cancel
Showing results for 
Search instead for 
Did you mean: 
mac_mdp
Level 7

Artemis!AE5D7AEFD4F6

I downloaded A ROM file from cyanogenmod.org (DO NOT CLICK IN THE LINK BELOW, IT'S GIVEN FOR MODERATORS ONLY)


Sample removed for security reasons and board terms of service - no need - the Labs already have it and Moderators do not open malware samples.

I right-click scanned the zip file and McAfee found Artemis!AE5D7AEFD4F6 Trojan.

(As always, if I right-click scan a single file McAfee shows two files scanned, but that error is for another topic )

McAfee says the file has been quarantined, but the zip file is still in the download folder.

I have Spybot with TeaTimer disabled, it shows no threats.

I'll look registry changes using Artemis! search results. And I'll run a full scan. Post results ASAP.

Is this a false positive?

mac

Message was edited by: Ex_Brit on 14/02/14 9:02:50 EST AM
0 Kudos
6 Replies
exbrit
Level 21

Re: Artemis!AE5D7AEFD4F6

Have you checked the Quarantine folder?  I don't know whether you are using consumer, Windows or Mac software, or Enterprise software so can't advise on how to find that.

If you believe it's a false positive then appeal it and I've outlined what to do here:  https://community.mcafee.com/thread/2016

If you aren't sure then you'll have to await the labs decision on the Artemis investigation.

I removed the zip as Mods and others here do not open samples,. ever.

.

Message was edited by: Ex_Brit on 14/02/14 9:09:46 EST AM
0 Kudos
mac_mdp
Level 7

Re: Artemis!AE5D7AEFD4F6

I'm on Win XP, Dell MIni 10, home user.

I opened mcafee, went to quarantined items tab, nothing to show,

even though the Quarantine folder has what it seems, a copy of the zip file but with another name.

The zip file I have downloaded was still in the Chrome download folder. I ran another right-click scan on it and mcafee said the file was now ok.

Then I trashed it.

I looked into the registry but I found no changes yet. Still cheking, it takes time

I removed the zip as Mods and others here do not open samples,. ever.

mac

El mensaje fue editado por: mac_mdp on 14/02/14 12:56:03 CST
0 Kudos
exbrit
Level 21

Re: Artemis!AE5D7AEFD4F6

Dell Mini1010 wow.  I have one and no longer use McAfee on it because it slowed it too much (from what it already was...slow anyway).   Do you find the software works?  If so what version is it?

Maybe it quarantined something within the folder only?   just a thought.

0 Kudos
mac_mdp
Level 7

Re: Artemis!AE5D7AEFD4F6

Maybe it quarantined something within the folder only?   just a thought.

Size of quarantined item and the original zip file was almost the same, just a few bits of difference.

Possibly mcafee soft was not sure if it was a real threat and put a copy in the Quarantine folder leaving the original file untouched...

I believe that it is unlikely that the guys at Cyanogenmod.org host an infected file.

Dell Mini1010 wow.  I have one and no longer use McAfee on it because it slowed it too much (from what it already was...slow anyway).   Do you find the software works?  If so what version is it?

Mcafee internet security v12.8

It came with my dell. It slows the machine, but full version of other antivirus does the much same.

I have suscription for two more years, if not I'd install Mac OS X

mac

0 Kudos
exbrit
Level 21

Re: Artemis!AE5D7AEFD4F6

Yes I've often thought about a MAC but for one reason or another never quite made it.   So I have my pre-Dell Alienware monster still crunching away here.   It'll last me a while longer.

Well I guess all you can do is wait and see what they come up with re: the Artemis detection.

0 Kudos
catdaddy
Level 20

Re: Artemis!AE5D7AEFD4F6

Due to the fact this was asked in 2/14/2014. I am marking this thread as 'Assumed Answered' and Locking.

Cliff

Moderator

Cliff
McAfee Volunteer
0 Kudos