cancel
Showing results for 
Search instead for 
Did you mean: 
Reci
Level 7

Artemis!1256D75EE32E

!

0 Kudos
7 Replies
ConorD62
Level 12

Re: Artemis!1256D75EE32E

Hi Reci,


Can you please provide more detail other than "!"


Thanks.

0 Kudos
Reci
Level 7

Re: Artemis!1256D75EE32E

Hi ConnorD62,

The exclamation mark was suggested by McAfee to report a possible false positive. However, I can give some more detail to the community.

The event started to occur 12 December 2010 on an Acer TravelMate 6592 G and is recurrurring since. Everytime when the Explorer is started or incidentally on starting Outlook the Acer eDataSecurity starts scanning which produces a file eDScsp.exe which is then quickly quarantined by my McAfee Internet Security Suite. Restoring it and running the latest version of Stinger at the most sensitive setting in Superscan mode does not bring up the trojan. De reported signature is not known on the web. On other file reported schortly after the initial occurence was A0034921.exe contained the same signature. Source unknown and info also unretrievable. Running the machine with system recovery swirched off did not solve the problem. By the way the Acer Empowering Technology is pre/installed but never activated on the machine. However, I spotted several of its functions to be at work in the background.

I am now considering the eDScsp.exe to declare as ´safe´ but before I do I need to find out how this is done (McAfee do not suggest it when it pops-up) and I need to be sure it not a real threat. None of my other computers on my network reported this event sofar. One is also an Acer but without the Acer Empowering Technology.

Hope this helps

Thank you

0 Kudos
ConorD62
Level 12

Re: Artemis!1256D75EE32E

Hi Reci,


Can you please upload the file to http://www.virustotal.com


And post the link here.


Thanks.


0 Kudos
Reci
Level 7

Re: Artemis!1256D75EE32E

Hi ConorD62,

Thank you for helping me.

This is the link:

http://www.virustotal.com/file-scan/reanalysis.html?id=a27ab5680dfc68a0e51b68b109629f957ed9210dae48a...

The following message was given:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5:1256d75ee32eff6a1df13b020da5913a
Date first seen:2010-10-20 06:27:44 (UTC)
Date last seen:2010-12-03 14:33:49 (UTC)
Detection ratio:17/43

What do you wish to do?

I cannot understand the report very well. It seems this file is used a lot by the virus builders. However, my specific problem has been reported 8/9 februari 2010 but nobody seems to have an opinion. I requested a new analysis on my file for which the result was 13/ 42 (31.0%).

Hope it is still a false alarm.

0 Kudos
ConorD62
Level 12

Re: Artemis!1256D75EE32E

Hi,


Unfortunatly, it seems like a lot of people have flagged this up,


I don't think this will get un flagged.


Sorry.



EDIT: On a second look of the VirusTotal report, most of the Anti Viruses that flagged it are very unrealiable,


I think you should wait until someone with higher authority comes in here.


Message was edited by: ConorD62 on 09/02/11 11:35:07 CST
0 Kudos
Reci
Level 7

Re: Artemis!1256D75EE32E

Thanks a lot ConorD62. I have no experience with this. It is my first serious virus related problem in 20+ years. I notified McAfee using the button in the quarantine box, so I expect I have to wait now until they respond or adapt the definitions. At least I know now it would not be wise at this state to declare the file safe.

Thanks again for helping.

0 Kudos
ConorD62
Level 12

Re: Artemis!1256D75EE32E

Hi Reci,


I would also do this.


Email file to: virus_research@mcafee.com

When submitting samples via E-mail all samples must be packaged in a .ZIP file and email header should start with the word "False" (minus the "").

Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected.

If you've done that properly an automated response should be received almost immediately, followed by a manual one, usually within 24 - 48 hours.

If you don't receive anything it either means the file was submitted incorrectly or the response is sitting in your Junk or Spam mail folders.

**If they respond that it is an infection and you are sure it is not, forward* that email immediately to virus_research@mcafee.com and insert the word 'False' (minus the '') in front of the header, but keep the rest of the header intact.

* recommending forward because at the moment if you hit reply it goes to the old avertlabs email address in error.


Thanks.


Message was edited by: ConorD62 on 09/02/11 12:51:55 CST
0 Kudos