Posted 25 January 2010 - 11:43 AM
Computer is older Gateway desktop, Operating system is MSWindowsXP Home edition, SP3 with Pentium 4 CPU 2.00GHz, 1GB Ram
I use McAfee Security Center and it updates regularly. It did not detect the download of the Artemis trojan. It did detect some of he havoc that resulted but would not detect the source of the problem. I could not use that machine to google anything about removing the trojans as every Google link was redirected. I had to use my laptop to download information about the virus. I also used it to download Anti Spyware applictions but none of them found the source. I tried SuperAntiSpyware, Malwarebytes, SpyBot, vcleaner.exe, ATF cleaner, HijackThis, Microsofts Windows-kb890830-v3.3, RUBotted, CCleaner, AVGfree software, System Mechanic, and Micorsoft Security Essentials. None of them got the root source of the virus. I unistalled McAffee since it could not find any problems in hopes of replacing it with AVG. However, AVG would not install - it could not make a necessary change in the registry. I found a web site that suggested ComboFix.. When I downloaded it, opening it said it had the Artemis virus. The instructions said to disable McAffee because that was a false positive... Yeah sure. So, I tried everything else again. Nothing worked and each one took over an hour for a full scan.
I found this forum and found mention of ComboFix again. I copied all my documents and critical data to memory stick. I downloaded ComboFix, unistalled McAfee. It said to install Microsoft Recovery Console from bootdisk. I did not have a boot disk so made one from MS Download website, copied it to the desktop and dropped the icon onto the Combofix icon as instructed. It "rooted out" the problem so to speak. It saved a bunch of viruses in a folder called Qoobox. I reinstalled McAfee, and ran it along with Malwarebytes, Spybot. McAfee found Artemis!CAEA654CEE4A (two copies Quarentined)
Artemis!3DD4ACDEA2A(repaired), FakeAlert-CK (two copies, repaired), Tool-NIRCmd (Cannot be repaired). Microsoft Securing Essentials found two viruses in a Quarantied file which it said it removed. SpyBot only found tracking cookies.
Then I looked to see if I should post to this forum. It instructed me to first run DDS.scr and RootRepeal.exe before posting. I downloaded DDS.scr, it loaded and ran. I saved the files to desktop. I moved on to download and run RootRepeal. Downloaded fine, but would not run. It just hangs up and takes over all the CPU activity. I tried four times, rebooting between each time to get it to run. I had to use TaskManager to End Process to get it to stop hanging (not responding).
Now, what do I do with all items in the Qoobox files, the quarantined files and Registry dat files? Can I use file shredder from SpyBot to shred them. Do I disable System restore before I do, shred, then re-enable system restore? Should I get rid of Registry back ups that were created by other applications during this process? Should I post the dds.txt and attach files? the ComboFix-quarantined-files.txt?