Now we again encountered an Artemis problem with FastestTube BHO component.
FastestTube is a tool which allows users to download video from Youtube and also provide some Youtube usability improvements like a filtering ads inside video player and preventing video from playing without user's command. Official site of FastestTube is http://fastesttube.kiwzzu.com
FastestTube for IE is implemented as a BHO to be able to communicate with Youtube pages inside the IE. Exactly this BHO is now falsely detected as Artemis!864E8140AF4D
I also posted sample to the firstname.lastname@example.org
Please help us to solve this and remove false-positive detection. I can provide any additional information or other file samples by request.
Thanks in advance for your help.
Sincerely yours, Serg, FastestTube developer.
Solved! Go to Solution.
Sorry for false alarm. Just rescanned the BHO again on virustotal and there is no detects from McAfee. So, looks like the problem is completely solved. I will monitor the VirusTotal for new detects for a few days and write here if something will change.
Once again, many thanks for the help with this issue.
Yes, detection for Installer was cleared. But new detection is not for installer, it's for the file inside installer. I.e. you can successfully download installer (with no detection), but when during installation installer began to unpack and install files, the one of the installed files (the BHO, main component) will be detected. So, the detection for the BHO is new case and it's not fixed yet.
I will once again contact someone on your behalf at McAfee Labs.
Not for certain if you will have to re-submit?
Sorry, not fully understood this. Should I send sample again to the email@example.com or to another destination?
I might add: FastestTube by Kwizzu - Should I Remove It?
Interesting article, but the facts almost all wrong. FastestTube really can include additional ad-blocking features, but other facts are wrong (bundling of various 3-rd party software, popup advertising, etc). All FastestTube features are visible and properly attributed as part of FastestTube. User can easily configure or disable any feature at any moment.
It seems that this Detection was Cleared Re: False Artemis!C6FF43A20974 for FastestTube for IE installer Please confirm.....
Ha-ha. Today I scan again our installer with Virustotal and it is detected as Artemis!D00DE18AADF6 by McAffee. So, the installer issue is actual again. Sent the sample to to the lab. Could you please advise, should I open new thread about installer or keep all information in this thread?
I would assume submitting the installer would be advisable. And any new Artemis! sample as you mentioned. As stated, I have contacted someone in regards to this. As for creating a new thread, you basically did when you brought the installer to our attention.
All the Best,
Hm... It's very strange, but today with new signatures, BHO is detected as "RDN/Generic.dx". So, Artemis issue looks really fixed, but false detection is still here . And the name looks like this detect is also caused by some heuristic mechanism.
Installer still detects as Artemis!D00DE18AADF6