Problem posted by a user
Recently there was a problem, my Norton anti-virus found a Trojan, but it couldn’t remove it. The Trojan on my system was Generic!Artemis.
It said the Trojan was at C:\Documents and Settings\Owner\Application Data\Google\vgwsn871850.exe
I failed when I manually tried to delete it. McAfee’s Virtual Technician said my Security Center was missing a file, because of which it could not operate properly, but also says it can’t be fixed. (wtf?)
The Norton people could not help me, all they could do was instruct me to uninstall and re-install the product. There was no change in the result. Then later I was instructed to download and extract a new set of DAT files and run a full scan in DOS mode with System Restore Turned off. That too didn’t help.
This was what, was happening :
(1) If I try opening a web browser, I’d be redirected me to a page that would say “Insecure Internet Activity. Threat of Virus Attack.” I would have two options, either “click to get full advanced real-time protection” or “continue to website unprotected ( which obviously was not recommended)”. The additional spyware program(Spyware Doctor) I had on my system blocked the site and redirected me away from the site saying it is unsafe.
(2) Other problems were, a pop-up would welcome me as soon as I restart the computer, and a few pop-ups would pop up randomly which would say, “Security Center Alert, Windows firewall has blocked some features of this program. Do you want to block?”. It gave the following info: “Name: Win32.Zafi.B, Risk: High, Description: worm trojan that records keystrokes & takes screen shots of computer, stealing personal financial information.” Then, it gives what appears to be 3 options: “keep blocking, unblock, or enable protection”, but the first two options were disabled, so there you go, I’d be left with no choice but choose “enable protection”. Kinda very fishy :).
(3) Browser windows occasionally will just randomly close out totally
First thing what I’d recommed is not to use McAfee or Norton anti-virus, not atleast in the this situation as they hog down the resources and the protection they offer is very minimal. I’ve had good results with which is light weight and free.
Start your computer in the safe mode. To start the compter in safe mode, press F8, when the windows loads up, i.e. you need to do this before the Windows splash screen comes up. It’s a bit difficult to press F8 at the right time, so better is as soon as you re-start your computer, keep pressing F8, you’ll end up in safe mode. A menu pops up, once the menu comes up choose the option for safe mode. Once Windows is loaded in safe mode scan the system.
What is likely happening is that the Trojan is loaded and running, the Windows operating system can not delete a file that is currently in use, so the Anti-Virus is useless when the virus file is in use. But running in safe mode will likely prevent the trojan from loading.
Depending on the trojan it could be reload on the next boot–even if you have disable system restore. In those cases it takes a bit more work to delete the virus.
@FoF210 – Thanks for the update !
I used HiJackThis to remove it. I ran a scan with HiJackThis and found a string that looked like this,
02 – BHO: (no name) – {5C255C8A-E604-49b4-9D64-90988571CECB}-(no name)
I told HiJackThis to fix it then I ran two new scans with Mcfee and it seems to be gone.
same problem for me to but what i did was do safe mode full scan when i had avg. anti-virus not recommended but it couldnt remove the virus or the other various trojans that were attacking me but Mcafee did help me remove all infected maybe they have a better system now but i also get free with my cable subscription. so not sure if it will return hope not cause that virus really made me angry stupid pig squeal sounds and locking up my computer
I had this same Virus. I have an HP desktop with the System Restore partitioned in it. This virus went from my C drive to my D drive right after I tried to manually remove it. I then realized that I had to do a complete system restore and even after I did that, the virus was still in D drive however, for some strange reason, this time, I was able to remove it from Macafee. MRT did not list this virus at all for the Artimus Trojan which surprised me. Where or how I got this darn virus is beyond me but I would think that Norton or McAfee would have added this Trojan to their data bases as an upload