Solved: McAfee Support Community - Re: Is Artemis!5BD8D4F12A74 a false positive?

robeff · ‎11-14-2016

Good afternoon,

I have received some software from my company's main competitor and when I unzip it, the VirusScan Enterprise alerts me that it could be a Trojan (Artemis!5BD8D4F12A74).

I've uploaded the file to VirusTotal.com and a lot of antivirus enginees say that it could be malware.

I've been using Cuckoo SandBox to analyze it but with no luck because this suspicuous software detects that it's running inside a VirtualBox machine using ACPI tricks and it dies.

This software seems that has antidebugging detection because Cuckoo shows that some files (SICE, SIWVID, NTICE) have been looked for.

Do you need a sample of the mentioned software or do you have more info about what's wrong?

Regards.

desertgal · ‎11-22-2016

Hello,

Your sample has been suppressed and marked clean. You should see an update in the system within in 2 or more days.

Please let us know if you are still seeing detection a few days from now.

Thank you!

DG

catdaddy · ‎11-14-2016

,

Although we generally recommend this method of submission to the Consumer, you can utilize it just the same. Please follow these Guidelines\Instructions to help get the Detection Anyalzed\Processed.

All the Best,

Cliff

Moderator

Consumer Products

Cliff
McAfee Volunteer

robeff · ‎11-14-2016

Dear ,

I sent an email to virus_research@mcafee.com with the subject "False Artemis!5BD8D4F12A74" but I didn't attach any file. Do I have to upload the file?

Regards.

catdaddy · ‎11-14-2016

That would be correct, please Zip it and password protect it using the word infected You should then receive a Analysis ID# after a successful submission. After 3-4 business days if your issue is not resolved,I can contact someone from McAfee Labs on your behalf.

Which will then escalate your issue, and hopefully the Detection can be suppressed.

Cliff
McAfee Volunteer

robeff · ‎11-14-2016

Thanks

I have finally uploaded it over GetSusp. Is it enough?

Regards.

catdaddy · ‎11-14-2016

Yes that should suffice Did you get a Analysis number reply? In any case I will after following protocol, contact someone on your behalf.

All the Best,

Cliff

Cliff
McAfee Volunteer

robeff · ‎11-14-2016

Thanks ,

The application didn't ask me for an email or gave me any ID either.

It made a ZIP with the suspicious file inside, a log text file with non relevant info or any ID and some XML report files.

The zip file was named as gsusp_1F1E951A8EA2_111416_090823.

Regards.

catdaddy · ‎11-14-2016

That should suffice You can also enter your email under preferences with-in the Interface, and then Upload file. I will give the appropriate time and then shoot an email to one of my Contacts. We Mods work closely with the Lab Techs as it is.

They are most appreciated, as they stay inundated as it is.

Hopefully we will hear something in short order.

Regards,

Cliff

Cliff
McAfee Volunteer

robeff · ‎11-14-2016

Thank you

Hope to hear from you guys soon!

desertgal · ‎11-22-2016

Hello,

Your sample has been suppressed and marked clean. You should see an update in the system within in 2 or more days.

Please let us know if you are still seeing detection a few days from now.

Thank you!

DG