cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
robeff
robeff
Level 7
Report Inappropriate Content
Message 1 of 13
‎11-14-2016 06:00 AM

Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Good afternoon,

I have received some software from my company's main competitor and when I unzip it, the VirusScan Enterprise alerts me that it could be a Trojan (Artemis!5BD8D4F12A74).

I've uploaded the file to VirusTotal.com and a lot of antivirus enginees say that it could be malware.

I've been using Cuckoo SandBox to analyze it but with no luck because this suspicuous software detects that it's running inside a VirtualBox machine using ACPI tricks and it dies.

This software seems that has antidebugging detection because Cuckoo shows that some files (SICE, SIWVID, NTICE) have been looked for.

Do you need a sample of the mentioned software or do you have more info about what's wrong?

Regards.

0 Kudos
Reply
1 Solution

Accepted Solutions
desertgal
desertgal
Level 10
Report Inappropriate Content
Message 10 of 13
‎11-22-2016 04:28 PM

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Hello,

Your sample has been suppressed and marked clean. You should see an update in the system within in 2 or more days.


Please let us know if you are still seeing detection a few days from now.


Thank you!

DG

Reply
12 Replies
catdaddy
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 2 of 13
‎11-14-2016 08:51 AM

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

​,

           Although we generally recommend this method of submission to the Consumer, you can utilize it just the same. Please follow these Guidelines\Instructions to help get the Detection Anyalzed\Processed.

           

        

All the Best,

Cliff

Moderator

Consumer Products

Cliff
McAfee Volunteer
0 Kudos
Reply
robeff
robeff
Level 7
Report Inappropriate Content
Message 3 of 13
‎11-14-2016 09:02 AM

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Dear ​,

I sent an email to virus_research@mcafee.com​ with the subject "False Artemis!5BD8D4F12A74" but I didn't attach any file. Do I have to upload the file?

Regards.

0 Kudos
Reply
catdaddy
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 4 of 13
‎11-14-2016 09:07 AM

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

That would be correct, please   Zip it and password protect it using the word  infected     You should then receive a Analysis ID# after a successful submission. After 3-4 business days if your issue is not resolved,I can contact someone from McAfee Labs on your behalf.

Which will then escalate your issue, and hopefully the Detection can be suppressed.

Cliff
McAfee Volunteer
0 Kudos
Reply
robeff
robeff
Level 7
Report Inappropriate Content
Message 5 of 13
‎11-14-2016 09:11 AM

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Thanks

I have finally uploaded it over GetSusp. Is it enough?

Regards.

0 Kudos
Reply
catdaddy
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 6 of 13
‎11-14-2016 09:14 AM

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Yes that should suffice   Did you get a Analysis number reply?  In any case I will after following protocol, contact someone on your behalf.

All the Best,

Cliff

Cliff
McAfee Volunteer
0 Kudos
Reply
robeff
robeff
Level 7
Report Inappropriate Content
Message 7 of 13
‎11-14-2016 09:32 AM

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Thanks ​,

The application didn't ask me for an email or gave me any ID either.

It made a ZIP with the  suspicious file inside, a log text file with non relevant info or any ID and some XML report files.

The zip file was named as gsusp_1F1E951A8EA2_111416_090823.

Regards.

0 Kudos
Reply
catdaddy
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 8 of 13
‎11-14-2016 09:36 AM

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

That should suffice   You can also enter your email under preferences with-in the Interface, and then Upload file. I will give the appropriate time and then shoot an email to one of my Contacts. We Mods work closely with the Lab Techs as it is.

They are most appreciated, as they stay inundated as it is.

Hopefully we will hear something in short order.

Regards,

Cliff

Cliff
McAfee Volunteer
0 Kudos
Reply
Highlighted
robeff
robeff
Level 7
Report Inappropriate Content
Message 9 of 13
‎11-14-2016 09:54 AM

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Thank you

Hope to hear from you guys soon!

0 Kudos
Reply
desertgal
desertgal
Level 10
Report Inappropriate Content
Message 10 of 13
‎11-22-2016 04:28 PM

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Hello,

Your sample has been suppressed and marked clean. You should see an update in the system within in 2 or more days.


Please let us know if you are still seeing detection a few days from now.


Thank you!

DG

Reply

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC