cancel
Showing results for 
Search instead for 
Did you mean: 
dinesh.ahuja
Level 7

False Artemis!8267C92286C9 (Trojan)

We are getting this detection but when we try to a specific file from one location to another.

Whereas if we scan this file manually on the same machine with same McAfee it does not show any detection.

Attached is the zip file having exe


Sorry it against the forums Terms of service to attach suspect files see below Mod

0 Kudos
13 Replies
Peacekeeper
Level 20

Re: False Artemis!8267C92286C9 (Trojan)

Follow the email submissions and zip and password protect the file. You will get an immediate reply with an analysis ID number post that here and if not addressed in 4 days post back and I will escalate it direct to the lab techs

0 Kudos
dinesh.ahuja
Level 7

Re: False Artemis!8267C92286C9 (Trojan)

I tried to send the file using Winzip and added the password as infected and somehow when it reaches the server it says

McAfee Labs - Beaverton

Current Scan Engine Version:5700.7163

Current DAT Version:7827.0000

Thank you for your submission.

Analysis ID: 9448447

File Name Findings Detection Type         Extra

--------------------|------------------------------|----------------------------|------------|-----

automation_desktopsa|no password                   |                            |            |no  

no password [automation_desktopsamplesvs10x86vb_x86.exe]                                         

   A file you submitted did not arrive in a password-protected ZIP file. Please see      

http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx for          

instructionson how to submit a sample to McAfee Labs.                                 

Note –

Due to the prevalence of network gateway AV products, it is important that all        

submissions be zipped and the zip file password-protected (password - infected). Some 

products will reject an email that contains a virus that is not sent in this way. In  

addition, often we receive a file that appears not to have been infected, to find     

later that the file was infected when it left the sender, and was cleaned somewhere   

along the line.

Regards,                                                                              

McAfee Labs                                                                           

0 Kudos
catdaddy
Level 20

Re: False Artemis!8267C92286C9 (Trojan)

,

                  Due to our Geographical locations and time zones. (Australia) Peacekeeper is most likely asleep at this time. I am certain he will correspond this afternoon when awakening.

All the very Best,

Catdaddy

McAfee Volunteer Moderator

Consumer Products

Cliff
McAfee Volunteer
0 Kudos
exbrit
Level 21

Re: False Artemis!8267C92286C9 (Trojan)

It appears you aren't submitting them correctly.

They must be zipped and password protected  (i.e. encrypted) using the word infected and from the above you are not doing one or the other, or both.

Here's how using Winzip:  How do you encrypt files in a Zip file with WinZip? - WinZip Computing :: Knowledgebase

Or using Windows own compression:  How to create and use compressed (zipped) folders in Windows XP

0 Kudos
dinesh.ahuja
Level 7

Re: False Artemis!8267C92286C9 (Trojan)

Finally i was able to send it successfully.

0 Kudos
dinesh.ahuja
Level 7

Re: False Artemis!8267C92286C9 (Trojan)

Here is the response

McAfee Labs - Beaverton

Current Scan Engine Version:5700.7163

Current DAT Version:7827.0000

Thank you for your submission.

Analysis ID: 9448609

File Name Findings Detection Type         Extra

--------------------|------------------------------|----------------------------|------------|-----

automation_desktopsa|inconclusive                  |                            |            |no  

inconclusive [automation_desktopsamplescs64bit.exe]                                               

   Automated analysis was not able to determine that this file is malware. This file is  

being sent for further processing and the DAT files will potentially be updated if    

detection of this sample is warranted.                                                

0 Kudos
exbrit
Level 21

Re: False Artemis!8267C92286C9 (Trojan)

That's the automated response.  Sounds good, now it will be several days before anything happens usually.

0 Kudos
catdaddy
Level 20

Re: False Artemis!8267C92286C9 (Trojan)

,

                   Could you please confirm if your issue has been resolved, or if you need further assistance?

Thank You,

Catdaddy

McAfee Community  Moderator

Consumer Products

Cliff
McAfee Volunteer
0 Kudos
dmeier
Level 13

Re: Re: False Artemis!8267C92286C9 (Trojan)

The file that was detected, has this MD5 hash: 8267c92286c98bdb5e7a676496e79b80, the file that you submitted, has this MD5 hash: fd2a21cce7a34cfe33d8ee11e4ffa704 (file name automation_desktopsamplescs64bit.exe, I'm not sure where the discrepancy is.

Let me check to confirm we actually have the sample on our side, and I'll write back.

- David

0 Kudos