cancel
Showing results for 
Search instead for 
Did you mean: 
cdh0050
Level 7

Possible False Positive - Artemis!BF1B4CD0DFFB

The file below has been a problem for us.  We are running the version of their software that comes from a thumb drive.  I called the company http://www.kurzweiledu.com/ and spoke with technical support.  They said to just allow the file name an exception in our AV that they have seen this before.  I took another thumb drive right out of the box and plugged it into a different computer with the same result.  It also seems to be placing something in the system restore which is getting tagged later on.  I would send you a copy of the file, but when you run the program from the thumb drive it extracts the program to the C: and then the AV deletes it so the file is gone.

Threat Event Log Information
Server ID:epo-server
Event Received Time (UTC):5/10/10 2:45:40 PM
Event Generated Time (UTC):5/10/10 2:44:32 PM
Agent GUID:9E5DFCAE-8BA2-4DF2-9463-FC49B14A69C8
Detecting Prod ID (deprecated):VIRUSCAN8700
Detecting Product Name:VirusScan Enterprise
Detecting Product Version:8.7
Detecting Product Host Name:
Detecting Product IPv4 Address:
Detecting Product IP Address:
Detecting Product MAC Address:
DAT Version:5977.0000
Engine Version:5400.1158
Threat Source Host Name:
Threat Source IPv4 Address:
Threat Source IP Address:
Threat Source MAC Address:
Threat Source User Name:
Threat Source Process Name:
Threat Source URL:
Threat Target Host Name:
Threat Target IPv4 Address:
Threat Target IP Address:
Threat Target MAC Address:
Threat Target User Name:
Threat Target Port Number:
Threat Target Network Protocol:
Threat Target Process Name:
Threat Target File Path:C:\Documents and Settings\odalab\Application Data\Thinstall\KB884016\40000082700002i\Kurzweil 3000.exe.920624.tmp
Event Category:Malware detected
Event ID:1027
Threat Severity:Alert
Threat Name:Artemis!BF1B4CD0DFFB
Threat Type:Trojan
Action Taken:Deleted
Threat Handled:true
Analyzer Detection Method:OAS
Threat Event Descriptions
Event Description:Infected file deleted.

Threat Event Log Information

Server ID:epo-server
Event Received Time (UTC):5/10/10 1:33:11 PM
Event Generated Time (UTC):5/10/10 1:29:45 PM
Agent GUID:6B528FBA-DE67-4192-832E-8CE9D4F907B5
Detecting Prod ID (deprecated):VIRUSCAN8700
Detecting Product Name:VirusScan Enterprise
Detecting Product Version:8.7
Detecting Product Host Name:
Detecting Product IPv4 Address:
Detecting Product IP Address:
Detecting Product MAC Address:
DAT Version:5977.0000
Engine Version:5400.1158
Threat Source Host Name:
Threat Source IPv4 Address:
Threat Source IP Address:
Threat Source MAC Address:
Threat Source User Name:
Threat Source Process Name:
Threat Source URL:
Threat Target Host Name:
Threat Target IPv4 Address:
Threat Target IP Address:
Threat Target MAC Address:
Threat Target User Name:SYSTEM
Threat Target Port Number:
Threat Target Network Protocol:
Threat Target Process Name:
Threat Target File Path:c:\System Volume Information\_restore{38A5DB13-A00C-4099-AA0A-6BB638E808D9}\RP256\A0035627.exe
Event Category:Malware detected
Event ID:1027
Threat Severity:Alert
Threat Name:Artemis!BF1B4CD0DFFB
Threat Type:Trojan
Action Taken:Deleted
Threat Handled:true
Analyzer Detection Method:(managed) Managed Daily Scan
Threat Event Descriptions
Event Description:Infected file deleted.

0 Kudos
1 Reply
showvik
Level 12

Re: Possible False Positive - Artemis!BF1B4CD0DFFB

Hi,

McAfee(R) Artemis technology provides real-time protection that secures enterprises and consumers from threats as they strike and much quicker than traditional signatures can be deployed. As Artemis is updated in real-time there is no requirement to wait for a full DAT update nor to use an EXTRA.DAT intermediate solution. Simply wait approximately 30 minutes and this false will no longer exist or trigger on your system. Depending on the network settings you have or the caching involved between your system and ours it may take slightly longer for this false alarm to be resolved.

Regards,

Showvik Chakraborty

McAfee® Labs
-------------------------
McAfee® Labs Blog <http://www.avertlabs.com/research/blog/>
AudioParasitics - The Official PodCast of McAfee®  Avert® Labs <http://podcasts.mcafee.com/audioparasitics>
--------------------------
Safe online? Avoid dangerous web sites using McAfee SiteAdvisor™ -  a FREE download from http://www.siteadvisor.com?cid=27092. Don't search or surf without it!

0 Kudos