
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 29 March 2009 - 10:07 PM

Yeah! Success! Here is the log info. By the way...I'm still in my "cancellation" period with McAfee...and I am very unimpressed with the program....does the MalWarebytes Anti-Malware program I downloaded work as a virus protection...or is there another program you recommend? Thanks for your quick response, and great knowledge.

Malwarebytes' Anti-Malware 1.35
Database version: 1917
Windows 5.1.2600 Service Pack 3

3/29/2009 9:49:40 PM
mbam-log-2009-03-29 (21-49-40).txt

Scan type: Quick Scan
Objects scanned: 82799
Time elapsed: 14 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\tgkeae.fjo (Trojan.Daonol) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 March 2009 - 12:28 AM

Hi,

Please do a new full scan with MBAM, and post the logfile in your next reply. :thumbsup:

No, MBAM doesn't work as a virus protection. It's not a realtime scanner (it is when you buy it). Yes, I recommend other programs, and when you're clean I will give you some links to prevention pages (with the scanners I recommend). :flowers:

#5 kadame

kadame
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 30 March 2009 - 11:07 AM

No Viruses! Yeah! I have to say, as soon as I get a recommendation from you, on a better Anti-Virus program then McAfee, I'm switching, pronto! I actually paid them $79 on Thursday, before I got your post, and they took over my computer, and couldn't find anything....then when I told them to try to search on the internet, and then how I was being booted off immediately, they said it was a critical NEW virus, and they had to do some research, and would call me back. They never did, so luckily, I was able to get a refund....but the sad thing is, my McAfee showed nothing on a full scan, also, if you pull it up, it said "Protected", like nothing was wrong. I can't believe that you were able to offer something so quick, and they didn't!

Anyway, here is my log, and thanks again for your help!

Malwarebytes' Anti-Malware 1.35
Database version: 1917
Windows 5.1.2600 Service Pack 3

3/30/2009 11:03:05 AM
mbam-log-2009-03-30 (11-03-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 236508
Time elapsed: 2 hour(s), 1 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 March 2009 - 11:12 AM

Hi,

Well, that is not true what McAfee said to you. This malware is active for years, so it's not a new virus..
In step 4 you can find some scanners etc. :thumbsup:

Everything looks clean again. :flowers:
Do this:

1. Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

2. Go to the Windows update site and download and install all available updates, so your computer is prtected against malware.
Check this site every month in the future.

3. Read this page To prevent yourself against re-infection.

4. You can delete all used tools and programs.

5. Download these programs to protect your computer against reinfection:

1. Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

2a. Download Malwarebytes' Anti-Malware to check for possible infections.
Check it for updates prior to running and run them weekly together with your Anti-virus program.

2b. For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

3. Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program
Download and install Cleanup
Run "Cleanup" and when it has finished, reboot.

#7 kadame

kadame
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 30 March 2009 - 11:24 AM

I'll do this. Thanks again!

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 March 2009 - 11:25 AM

You are most welcome. If you have any questions, you're always welcome to ask them. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users