cancel
Showing results for 
Search instead for 
Did you mean: 
johnjz
Level 7

Possible False Artemis-Artemis!8A8CB6C6E53A

Jump to solution

File is quarrentined before I am able to zip up a copy to send to you all.

Original File Name: "Service Information.exe"

It is used in the General Motors Service Packages for various GM vehicles.

The program runs fine on another computer without McAffee real time scan.

Any assistance with getting this to work would be most appriciated.

John

0 Kudos
1 Solution

Accepted Solutions
jungzimm
Level 8

Re: Possible False Artemis-Artemis!8A8CB6C6E53A

Jump to solution

Thank you, Thank you, Thank you!

Could not find scan.exe or Extra.DAT. 

My home machine running WIN 7-64  was able to run the program successfully on Tuesday.  My Work Machine on WIN Vista was able to successfully run it Today (Friday).  I really appreciate the assistance and can now use the software in my job without having to disable the AV on access scanner.

John

0 Kudos
16 Replies
Peacekeeper
Level 20

Re: Possible False Artemis-Artemis!8A8CB6C6E53A

Jump to solution

From the other PC zip it up as described here and send it to Mcafee asking it to be reviewed when the auto reply cames backsaying it is infected. Use subject False +ve.

http://vil.nai.com/vil/submit-sample.aspx

0 Kudos
johnjz
Level 7

Re: Possible False Artemis-Artemis!8A8CB6C6E53A

Jump to solution

Have done as requested--emailed zipped file with password "infected"  to virus_research@avertlabs.com with False +ve as subject. Thanks,

John

0 Kudos
Peacekeeper
Level 20

Re: Possible False Artemis-Artemis!8A8CB6C6E53A

Jump to solution

Did u get an auto reply? If no reply in a day redo it ensure the file is zipped and  with infected as password. (Ok u say that was done) You should have got an immediate reply that you then reply to asking for a revision...

Message was edited by: Peacekeeper on 18/04/11 7:13:41 PM
0 Kudos
johnjz
Level 7

Re: Possible False Artemis-Artemis!8A8CB6C6E53A

Jump to solution

Messed up the password on first attemp.

2nd attempted resulted in the following:

          McAfee Labs - Beaverton                                                               

          Current Scan Engine Version:5400.1158                                                 

          Current DAT Version:6320.0000                                                         

          Thank you for your submission.                                                        

          Analysis ID: 6603853

          File Name            Findings                       Detection                    Type         Extra

          --------------------|------------------------------|----------------------------|------------|-----

          image001.gif        |no malware                    |                            |            |no  

          service information.|inconclusive                  |                            |            |no  

          inconclusive [service information.exe]                                                            

             Upon analysis the file submitted does not appear to contain one of the 200,000 known  

          threats in the AutoImmune database. The file may contain a new threat, or no code     

          capable of being infected. Your submission is being forwarded to an McAfee Labs       

          Researcher for further analysis. You will be contacted by McAfee through e-mail with  

          the results of that analysis.                                                         

          no malware [image001.gif]                                                                       

             McAfee Labs has found no indications of malicious code. Upon examining the file we    

          observed no malicious behavior.                                                       

             To find detailed information about viruses and other malware, please review McAfee    

          Labs' Virus Information Library:                             

                                                        

     

I updated McAffee, Re-installed the software and "on access scanner" grabbed it again.  I need a "get-out-of-quarantine-free" card 

Thanks help.   

John                                     

Message was edited by: johnjz on 4/18/11 3:55:49 PM CDT
0 Kudos
vinod_r2
Level 11

Re: Possible False Artemis-Artemis!8A8CB6C6E53A

Jump to solution

Could you zip and email the .exe file only again.. with subject as  false - Artemis!8A8CB6C6E53A

0 Kudos
johnjz
Level 7

Re: Possible False Artemis-Artemis!8A8CB6C6E53A

Jump to solution

Sorry...gone on training for 3 days with no internet access.  Have sent file as requested.  Am not sure where the (image001.gif) file referenced in file analysis came from. The only file I sent was "service information.exe" and that is only file that show up in the zipped folder, or when I extract it.

0 Kudos
johnjz
Level 7

Re: Possible False Artemis-Artemis!8A8CB6C6E53A

Jump to solution

Got same instant replay as as I did the first time.  Now file is being referenced as "Generic.Tra!8A8CB6C6E53A" when OnAccessScanning detects and deletes it. Waiting email promised by original response:

         

...Your submission is being forwarded to an McAfee Labs

Researcher for further analysis. You will be contacted by McAfee through e-mail with

the results of that analysis. ...

Any additional suggestions would be most welcome.

John

0 Kudos
nownitin
Level 12

Re: Possible False Artemis-Artemis!8A8CB6C6E53A

Jump to solution

HI,

McAfee(R)Artemis technology provides real-time protection that securesenterprises and consumers from threats as they strike and much quickerthan traditional signatures can be deployed. As Artemis is updated inreal-time there is no requirement to wait for a full DAT update nor touse an EXTRA.DAT intermediate solution. Simply wait approximately 30minutes and this false will no longer exist or trigger on your system.Depending on the network settings you have or the caching involvedbetween your system and ours it may take slightly longer for this false alarm to be resolved.

Thanks,

Nitin Kumar

McAfee SME

0 Kudos
Peacekeeper
Level 20

Re: Possible False Artemis-Artemis!8A8CB6C6E53A

Jump to solution

Nitin

OK so to get the false detection noted the user still has to submit the malware? Can to confirm teh steps to get an artemis detection not noted when it is thought to be a false detection?

0 Kudos