cancel
Showing results for 
Search instead for 
Did you mean: 
limeister77
Level 9

Possibe False Positive - Artemis! E088D5F5DA3D

Dear All

Thanks for your prompt replies.

I believe it is a false positive because I have completed the following tasks. 

If I have missed a task then please let me know and I will try it.

For WinXP SP3 system.

1) Updated DAT to most recent version.

2) Ran MS Removal Tool Windows-KB890830-V4.10.exe.  No detections found.

3) Followed instructions in KB962007.  It is a local machine so some instructions for Group Policy did not apply.

4) Installed MS08-067 security patch & Update 967715

5) Run Windows Update

6) Ran GETSUSP program and already submitted information.

7) No more Conficker virus message but keep getting Artemis message.

I hope to hear good news from you guys again soon.

0 Kudos
3 Replies
showvik
Level 12

Re: Possibe False Positive - Artemis! E088D5F5DA3D

Hi,

Thank you for performing the steps mentioned above. However, as stated earlier, we would like you to configure a custom On Demand Scan with Heuristics turned off and perform a full scan with this custom ODS settings. If the value after Artemis! has changed, let us know the full Artemis detection names that are observed now.

Regards,

Showvik

0 Kudos
limeister77
Level 9

Re: Possibe False Positive - Artemis! E088D5F5DA3D

Hello again.

I followed up and scanned the other machine with the same artemis message.

This is the WinXP SP3 machine.

On this machine also I ran a customized on demand scan with no heuristics.  No changes in value.

I appreciate your help on this matter.

/28/2012          8:53:37 AM          Would be blocked by Access Protection rule  (rule is currently not enforced)           NT AUTHORITY\SYSTEM          C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe          \REGISTRY\MACHINE\Software\VMware, Inc.\VMware Tools\VMUpgradeHelper\Adapters\00:0C:29:23:7F:B2          Virtual Machine ProtectionSmiley Tonguerevent modification of VMWare Workstation files and settings          Action blocked : Write

8/28/2012          8:53:45 AM          Would be blocked by Access Protection rule  (rule is currently not enforced)           NT AUTHORITY\SYSTEM          C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe          \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\VMUpgradeHelper\Adapters\00:0C:29:23:7F:B2\PNPDeviceID          Virtual Machine ProtectionSmiley Tonguerevent modification of VMWare Workstation files and settings          Action blocked : Create

8/28/2012          8:53:46 AM          Would be blocked by Access Protection rule  (rule is currently not enforced)           NT AUTHORITY\SYSTEM          C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe          \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\VMUpgradeHelper\Adapters\00:0C:29:23:7F:B2\InterfaceGUID          Virtual Machine ProtectionSmiley Tonguerevent modification of VMWare Workstation files and settings          Action blocked : Create

8/28/2012          8:53:46 AM          Would be blocked by Access Protection rule  (rule is currently not enforced)           NT AUTHORITY\SYSTEM          C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe          \REGISTRY\MACHINE\Software\VMware, Inc.\VMware Tools\VMUpgradeHelper\Adapters\00:0C:29:23:7F:BC          Virtual Machine ProtectionSmiley Tonguerevent modification of VMWare Workstation files and settings          Action blocked : Write

8/28/2012          8:53:46 AM          Would be blocked by Access Protection rule  (rule is currently not enforced)           NT AUTHORITY\SYSTEM          C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe          \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\VMUpgradeHelper\Adapters\00:0C:29:23:7F:BC\PNPDeviceID          Virtual Machine ProtectionSmiley Tonguerevent modification of VMWare Workstation files and settings          Action blocked : Create

8/28/2012          8:53:47 AM          Would be blocked by Access Protection rule  (rule is currently not enforced)           NT AUTHORITY\SYSTEM          C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe          \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\VMUpgradeHelper\Adapters\00:0C:29:23:7F:BC\InterfaceGUID          Virtual Machine ProtectionSmiley Tonguerevent modification of VMWare Workstation files and settings          Action blocked : Create

8/28/2012          8:53:47 AM          Would be blocked by Access Protection rule  (rule is currently not enforced)           NT AUTHORITY\SYSTEM          C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe          \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\VMUpgradeHelper\NetConfigSaved          Virtual Machine ProtectionSmiley Tonguerevent modification of VMWare Workstation files and settings          Action blocked : Create

    

8/28/2012          1:09:53 PM          Not scanned  (scan timed out)           TLGKR7104DO009\Linde          System:Remote          C:\WINDOWS\system32\kyllzq.dbc

8/28/2012          1:09:53 PM          Deleted           TLGKR7104DO009\Linde          System:Remote(192.168.1.210 (ASP2_ES))          C:\WINDOWS\system32\kyllzq.dbc          Artemis!E088D5F5DA3D (Virus)

8/28/2012          1:30:21 PM          Not scanned  (scan timed out)           TLGKR7104DO009\Linde          System:Remote          C:\WINDOWS\system32\kyllzq.dbc

8/28/2012          1:30:21 PM          Deleted           TLGKR7104DO009\Linde          System:Remote(192.168.1.211 (ASP2_OS_SV1))          C:\WINDOWS\system32\kyllzq.dbc          Artemis!E088D5F5DA3D (Virus)

8/28/2012          1:35:08 PM          Not scanned  (scan timed out)           TLGKR7104DO009\Linde          System:Remote          C:\WINDOWS\system32\kyllzq.dbc

8/28/2012          1:35:08 PM          Deleted           TLGKR7104DO009\Linde          System:Remote(192.168.1.212 (ASP2_OS_SV2))          C:\WINDOWS\system32\kyllzq.dbc          Artemis!E088D5F5DA3D (Virus)

8/28/2012          1:52:38 PM          Not scanned  (scan timed out)           TLGKR7104DO009\Linde          System:Remote          C:\WINDOWS\system32\kyllzq.dbc

8/28/2012          1:52:39 PM          Deleted           TLGKR7104DO009\Linde          System:Remote(192.168.1.210 (ASP2_ES))          C:\WINDOWS\system32\kyllzq.dbc          Artemis!E088D5F5DA3D (Virus)

8/28/2012          12:27:29 PM                    Engine version                          =          5400.1158

8/28/2012          12:27:29 PM                    AntiVirus   DAT version                 =          6817.0

8/28/2012          12:27:29 PM                    Number of detection signatures in EXTRA.DAT =          None

8/28/2012          12:27:29 PM                    Names of detection signatures in EXTRA.DAT  =          None

8/28/2012          12:26:59 PM          Scan Started          TLGKR7104DO009\Linde          On-Demand Scan

8/28/2012          12:33:21 PM          Not scanned (The file is encrypted)           c:\Installs\Virus Removal\McAfee\GETSUSP\gsusp_EC14AACD4BF5_081012_094334.zip

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Scan Summary

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Processes scanned    : 83

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Processes detected   : 0

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Processes cleaned    : 0

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Boot sectors scanned : 2

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Boot sectors detected: 0

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Boot sectors cleaned : 0

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Files scanned        : 48481

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Files with detections: 0

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          File detections      : 0

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Files cleaned        : 0

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Files deleted        : 0

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Files not scanned    : 43

8/28/2012          1:01:46 PM          Scan Summary          TLGKR7104DO009\Linde          Run time             : 0:34:47

8/28/2012          1:01:46 PM          Scan Complete          TLGKR7104DO009\Linde          On-Demand Scan

0 Kudos
limeister77
Level 9

Re: Possibe False Positive - Artemis! E088D5F5DA3D

Hello All

Have there been any follow up on this issue?

Cheers

0 Kudos