Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Artemis took over computer


  • This topic is locked This topic is locked
2 replies to this topic

#1 WirePaladinSF

WirePaladinSF

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 25 January 2010 - 11:43 AM

Computer is older Gateway desktop, Operating system is MSWindowsXP Home edition, SP3 with Pentium 4 CPU 2.00GHz, 1GB Ram
I use McAfee Security Center and it updates regularly. It did not detect the download of the Artemis trojan. It did detect some of he havoc that resulted but would not detect the source of the problem. I could not use that machine to google anything about removing the trojans as every Google link was redirected. I had to use my laptop to download information about the virus. I also used it to download Anti Spyware applictions but none of them found the source. I tried SuperAntiSpyware, Malwarebytes, SpyBot, vcleaner.exe, ATF cleaner, HijackThis, Microsofts Windows-kb890830-v3.3, RUBotted, CCleaner, AVGfree software, System Mechanic, and Micorsoft Security Essentials. None of them got the root source of the virus. I unistalled McAffee since it could not find any problems in hopes of replacing it with AVG. However, AVG would not install - it could not make a necessary change in the registry. I found a web site that suggested ComboFix.. When I downloaded it, opening it said it had the Artemis virus. The instructions said to disable McAffee because that was a false positive... Yeah sure. So, I tried everything else again. Nothing worked and each one took over an hour for a full scan.
I found this forum and found mention of ComboFix again. I copied all my documents and critical data to memory stick. I downloaded ComboFix, unistalled McAfee. It said to install Microsoft Recovery Console from bootdisk. I did not have a boot disk so made one from MS Download website, copied it to the desktop and dropped the icon onto the Combofix icon as instructed. It "rooted out" the problem so to speak. It saved a bunch of viruses in a folder called Qoobox. I reinstalled McAfee, and ran it along with Malwarebytes, Spybot. McAfee found Artemis!CAEA654CEE4A (two copies Quarentined)
Artemis!3DD4ACDEA2A(repaired), FakeAlert-CK (two copies, repaired), Tool-NIRCmd (Cannot be repaired). Microsoft Securing Essentials found two viruses in a Quarantied file which it said it removed. SpyBot only found tracking cookies.
Then I looked to see if I should post to this forum. It instructed me to first run DDS.scr and RootRepeal.exe before posting. I downloaded DDS.scr, it loaded and ran. I saved the files to desktop. I moved on to download and run RootRepeal. Downloaded fine, but would not run. It just hangs up and takes over all the CPU activity. I tried four times, rebooting between each time to get it to run. I had to use TaskManager to End Process to get it to stop hanging (not responding).
Now, what do I do with all items in the Qoobox files, the quarantined files and Registry dat files? Can I use file shredder from SpyBot to shred them. Do I disable System restore before I do, shred, then re-enable system restore? Should I get rid of Registry back ups that were created by other applications during this process? Should I post the dds.txt and attach files? the ComboFix-quarantined-files.txt?

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:05 AM

Posted 25 January 2010 - 02:30 PM

Should I post the dds.txt and attach files?


Yes include that and let them know that you ran Combofix and have the files
Post it the forum that you originally posted in
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,995 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:05 AM

Posted 25 January 2010 - 10:00 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/290428/artemis-trojan-removal/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users