cancel
Showing results for 
Search instead for 
Did you mean: 
roadkillsd
Level 7

False Artemis!C9BEA7A645AB

Jump to solution

This is a game trainer for Mass Effect. It injects code in order to override processes in the game so I can cheat. Much like a GameShark or Action Replay device to allow things like invincibility or unlimited ammo. It is completely harmless and should not be blocked. I have run it numerous times with the scanner turned off in order to play the game with it on. Please remove this from the scan as a threat.

Mass Effect Trainer +12.exe

Artemis!C9BEA7A645AB

Thank you

0 Kudos
1 Solution

Accepted Solutions
vinoo
Level 13

Re: False Artemis!C9BEA7A645AB

Jump to solution

This is confirmed fixed now. The detection should not re-occur.

0 Kudos
11 Replies
Peacekeeper
Level 20

Re: False Artemis!C9BEA7A645AB

Jump to solution

Submit the file as per

http://vil.nai.com/vil/submit-sample.aspx

They will immediately reply saying it is infected . Reply to that email with subject "false +ve detection Artemis!C9BEA7A645AB"

Post the analysis number from the reply email here and if no fix in 3 days post back and I will stir them up.

0 Kudos
roadkillsd
Level 7

Re: False Artemis!C9BEA7A645AB

Jump to solution

I submitted it on 6/4 and got the following reply but have not heard anything since. Do you know if they notify you directly or it just gets updated without any notification?

McAfee Labs - Beaverton

Current Scan Engine Version:5400.1158

Current DAT Version:6732.0000

Thank you for your submission.

Analysis ID: 7058755

File Name Findings Detection Type Extra

--------------------|------------------------------|----------------------------|------------|-----

mass effect trainer |inconclusive | | |no

inconclusive [mass effect trainer +12.exe]

Automated analysis was not able to determine that this file is malware. This file is

being sent for further processing and the DAT files will potentially be updated if

detection of this sample is warranted.

Note –

Due to the prevalence of network gateway AV products, it is important that all

submissions be zipped and the zip file password-protected (password - infected). Some

products will reject an email that contains a virus that is not sent in this way. In

addition, often we receive a file that appears not to have been infected, to find

later that the file was infected when it left the sender, and was cleaned somewhere

along the line.

Regards,

McAfee Labs

0 Kudos
Peacekeeper
Level 20

Re: False Artemis!C9BEA7A645AB

Jump to solution

They should notify you but will ping a lab techa nd get him to have a look see

0 Kudos
vinoo
Level 13

Re: False Artemis!C9BEA7A645AB

Jump to solution

Do you have a public link from where this trainer file can be downloaded from? This is needed to verfiy its origin.

There are 20+ vendors detecting this file currently.

https://www.virustotal.com/file/a7183d0f7c5683eceb851b7b0eee462f94bc53bbabf3bd822fcbfe79e73e05d5/ana...

0 Kudos
roadkillsd
Level 7

Re: False Artemis!C9BEA7A645AB

Jump to solution

It's from a member only site CheatHappens.com so you can't exactly link directly to the file without a login but it's located here: http://www.cheathappens.com/13879-PC-Mass_Effect_cheats. It's the first one on the list called MASS EFFECT MEGA TRAINER 1.02 (STEAM).

Thanks!

0 Kudos
vinoo
Level 13

Re: False Artemis!C9BEA7A645AB

Jump to solution

Thanks for the info.

File has been whitelisted. Give it ~25 mins for the false suppression to populate the Artemis cloud.

0 Kudos
Peacekeeper
Level 20

Re: False Artemis!C9BEA7A645AB

Jump to solution

Thanks Mate.

0 Kudos
roadkillsd
Level 7

Re: False Artemis!C9BEA7A645AB

Jump to solution

Hmmm. Been more than 24hrs and it still tries to quarantine it as soon as I unzip it to a folder location. I've manually run the update process in McAfee Security Center and even rebooted my PC but still quarantines the file the moment I extract it.

My software info:

McAfee SecurityCenter          McAfee VirusScan          McAfee Person Firewall          McAfee SiteAdvisor          McAfee Anti-Spam          McAfee Parental Controls          McAfee QuickClean and Shredder

Version: 11.0                           Version: 15.0                  Version: 12.0                             Version: 3.4                       Version: 12.0                   Version: 13.0                                Version: 11.0

Build: 11.0.678                        Build: 15.0.302               Build: 12.0                                 Build: 3.4.1.195                Build: 12.0.292                Build: 13.0.319                             Build: 11.4.418

Affid: 636                                  DAT: 6739                                                                             Affid: 636                           Content Ver: 4249

                                                   Boot DAT: 6732.0000

0 Kudos
vinoo
Level 13

Re: False Artemis!C9BEA7A645AB

Jump to solution

You're right. Let me escalate to the backend team to find out what's going wrong.

0 Kudos