cancel
Showing results for 
Search instead for 
Did you mean: 
Sigea
Level 7

Possible False Positive - Artemis!B3B121CCAC92 (Trojan)

Was trying to get WinRAR's latest trial (WinRAR x86 (32 bit) 3.93):

From RARLAB:

http://www.rarlab.com/rar/wrar393.exe

From Download.com:

http://download.cnet.com/3001-2250_4-10007677.html?spi=647993a0865b2953a8079c9687bf3bd5&part=dl-1136...

Relevant Engine/Dat/Detection info from OnAccessScanLog.txt:

Engine version                          =    5400.1158
AntiVirus  DAT version                =    5965.0
4/27/2010    10:49:20 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    C:\Documents and Settings\uname\Local Settings\Application Data\Mozilla\Firefox\Profiles\aMmmlE35.default\Cache\7AF996B3d01    Artemis!B3B121CCAC92 (Trojan)
4/27/2010    10:49:21 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    D:\Downloads\wrar393.exe.part    Artemis!B3B121CCAC92 (Trojan)
4/27/2010    11:00:47 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    C:\Documents and Settings\uname\Local Settings\Application Data\Mozilla\Firefox\Profiles\aMmmlE35.default\Cache\8A3D924Dd01    Artemis!B3B121CCAC92 (Trojan)
4/27/2010    11:00:48 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    D:\Downloads\wrar393.exe.part    Artemis!B3B121CCAC92 (Trojan)
4/27/2010    11:29:54 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    C:\Documents and Settings\uname\Local Settings\Application Data\Mozilla\Firefox\Profiles\aMmmlE35.default\Cache\617BC0ECd01    Artemis!B3B121CCAC92 (Trojan)
4/27/2010    11:29:55 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    D:\Downloads\wrar393.exe.part    Artemis!B3B121CCAC92 (Trojan)

I zipped & attached the quarantined version of the file with the password "infected" per the submission instructions.

0 Kudos
2 Replies
nchattop
Level 12

Re: Possible False Positive - Artemis!B3B121CCAC92 (Trojan)

Hi

Currently I am working on your issue, and will reply to you shortly.

Regards

Neha Chattopadhyay

McAfee SME

0 Kudos
nchattop
Level 12

Re: Possible False Positive - Artemis!B3B121CCAC92 (Trojan)

Hi,

I checked the file and would like to confirm that file (wrar393.exe) has been suppressed and should no longer detect as Artemis!b3b121ccac92. Please check and let us know further if you still see the detection.

Regards

Neha Chattopadhyay

McAfee SME

0 Kudos