cancel
Showing results for 
Search instead for 
Did you mean: 
steveaaf
Level 7

Artemis!A51E5463790B

I have a program from the US Treasury called "Savings Bond Wizard". Now whether I choose automatic or manual updates, McAfee quarantines the file due to Artemis! (trojan) found supposedly. The file name is sbwcrv.exe and it updates my information in SB Wizard with current info from the treasury or at least it would if McAfee didn't interfere. Please help, thanks.

0 Kudos
5 Replies
exbrit
Level 21

Re: Artemis!

Moved to Security Awareness > Malware Discussion > Artemis Discussion  for better attention.  It might help any lab technicians that may be patrolling here to know the Artemis detection number.

Also here is something that may help:

Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers

Consumer Technical Support (alter Country @ top right as needed)

Consumer Customer Service (Accounts, Billing, Registration, etc.)
Anti-Spyware/Malware/Hijacker Tools


0 Kudos
steveaaf
Level 7

Re: Artemis!

A51E5463790B

0 Kudos
exbrit
Level 21

Re: Artemis!A51E5463790B

Thread header adjusted accordingly.

0 Kudos
Hayton
Level 18

Re: Artemis!A51E5463790B

I downloaded that file from the US Treasury website and sent it to VirusTotal for checking. VT already had a scan from the 6th showing no detections, and the current scan also comes up with a score of 0/57. The Artemis detection must have been suppressed.

https://www.virustotal.com/en/file/f6fea3816b4720eb9da9366c3c0f130d44d9181f25120f102219525e1da95b81/...

Edit

Correction - The file scanned was different - sbwsetup.exe, so I'll need to find the correct file and scan again.

0 Kudos
Hayton
Level 18

Re: Artemis!A51E5463790B

I found the correct file - the new values file, sbwcrv.exe - downloaded okay (no warnings) and passed it to VirusTotal as before. This time the VirusTotal scan shows 6 detections from 57 AV engines including the McAfee Artemis detection.

https://www.virustotal.com/en/file/273dd825372e67a6e1ac411b99d874095f7f0c35175c70f51d24eee5f0c41eec/...

The VT information about this file identifies it as a "7z Setup SFX (x86)" file from "Oleg N. Scherbakov". I have no idea if this is correct.

This file has been detected as suspicious by other antivirus products in the past and has needed to be whitelisted by those companies.

0 Kudos