1 2 Previous Next 11 Replies Latest reply on Mar 28, 2017 9:08 PM by catdaddy

    False Artemis!B7FD8A52C4B5

    sepmt3

      This "Artemis" is a game called "The Escapists" from Steam. I've already sent an email to virus_research@mcafee.com and a sample but I never got a reply. Please help, it would be much appreciated.

        • 1. Re: False Artemis!B7FD8A52C4B5
          catdaddy

          Did you zip it and password protect it using the password infected   . Following these Guidelines/Instructions?

          What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

           

          When you submit it successfully,you should receive a Analysis ID# back from McAfee Labs. Allow 2-3 days for them to analyze it. If you have heard nothing back, please provide us the Analysis ID#, and we can escalate your case on your behalf.

          • 2. Re: False Artemis!B7FD8A52C4B5
            sepmt3

            Yes, I tried multiple times. I turned off my real-time scanner and restored the .exe from the quarantine. After that, I put the .exe in a zip folder and password protected it with "infected" using 7-Zip. I then sent it to virus_research@mcafee.com through Yahoo and put "FALSE:" at the beginning of my header. I just tried now and I haven't gotten a response.

            • 3. Re: False Artemis!B7FD8A52C4B5
              catdaddy

              How large was the zipped submission? It has a 10mb limit.

              (Also please make sure you simply use the word)    infected    without the asterisks.

               

              You can try running the McAfee Getsusp Tool, enter your email address under preferences in the Getsusp UI before scanning. You can take the detected Items and upload them to Virus Total and get the Hashes for the detection (s).

              Getsusp can be obtained here: Anti-Spyware/Malware & Hijacker Tools

              • 4. Re: False Artemis!B7FD8A52C4B5
                sepmt3

                Sorry for the late response, but in the zip folder it is 1,463 KB out of it is 2,358 KB.

                 

                I put the program through McAfee Getsusp and got this email if that's what you meant by Hashes:

                 

                   SR Number               Creation Date                WorkItem ID        Machine Name

                        =========               ==============               ===========        ===========

                        None specified          3/27/2017 11:46:08 PM        2384264            AJ

                 

                 

                 

                 

                        +---------------------+----------------------------------+--------------+-----------+--------+

                | File Name           | MD5                              | Findings     | Detection | Type   |

                +---------------------+----------------------------------+--------------+-----------+--------+

                 

                        | theescapists[1].ex_ | b7fd8a52c4b580511c5b73028a6b06b7 | not_detected |           | TROJAN |

                 

                        +---------------------+----------------------------------+--------------+-----------+--------+

                1 of 1 people found this helpful
                • 5. Re: False Artemis!B7FD8A52C4B5
                  catdaddy

                  Actually that is your *Ticket ID#* and should suffice. You are capable of retrieving hashes after submitting to VirusTotal.com. Which you can do through your Getsusp Interface. I will also provide it additionally to a Engineer at McAfee Labs.

                   

                  This is your escalation Ticket number:Ticket #: AM000883 - Artemis! Submitted through Getsusp

                  • 6. Re: False Artemis!B7FD8A52C4B5
                    sepmt3

                    Oh ok, is that all then, I just need to wait 2-3 days and then McAfee will stop detecting it as a trojan?

                    • 7. Re: False Artemis!B7FD8A52C4B5
                      catdaddy

                      Following protocol I should have waited 2-3 buisness days before escalating your detection. Since you were having issues submitting I personally took the exception to help you. I/we should hear something with-in the next few days.

                       

                      I do know that the Technicians are inundated with all of the *Transitioning * going on between Intel/McAfee at the present time. Having said this, I will apprise you when I hear something back from the Labs. Usually it is in short order.

                      • 8. Re: False Artemis!B7FD8A52C4B5
                        sepmt3

                        Thank you!

                        • 9. Re: False Artemis!B7FD8A52C4B5
                          catdaddy

                          You are quite welcome

                          I have submitted once again...

                          Ticket #: AM000885 - Artemis!

                          Nick, one of the Engineers is analyzing now.

                          1 2 Previous Next