cancel
Showing results for 
Search instead for 
Did you mean: 
cmcclatchy
Level 7

Possible false positives Artemis!83881CB35716

We have seen this several times today after the setting on Artemis was mistakenly changed to "Very High".   We would like to run at that level, but need to avoid this type of false positive from occurring.   Can anyone determine whether this Artemis alert is valid or if it is a false positive please shut it down.

Detecting Product Name: VIRUSCAN8800

Detecting DAT Version: 7018.0000

Detecting Engine Version: 5400.1158

Analyzer Host Name: 9L4NHQ1

Target Host Name: 9L4NHQ1

Source IPv4 Address: 172.17.13.48

Distinct Count of Analyzer Host Name: 1

Threat Name: Artemis!83881CB35716

Threat Type: Trojan

Threat Category: Malware detected

Go to the McAfee Labs website to view detailed information.  Enter in the threat name in section called, "Search the Threat Library".  There you will find an overview of the threat and removal information including minimum DAT version and engine version required.

http://www.mcafee.com/us/mcafee-labs.aspx

Number of events: 1

Event Description: Infected file deleted.

Threat Action Taken: deleted

Target User Name: NT AUTHORITY\SYSTEM

Source User Name:

Count of Event Description: 1

Target File Name: C:\Users\Gabriela_Rodriguez\TIREMOTE\TIRemoteService.exe

Count of Target File Name: 1

UTC: 03/19/13 18:50:50 UTC

Detecting Product Name: VIRUSCAN8800

Detecting DAT Version: 7018.0000

Detecting Engine Version: 5400.1158

Analyzer Host Name: 1VSH3M1

Target Host Name: 1VSH3M1

Source IPv4 Address: 172.17.13.37

Distinct Count of Analyzer Host Name: 1

Threat Name: Artemis!83881CB35716

Threat Type: Trojan

Threat Category: Malware detected

Go to the McAfee Labs website to view detailed information.  Enter in the threat name in section called, "Search the Threat Library".  There you will find an overview of the threat and removal information including minimum DAT version and engine version required.

http://www.mcafee.com/us/mcafee-labs.aspx

Number of events: 1

Event Description: Infected file deleted.

Threat Action Taken: deleted

Target User Name: NT AUTHORITY\SYSTEM

Source User Name:

Count of Event Description: 1

Target File Name: C:\Users\Sofia_Cuan\TIREMOTE\TIRemoteService.exe

Count of Target File Name: 1

UTC: 03/19/13 18:46:02 UTC

Message was edited by: Ex_Brit on 19/03/13 5:28:11 EDT PM
0 Kudos
2 Replies
exbrit
Level 21

Re: Possible false positives Artemis!83881CB35716

I added the Artemis detection number to your header to catch the eyes of that department should they patrol this area.

0 Kudos
showvik
Level 12

Re: Possible false positives Artemis!83881CB35716

Hi,

Artemis!83881CB35716 has been suppressed. Kindly allow up to two hours for this update to reflect in GTI system.

Regards,

Showvik

0 Kudos