TechSpot

Artemis Trojan and Firefox re-directs

By nlb23
Jan 24, 2010
  1. hello
    Running XP SP3 and seem to be infected with trojan - every few minutes Mcafee reports a trojan removed "Artemis!CF78781CB298" - with folder name in temp - and windows tmp folder getting full of new entries.
    Also Firefox re-directs every first click somewhere else - sometimes ebay, amazon, random security portals, often Ask...
    Have Macafee installed and have tried, Stinger, MRT. MalwareBytes, PrevX, SAS and Spybot, ESET and all removed something...
    searches leading me towards Combofix - hence asking you guys first.
    HiJackthis Log attached
    any suggestions?
    many thanks
    Noel
     

    Attached Files:

  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

  3. nlb23

    nlb23 TS Rookie Topic Starter

    can't download combofix

    hi,
    thanks for the reply - tried both links and although download runs i get an error saying can't save combofix.exe - disk full or write-protected...
    at the same time this attempt seems to generate trojan activity - macafee reporting blocked trojans (today pws z.bot has replaced artemis most of the time)...
    is there a zip version i could try - or any other ideas...
    thanks again
     
  4. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Yes, it seems like Combofix is having some issues... In the mean time lets try running the ESET Scanner:

    On-line Scanner

    See if it picks up additional stuff
     
  5. nlb23

    nlb23 TS Rookie Topic Starter

    hello again and continuing thanks
    ESET removed 6 threats...
    McAfee popup warnings of Trojan PWS.zbot removed persist.
    Browser re-directs appear to have gone - tho could be speaking too soon..
    ran Hijackthis again and attach log.
    cheers
    noel
     

    Attached Files:

  6. nlb23

    nlb23 TS Rookie Topic Starter

    also tried combofix again

    after last efforts - redirects slowly reasserted themselves - successfully downloaded combofix - ran it and after rebooting got a Windows error saying SDRA64.exe failed to run - seemed like a good thing to me - hunted down its file and reg entry and removed...
    strangely (i think) combofix didin't create a log file - or if it did i don't know where it is...
    anyway - just run hijackthis again and attach new file in the hope you;ll say it's clean..
    thanks for taking the time
    noel
     

    Attached Files:

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...