First of all im a massive noob when it comes to computer security, have followed most of the steps on 2+2 about how to secure computer as best as possible

Ok So i have just picked up this on my mcafee scan it started this morning affecting stuff on my laptop such as affecting my desktop clicking such as dragging files and google chrome e.g on google chrome i would open new tab and press the open tab at the top and it would delete that tab completely also do the same for refreshing a page or pressing back

Yesterday i imported alot of datamined hands, but apart from that im very safe on my poker laptop. I also went on teamviewer to a friend and it isntantly gave the same issue to him and his virus scan gave the same issue

done some searching on mcafee and it does sound similar issues but i cant find anything dodgey running in the task manager

http://home.mcafee.com/VirusInfo/Vir...ey=259866#none

our code at the end is different to this but sounds a similar issue

artemis!CE738F0BD454

Infected items:

OGData.dll status quarantined (says pokeredge) which isnt related to the datamined hands at all

location: c:/wyvo/poker/drive/c/program files (x86)/pokeredge/OGData.dll

Has this come from the datamined hands and is this a massive thread to poker security as it may have come from a poker source, also when its cleaned via macaffee still getting the same issues on google chrome and the in ability to move stuff on the desktop so its still not ok

any help would be amazing thanks

Hi wyvo,

Anything that is hindering your basic use of your computer should be seen as a threat until proven otherwise. So McAfee detected the OGData.dll file and identfified it as an item for quarantinee, but did it say anything about deleting the file? Could you post a screenshot as well?

According to the link you referred to, there are two registry keys associated with the potential Trojan threat. Try looking through your registry for those keys. You can access this by opening up the command prompt and typing "regedit.exe" without the quotes.
File Properties
MD5: 10A4D2BC47D88BACB3E7E3FB841D741B
SHA1: 99CBB7FFC04C874A74CC3C3082B1F4EF37C3D739

Look into getting Malwarebytes as a scan alternative. It's free and, in my opinion, more reliable than anything you'll find for sale with the exception of Kaspersky.

Thanks so much for your post moon, i am the friend that wyvo was teamviewering with and not infected as well! Is this a common way to transfer this type of virus? Im guessing so as it has but just seems very odd as all he is doing his viewing my screen and clicked a couple of times. The virus looks like its cone from a poker software site, if its poker related we are worried that the intent is to tack hacks, does this virus lookk like the type used for such things ??

Thanks moon! I will get back to you once I've tried what you suggested

Pretty much all remote desktop connection processes work the same way, it's just that when you have a dedicated software (Teamviewer) doing this for you, you can't be sure it's anything but a standard TCP/IP connection. Windows has built in remote desktop functionality, but in order to allow connections from outside the home network, a series of steps needs to be taken.
http://windows.microsoft.com/en-us/w...r-home-network. There is inherent security in these connections that are not easily abated unless you're infected with something else.

From what you described as the potential Trojan, you must have visited an insecure site and downloaded something that looked legitimate. If you look at the virus properties of the one you linked to, some symptoms include lack of command prompt, task manager, registry controls, etc. Have you experienced this behavior?

The file you mentioned doesn't appear to be harmful based on some basic research I've done just now. Refer to this thread for some additional cases where PE has been misidentified as a threat. http://forum.poker-edge.com/viewtopic.php?f=10&t=5070

Remote connection software, if legitimate, should not have the ability to transfer items, malicious or not, without the express consent of the end user. I checked out Teamviewer's website and it looks legit. I would be surprised if that's the culprit.

Are task manager has been working fine, but when on chrome we press new tab (normally bookmarked items like 2+2) it loads itself as asked in new tab but when you click on it to view at actually delete's it, this was are first reason to why we thought there was a problem (maybe with google chrome) but then i tried to move a document to desktop, it wouldnt, then all poker sites were struggling to load and move, like freezing up which iv never really had, im assuming there could be loads of different problems as after finding these and running the scan, finding trojan "artiemis" we closed down.

i did not know u could see file locational after the macaffe scan. wyvo found:
location: c:/wyvo/poker/drive/c/program files (x86)/pokeredge/OGData.dll

i have this program as well and have done for around a month prob, im very confused by this as i 99% sure what trojen i got was through teamviwer as the symptoms came during that not before and were clearly very visible, wyvo also has had that program for a month and i think he updated a week or so ago but as this trojan is so annoying and messes up your PC so much theres no way he could have had it before this morning as thats when he noticed the unusual crome commands (also after his mass hand import from another website) which makes me think it must have been that. very confused and would really like to find out to warn others about this!!

I have managed to get hold of my PC health service which i use locally and he is coming over tomorrow thankfully! i shall show him your posts thanks moon. is there anything else i need to mention to him in your option?? with this type of virus is it possible to get rid of it 100% and be sure or is that not possible to tell, if so to be safe should i rebot my entire system if thats what needs be?

Thanks!!

so on reboot after virus scan it seems to be working as normal again. tried to find the file and upload to virustotal but cant find the file at all

going to restart again and see if anything changes

edit: seems fine again so running full scan to see

so it was fine again last night

turn it on this morning and its doing the exact same again....

Looks like a false positive to me

That is not a file that current malware would be infecting.

McAfee

hmm so if this is a false positive why is the same issue happening with moving files and chrome not working!

ive tried to get all my files off that i need but i just cant, i also had an issue even loging into the PC as the keyboard or mouse wasnt working for a while so seems theres to be a big issue going on and also the laptop seems very laggy!

i have re scanned it full 3 times more and nothing is found.

so maybe this was just picked up by macafee but isnt actually this issue at all and its some other trojan....

The main issue now is that are PC's are playing up, wyvo cant move anything on his screen now, he is just trying to putt stuff on his USB for reformatting but cant even move a document, i havent turned on my PC yet as waiting on tech support who are coming later in the day, i am assuming a false positive couldnt cause and shouldnt cause this much problems?

So we had the computer tech guy check the computers out and it seems the chrome/moving file issue wasnt to do with the poker edge it just happened to be coincidental as the drag error was coming from my broken mouse....

both fully deleted poker edge anyways even though it seemed to be false positive

thanks for the help guys!!!

Yes thanks for everyones help!!

QFT

lolmouse