I came across a suspicious file on my computer and scanned it with McAfee VirusScan. The result was clean but it did not impress me, so I uploaded it to Virustotal. This was the result:
I use McAfee Total Protecton and the very same DAT version. I also have the options "search for unknown viruses" and "connect to McAfee Online Threat Intelligence Web community (Artemis technology)" marked on (and I was connected to Internet at the time). I repeated the scan a couple of times and got the same result. And this is not the first time.
It may be due to the scan engine version I use (5301.4018) but I haven't found a newer version:
Does any of you have ideas why this keeps happening? If so, please send an answer below.
Thank you in advance!
Discussion moved from VirusScan 14 - 2010 to Artemis Discussion for better attention - ModeratorMessage was edited by: Ex_Brit on 06/02/10 3:34:43 EST PM
The new malware detection is a heuristic detection so that means we would need the sample to be submitted to us for further review. Please send the sample to email@example.com or else submit via the Webimmune (www.webimmune.net) portal.
Once we receive your sample, we will be able to analyze it and provide a solution as needed.
Thanks for the reply.
Yes, I submitted it yesterday. The result was:
|files_name.exe||variant detection||new malware-d||Trojan||no|
variant detection [ files_name.exe ]
The file received may contain a potential virus or trojan threat identified heuristically. This potential threat was identified with our most powerful set of heuristic DAT drivers. Heuristic drivers can cause false-positive identifications, as such, this issue is being escalated to Avert Labs for a thorough review. You will be contacted through e-mail with the results of our analysis.
So, WebImmune detected it, but VirusScan didn't. I've had same this sort of problem a couple of times before. I sent a suspicious file through WebImmune and got a reply via e-mail confirming that the file contained a new malware. Now, when the dat file I received via e-mail, is out-of-date, VirusScan doesn't detect it anymore, though it is in Artemis database. Why is that?
Thanks for submitting your suspicious file for analysis.
When you submitted your sample, you should have received confirmation of your submission that included an assigned Analysis ID number identifying your escalation. Please respond to this message with that Analysis ID number so that we may expedite this issue to our researchers as necessary.
today, I received an email confirming that the file contained a new malware and VirusScan automatically removed the infection after installing the newest dat file.
(The analyse ID for this file is: 5788387)
The problem is that I've discovered many infections of a certain malware that I have already once got rid of. Now I have the same infection. I've scanned my computer several times but without any success. I uploaded one of these files to Virustotal and here's the result:
So, I need to delete these files manually but the snag is that I don't know where all these files exist.
The Issue Number for this detection is 5724445.
I currently use VirusScan engine version 5301.4018, is that the latest version?
I replied to your mail, as this malware can be identified and removed with our current scanners (Engine 5.3.00 + the current DAT).
Detection Name: Generic.dx!moc
Now I've got rid of that infection with dat version 5886.
Still, VirusScan won't detect "Artemis!CCFE6B8B3DB0 trojan !!!" and "Generic.TRA!440bea0dc500"
(analysis ID fot Generic.TRA: 5724445)
I detected these infections by using Stinger and online scanner.Message was edited by: pepez on 2/9/10 2:06:11 PM CST
Thanks for the information.
I'll take a look at the Analysis ID 5724445 and will get back to you soon.
We analysed the file further and a detection for the file submitted as ID 5724445 has been added as BackDoor-ARY. A response has been sent to your email, as well as an Extra.dat file for extra detection, which will be included in a future DAT set.