cancel
Showing results for 
Search instead for 
Did you mean: 
robeff
Level 7

Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Good afternoon,

I have received some software from my company's main competitor and when I unzip it, the VirusScan Enterprise alerts me that it could be a Trojan (Artemis!5BD8D4F12A74).

I've uploaded the file to VirusTotal.com and a lot of antivirus enginees say that it could be malware.

I've been using Cuckoo SandBox to analyze it but with no luck because this suspicuous software detects that it's running inside a VirtualBox machine using ACPI tricks and it dies.

This software seems that has antidebugging detection because Cuckoo shows that some files (SICE, SIWVID, NTICE) have been looked for.

Do you need a sample of the mentioned software or do you have more info about what's wrong?

Regards.

0 Kudos
1 Solution

Accepted Solutions
desertgal
Level 10

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Hello,

Your sample has been suppressed and marked clean. You should see an update in the system within in 2 or more days.


Please let us know if you are still seeing detection a few days from now.


Thank you!

DG

12 Replies
catdaddy
Level 20

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

​,

           Although we generally recommend this method of submission to the Consumer, you can utilize it just the same. Please follow these Guidelines\Instructions to help get the Detection Anyalzed\Processed.

           

        

All the Best,

Cliff

Moderator

Consumer Products

Cliff
McAfee Volunteer
0 Kudos
robeff
Level 7

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Dear ​,

I sent an email to virus_research@mcafee.com​ with the subject "False Artemis!5BD8D4F12A74" but I didn't attach any file. Do I have to upload the file?

Regards.

0 Kudos
catdaddy
Level 20

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

That would be correct, please   Zip it and password protect it using the word  infected     You should then receive a Analysis ID# after a successful submission. After 3-4 business days if your issue is not resolved,I can contact someone from McAfee Labs on your behalf.

Which will then escalate your issue, and hopefully the Detection can be suppressed.

Cliff
McAfee Volunteer
0 Kudos
robeff
Level 7

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Thanks

I have finally uploaded it over GetSusp. Is it enough?

Regards.

0 Kudos
catdaddy
Level 20

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Yes that should suffice   Did you get a Analysis number reply?  In any case I will after following protocol, contact someone on your behalf.

All the Best,

Cliff

Cliff
McAfee Volunteer
0 Kudos
robeff
Level 7

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Thanks ​,

The application didn't ask me for an email or gave me any ID either.

It made a ZIP with the  suspicious file inside, a log text file with non relevant info or any ID and some XML report files.

The zip file was named as gsusp_1F1E951A8EA2_111416_090823.

Regards.

0 Kudos
catdaddy
Level 20

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

That should suffice   You can also enter your email under preferences with-in the Interface, and then Upload file. I will give the appropriate time and then shoot an email to one of my Contacts. We Mods work closely with the Lab Techs as it is.

They are most appreciated, as they stay inundated as it is.

Hopefully we will hear something in short order.

Regards,

Cliff

Cliff
McAfee Volunteer
0 Kudos
robeff
Level 7

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Thank you

Hope to hear from you guys soon!

0 Kudos
desertgal
Level 10

Re: Is Artemis!5BD8D4F12A74 a false positive?

Jump to solution

Hello,

Your sample has been suppressed and marked clean. You should see an update in the system within in 2 or more days.


Please let us know if you are still seeing detection a few days from now.


Thank you!

DG