cancel
Showing results for 
Search instead for 
Did you mean: 
lorecam
Level 7

Possible False Positive: Artemis!D6638336CAB9

Jump to solution

I posted it here http://community.mcafee.com/thread/25970?tstart=0 , But I rather post it here in Artemis Discussion too.:

THis is what happened to me today:

My McAfee (updated, version 14.0, DAT version: 6029) detected today a Artemis!D6638336CAB9 Trojan. (could NOT find this trojan in your Mcafee virus database)

My PC has: WinXP Pro, 32b.

Info was:  File: C/ Windows/system32/iedkcs32.dll

process: C/Windows/system32/svchost.exe

Mcafee desinfected this file and sended it to "cuarentena" (quarenteen sp? ). After that, I had to reboot my PC by Mcafee.

After rebooting system I got a message from automatic windows update : to install : KB982381

So I try to install that update, but install always fails (after 3 tries). So I try to install it by downloading the file from windows update web here:

http://www.microsoft.com/downloads/details.aspx?familyid=9CFF9ABA-7743-4C33-87C7-37D06ED60A21&displa...

After downloading this file, I try to install it, but it gives an error and again suddenly Mcafee finds the trojan : Artemis!D6638336CAB9

in file: SP3GDR/iedkcs32.dll

in process: IE8-WindowsXP-KB982381-x86-ESN.exe

So after all this info I think that Mcafee thinks that this file is a Trojan, despite it is an authentic windows update file.

Could someone help me please?

Thanks

Ops. forgot to tell you I´ve got:

Mcafee Total Protection:

Mcafee Security Center :

Version: 10.0

Compilation: 10.0.580

Last Update: 13/05/2010

Mcafee Virus Scan:

Version 14.0

Compilation: 14.0.309

Last Update: 01/07/2010

DAT version: 6029

DAT creation date: 30/06/2010

engine version: 5400.1158

and some more like firewall, siteadvisor , and so on (please, let us copy+paste this info in "About Mcafee" window !!! )

I am Spanish, so my Mcafee language is Spanish.

I contacted Mcafee spanish support but they did not helped me. They told me to use "Stinger" application which I am currently using to find Trojans (they think I have got some trojan couse of the Artemis detection )

If you need more info, ask for it

but please, help me here !

PS: If you need the file(s), I can upload it here.

0 Kudos
1 Solution

Accepted Solutions
SamSwift
Level 12

Re: Possible False Positive: Artemis!D6638336CAB9

Jump to solution

Hi,

Yes please - can you run another update in total protection and let me know the results.

Thanks,

Sam

0 Kudos
8 Replies
lorecam
Level 7

Re: Possible False Positive: Artemis!D6638336CAB9

Jump to solution

Finished Stinger Aplication:

Preferences were:

Scan targets: Processes  + Boot Sectors

On virus detection : Report only

Detection : all marked excep for: Enable Macro heuristics and Report Applications.

Sensivity level: very low.

Number of Clean Files: 225487.

It did not found anything.

0 Kudos
SamSwift
Level 12

Re: Possible False Positive: Artemis!D6638336CAB9

Jump to solution

Hi,

This file has been whitelisted in the database. If you run an update do you still see a problem?

Sam

0 Kudos
lorecam
Level 7

Re: Possible False Positive: Artemis!D6638336CAB9

Jump to solution

Do you mean to run an update on Mcafee Total Protection?

I tried 30 minutes ago to update Mcafee again but problem was still there, despite you can see that my mcafee is updated up today.

If you mean to update again the KB982381 on windows update, I still got the fail message to install that update.

however, I will try again in about 20 minutes when Stinger finishes its detection (I am using atm the most updated Stinger application).

I´ll tell you in some minutes with more precise info on error messages and results.

Thanks Sam for your answer.

El mensaje fue editado por: lorecam on 1/07/10 5:48:06 CDT
0 Kudos
SamSwift
Level 12

Re: Possible False Positive: Artemis!D6638336CAB9

Jump to solution

Hi,

Yes please - can you run another update in total protection and let me know the results.

Thanks,

Sam

0 Kudos
lorecam
Level 7

Re: Possible False Positive: Artemis!D6638336CAB9

Jump to solution

Hi. Thanks Sam, problem solved, windows update KB983281 succesfuly installed with no Artemis Trojan detection.

But.. why was this windows update file blacklisted?

Or did you turned it to whitlisted just now?

0 Kudos
SamSwift
Level 12

Re: Possible False Positive: Artemis!D6638336CAB9

Jump to solution

Brilliant news

We're investigating the backend issue now.

Glad to here everything is ok for you.

Sam

0 Kudos
lorecam
Level 7

Re: Possible False Positive: Artemis!D6638336CAB9

Jump to solution

Thanks Sam..

would it be usefull for you if I send all the false positive files which are in Quaranteene through Mcafee Total Protection ?

I´ve got this files in Quaranteene (spelling? sorry I´m Spanish):

IEDKCS32.DLL

IEDKCS32.DLL.NEW

A0017887.DLL

Anyway, Thanks again for your help.

0 Kudos
SamSwift
Level 12

Re: Possible False Positive: Artemis!D6638336CAB9

Jump to solution

Hi,

No thank you - we've got some submissions through already.

Cheers,

Sam

0 Kudos