cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Artemis!0F8766FEB017 / False positive over 10 mb

Hello, I'm wondering how do I submit a false positive report for a file over 10 mb?

It's about the file that downloads from here:

​Link removed until deemed safe by McAfee

It's 13 mb in size

23 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 24

Re: False positive over 10 mb

Does your detection have a 12-digit Artemis! attached to it?

Also please refer to this thread

Cliff
McAfee Volunteer
Highlighted

Re: False positive over 10 mb

Artemis!0F8766FEB017

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 24

Re: False positive over 10 mb

I will contact one of the Engineers from McAfee Labs on your behalf, to help assist you in submitting. Please try that FTP link David suggested. Plus VirusTotal.com and get the MD5 Hashes.

Your Escalated Ticket number is as follows Ticket #: AM000953 - Over 10 Mb

Cliff
McAfee Volunteer
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 24

Re: Artemis!0F8766FEB017 / False positive over 10 mb

Oh, good. It's been a while since an interesting one like this has been posted here. I shall await developments with some interest but if McAfee changes its opinion of the executable I would be rather surprised.

For information, the very latest VirusTotal analysis of the file "torcoin-qt.exe" - which is the main element of the zipped file "TorCoinWindows1.0.zip" - shows that it is detected as malicious by 22 antivirus engines out of 61. The zip file itself has a detection rate of 20 out of 57

The malware description for this from many of those detections is that it is a CoinStealer Trojan.

All of these detections may of course be genuine false positives but when a sizeable percentage of the scanning engines detect a problem I am inclined to think that there may indeed be a problem. And unless one of the AV companies is prepared to do a full analysis of the code (which would probably involve them having to reverse-engineer the executable) we are unlikely to know the true situation.

https://www.virustotal.com/en/file/d2efdd54f98bd45c7dc572ad84b071ccfdf20b9f25757ff052b96721d5e1e1d2/...

Highlighted

Re: Artemis!0F8766FEB017 / False positive over 10 mb

We have already contacted ESET and Bitdefender which updated their signatures and no longer alert.

From smaller antiviruses Webroot and Cyren have also updated their signatures.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 24

Re: Artemis!0F8766FEB017 / False positive over 10 mb

Regardless, please also try to submit through this link that I inserted in my post #1 Re: Submitting false positives larger than 10mb? I have provided the Hashes to David/Lead Engineer at McAfee Labs.

Cliff
McAfee Volunteer
Highlighted

Re: Artemis!0F8766FEB017 / False positive over 10 mb

The FTP does not open for me, I just get a blank page.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 10 of 24

Re: Artemis!0F8766FEB017 / False positive over 10 mb

I will bring this to the Engineer's attention. Thank you.

Cliff
McAfee Volunteer

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community