Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Artemis! trojan


  • Please log in to reply
1 reply to this topic

#1 CatCab

CatCab

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 11 February 2011 - 11:33 PM

The other day, while in IE, my browser page jumped to a fake malware scanner. I forget exactly the name and what it said, but I didn’t click on anything but instead used the task manager to shut the thing down and end IE. I ran a couple of anti malware scans (Spybot, and MBAM) after that, and all was ok, so I didn't think anything more about it. But, today Mcafee’s antivirus scan (I have Mcafee “Total protection”) found a trojan horse (Artemis!CB346809273C) and said it quarantined it according to the history log. While Mcafee’s main screen now says the computer is secure, on the security report, I noticed that it said I have had two trojan’s that have been quarantined since Mcafee was installed. Curious as to what this other one was (it wasn't from today), I tried to view the quarantined items, but I am unable to open or view the quarantine. So, I can’t even tell if anything is actually IN the quarantine. Now, I’m just a little nervous that maybe not everything is fixed as it should be. Can someone please give me some guidance as to what I should do next to make sure these trojans are gone for good and won’t reinfect the computer?
By the way, I had both MBAM and SAS already on the computer, and prior to me posting this message to you all, I was able to update both, and ran scans. Mbam found nothing, and SAS (run in safe mode) found nothing other than a bunch of adware. Computer runs Vista.
Thank you!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:49 PM

Posted 12 February 2011 - 12:48 AM

Artemis is the "Active Protection" component of McAfee's Security Center which uses a combination of signature and behavior analysis to check with McAfee servers in real-time to identify possible new malware threats. This is accomplished by adding heuristics to the virus database. McAfee then uses this heuristic detection to analyze the cataloged behaviors and assess the likelihood of possible new variants of malware before the vendor can get samples and update the program's definitions for detection.

In general, heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "false positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware.

Artemis is not the name of an actual virus, but an alert displayed by McAfee when it thinks it may have found a new virus. These detected files may or may not be malicious. McAfee advises to forward these files to the Avert Lab's Threat Center if you think it was a false detection so it can be excluded from the database automatically. For more specific information, please refer to "Artemis" & Other Possibly False Detections.

If you're not sure about the detection, McAfee asks that you submit a sample directly to McAfee Labs so they can investigate further. To do this, please refer to Submit a Sample To McAfee.

Edit: The information I provided did not change with this edit. I reworded a sentence for clarity and fixed a broken link.

Edited by quietman7, 12 February 2011 - 10:13 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users