cancel
Showing results for 
Search instead for 
Did you mean: 
atlas91
Level 7

Possible False Artemis!226F985A2463 - McAfee File

Hi,

I just started my pc, and a message popped up from McAfee that the above had been found and removed (Trojan). Looking at the History and Logs, it referred to the following file:

C:\Program Files\McAfee\MSC\McIPTShm.dll

This appears to be a McAfee file, and has not been picked up on my wife's pc which also has McAfee protection (the file still exists there, and appears to have been there for some time). My pc has a slightly newer version of McAfee as it updated at the weekend.

Is this anything to be concerned about, or is this a false positive - very surprised to see McAfee delete one of it's own files.

Thanks,

GK

0 Kudos
10 Replies
vinod_r2
Level 11

Re: Possible False Artemis!226F985A2463 - McAfee File

Thanks for posting- we will check on this and get back to you.

0 Kudos
maxrunner
Level 7

Re: Possible False Artemis!226F985A2463 - McAfee File

I had the same thing occur regading the Aremis file, immediately after installing the new McAfee version. I was told to restart after installing the new version and the message about the Trojan appeared as soon as it was done rebooting. I have shut down my computer and am now using another to communicate. Concerned about using mine until I understand what is happening, but I have work to do on it.

0 Kudos
argh_viruses
Level 7

Re: Possible False Artemis!226F985A2463 - McAfee File

Just this afternoon, I got a pop up notifying me the presence of the same trojan, which was able to be quarantined, etc.  As soon as a McAfee Total Protection update is initiated, the file seems to be replaced with the update session and not long after, the popup appears again.  I sent the file to McAfee via the main user interface.  One thing that was odd about all this, and frustrating, is that the virus signatures are able to detect it, but when you click on the hyperlink to take you to the virus info site at McAfee, it was not listed, at least at that earlier time today.  I do, however, realize that these are probably all similar, but the site did list many other ones ending with a lengthy alphanumerical string in their name.  At any rate, McAfee's Security Center seems to work ok without the file being in the program MSC folder after it is quarantined or deleted.  Since it seems it is being put in with an update, perhaps the file that is being sent as an update, has some glitch in it that is falsely triggering an identification of the artemis type.  Anyway, thanks, just thought I'd add to all this.  For now I will wait a bit before doing an update and hopefully if it is something wrong with a recent update to that mcIPTShm.dll file in the MSC folder, a fixed version will be added soon.  If it is a real thing, please advise.  Thanks so much !!

GS

on 4/30/12 3:06:33 PM CDT
0 Kudos
vinod_r2
Level 11

Re: Possible False Artemis!226F985A2463 - McAfee File

Thank you for sharing this information.

Artemis detection is part of our Global Threat Intelligence system. And is a realtime proactive update that has a self healing and learning logic. This system sometimes due to the high detection rate detects and removes seemingly stable files as well. Let's wait for the system to update it self. (Usually its take only a matter of an hour or so before it gets rectified on its own. subject to the network perforamance and the geography the end user is located.).

In any way- I have forwarded the request to the concerned team.

Appreciate your patience patience.

0 Kudos

Re: Possible False Artemis!226F985A2463 - McAfee File

Thanks for all the reports. This specific detection has been analyzed and updated in our database. Please let me know if you continue to receive this exact detection.

Regards,

0 Kudos
robcc29
Level 7

Re: Possible False Artemis!226F985A2463 - McAfee File

Not sure..if you fixed new detections...BUT, on my system MVT still reports 2 errors....related to the (now missing DLL).  In fact, I see on one pc that Mcafee detected and id'd the same named file (a purported trojan) and quarantined it on 4/20 and again on 4/30/12??  Are we to RESTORE the purported trojan dll from with Mcafee...If not then what?

Obvisously, if we don't restore it (trust it) it won't be detected again as it's missing?  And I'd think it must be there for a reason and have a task in security?  And for those systems where users trusted the trojan message and deleted the "offending dll"  how about have MVT or the next (soon) McAfee update put it back on our systems ...PLEASE??

Bob

0 Kudos
robcc29
Level 7

Re: Possible False Artemis!226F985A2463 - McAfee File

Most recent update just installed (6:35PM Eastern USA) seems to have fixed all and re-intsalled the lost DLL...

0 Kudos

Re: Possible False Artemis!226F985A2463 - McAfee File

Thanks for the update. Sounds like the update mechanism saw the file was missing and pulled down a fresh copy. The work our content team did earlier has prevented it from being re-detected.

0 Kudos
michaelm1
Level 7

Re: Possible False Artemis!226F985A2463 - McAfee File

Same thing.  And hyperlink still returns no information.  

0 Kudos