cancel
Showing results for 
Search instead for 
Did you mean: 
wixey
Level 9

False Artemis!ABA2DFCBE39F

Jump to solution

Hi,

McAfee Security Center Detected and Quarantined the following during a Full Scan today: Artemis!ABA2DFCBE39F

According to McAfee's Quarantine data the Trojan was detected at 22:22pm, but I've never been sure if the detection time indicates the time the infection was detected after entering the system, or if it just indicates what time is was when the scan found the infection. If it's the former, the site I was on at the time was "www.astrodienst.com", which I've visited many times before without any problems virus-wise.

What confuses me is how this apparent Trojan didn't cause any of the effects normally associated with this kind of infection, e.g. displaying pop-ups, redirecting search results, etc. I ran an MBAM scan last night which found nothing, so presumably it turned up today. I've searched the McAfee virus database but it doesn't recognize it.

0 Kudos
1 Solution

Accepted Solutions
catdaddy
Level 20

Re: False Artemis!ABA2DFCBE39F

Jump to solution

​,

                I just received confirmation that your detection has indeed been suppressed. Could you kindly confirm as well?

The detection is suppressed now.

Md5: dad9f9eb3b5f5a81f12a5499bed34c5f

Thank you,

Masthan

Cliff
McAfee Volunteer
0 Kudos
16 Replies
catdaddy
Level 20

Re: False Artemis!ABA2DFCBE39F

Jump to solution

Hi Wixey,

               Is the quarantined file still in your Quarantine area?   Any how follow these Guidelines/Instructions to get your Artemis Files submitted :

                Give it 3 or 4  business days for them to process. If not resolved, kindly post back the (Analysis ID #) you should receive after your submission. Then I/We will contact someone internally on your behalf, and escalate your issue.

                 The Engineers work closely with us, so it should be no problem.

All the Best,

Cliff

Cliff
McAfee Volunteer
0 Kudos
wixey
Level 9

Re: False  Artemis!ABA2DFCBE39F

Jump to solution

Hi catdaddy,

Yes, the file is still in Quarantine. I've read the link but an unsure where to locate the file once it's been removed from Quarantine, as it's a .tmp file.

0 Kudos
catdaddy
Level 20

Re: False Artemis!ABA2DFCBE39F

Jump to solution

In the vast majority of the time a False Artemis! ends up being harmless. In your particular case especially since the Site you mentioned is rated safe by McAfee Web Advisor. I also accessed it with no issues I might add. It could be the case that it was not that site, so I would submit the Detection as suggested and save the Analysis ID#, for future use if the need arises.

Cliff
McAfee Volunteer
0 Kudos
wixey
Level 9

Re: False  Artemis!ABA2DFCBE39F

Jump to solution

Hi,

Just an update. I sent a sample via email (the ID number is 10168368) but so far the results are inconclusive; the reply I got back a few hours ago said the sample "might be malware" and more tests needed to be carried out.

This has left me in an awkward situation as since I had to restore the Artemis file from Quarantine to send a sample and now can't re-Quarantine it as McAfee no longer detects it as suspicious, even after a Full Scan. I'm not happy leaving the files where they are knowing they "might" be harmful. Despite this, I haven't seen any odd behavior from the computer, although two "ini" desktop files appeared on my desktop at startup. I've never seen these before, even though I have "show hidden files" checked. I'm not sure if this is linked to the Artmeis or not and if so, whether it's something to be concerned about.

0 Kudos
catdaddy
Level 20

Re: False Artemis!ABA2DFCBE39F

Jump to solution

Hi Wixey,

                Trust me on this..if you have not experienced nothing untoward as far as your Software functioning properly, etc. I would not be concerned. Let us await for the the results from McAfee Labs. I may be mistaken, however I feel comfortable expressing such.

                 Thank you for providing the Analysis ID #  as asked...

Regards,

Cliff

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: False Artemis!ABA2DFCBE39F

Jump to solution

Your Escalated Ticket Number is:Ticket #: AM000638 - False Artemis

I also received this  from the Labs shortly after my last post....

Hi Cliff,

We are looking into it.

Regards,

Masthan

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: False Artemis!ABA2DFCBE39F

Jump to solution

​,

                I just received confirmation that your detection has indeed been suppressed. Could you kindly confirm as well?

The detection is suppressed now.

Md5: dad9f9eb3b5f5a81f12a5499bed34c5f

Thank you,

Masthan

Cliff
McAfee Volunteer
0 Kudos
wixey
Level 9

Re: False  Artemis!ABA2DFCBE39F

Jump to solution

Hi catdaddy,

Thanks for getting back. So far I haven't received any messages regarding the detection being suppressed (I've also checked my Junk Mail folder in case it got sent there).

Does "suppressed" mean the file was clean? If so, is it all right to delete the file from Quarantine? Also, is it okay to delete the .zip file containing a copy of the submitted file?

Having done some research on the detected file I'm almost certain it was linked to a program called Texmod, which modifies PC game textures. I've been using this program for a couple of years and have never had problems with it, but wouldn't be surprised if McAfee thought it might be malware as I've seen other Anti Virus programs mark it as dangerous because it temporarily modifies files. Presumably the Anti Virus programs think the program is acting like a Trojan and label it as one.

0 Kudos
catdaddy
Level 20

Re: False Artemis!ABA2DFCBE39F

Jump to solution

​,

                  Generally speaking, when I get correspondence back from the Labs. Indeed the Detection has  been suppressed/white listed and should not be detected again. As for your question of 'Deleting/Removing from your Quarantined Area...Yes I would indeed do so.

                  For as confirmed by the Technician/Engineer from McAfee Labs, it is safe.

                 I almost took the Liberty of Marking the thread as 'Correctly Answered', as the case is always their determination is basically (Written in Stone).

                 You may try accessing the Site/or what ever you attempted to initially. If there are no issues, then indeed you can be self-assured that all is OK . Now I have to get ready for our Weekly Conference Call. I will check back afterwards.

All the Best,

-CD/Cliff

Cliff
McAfee Volunteer
0 Kudos