6 Replies Latest reply on Jun 30, 2017 8:27 AM by jtbresna

    False Artemis!574EAB256AB4

    jtbresna

      Hello,

       

      We have noticed that a program is randomly missing from certain PCs, and realized it is the AV that is removing it.

      The program is called OnePacs. It is a medical imaging and voice recognition software.

      There is an executable also being removed. It is called stdyrtrvr.exe.

      Please help me understand if this is a false positive or not, and how to proceed.

       

      We are on McAfee Agent v. 4.8.0.1500.

      McAfee VirusScan Enterprise + AntiSpyware Enterprise v. 8.8.0 (8.8.0.1247.

       

      Thank you

        • 2. Re: False Artemis!574EAB256AB4
          catdaddy

          jtbresna

                           Could you please confirm if you have received a Analysis ID# back from the Labs? If that is the case please provide it and I can escalate your issue on your behalf.

          • 3. Re: False Artemis!574EAB256AB4
            catdaddy

            jtbresna,

                              Again please confirm if you have received any correspondence from the labs.

            • 4. Re: False Artemis!574EAB256AB4
              jtbresna

              My email kept bouncing back to me, I think because the images from my signature were not being allowed through. I'll try to submit it via the portal.

              • 5. Re: False Artemis!574EAB256AB4
                jtbresna

                Actually, I'll try the Getsusp utility because I don't know if I am Platinum or Gold for the portal

                • 6. Re: False Artemis!574EAB256AB4
                  jtbresna

                  Analysis ID: 10372263

                   

                  So I did hear back from the Lab, but I think their analysis was just on the screenshots of the issue, since it references 3 .jpg files.

                   

                  This was my email back to the virus email address, but I did not hear back:

                   

                   

                  -----Original Message-----

                   

                  From: Bresnahan,James T. (Information Systems)

                   

                  Sent: Monday, June 05, 2017 10:40

                   

                  To: 'Virus_Research@avertlabs.com'

                   

                  Subject: RE: 10372263 - False Artemis!574EAB256AB4

                   

                  I am confused regarding which files I am supposed to zip
                  up, because if the files are removed by McAfee, how do I have them on the PC
                  still to package up?

                   

                  The file was detected and removed a week ago. Are these
                  logs supposed to still be in the Security Center to send a week later?

                   

                   

                  This is there analysis. How do you think I should proceed?

                   

                  McAfee Labs Sample Analysis

                   

                  Thank you for submitting your suspicious file(s). We have
                  determined that the following files are detected with our current DAT files.

                   

                        
                  Reference  : (Escalation) 10372263

                        
                  ----------------------------------

                          

                        
                  +---------------------------+----------------------------------+---------------- --+----------------------+-----------------+

                  | File Name                 | MD5                              | Findings         | Detection            | Type            |

                  +---------------------------+----------------------------------+---------------- --+----------------------+-----------------+

                   

                          |
                  image003.jpg              |
                  2b32bb441578a3a8c5c70d3e05aa8a80 | clean            |                      | clean           |

                   

                        
                  +---------------------------+----------------------------------+---------------- --+----------------------+-----------------+

                   

                         

                          |
                  image004.jpg              |
                  3de406567a7ad038b9f9a96064899dee | clean            |                      | clean           |

                   

                        
                  +---------------------------+----------------------------------+---------------- --+----------------------+-----------------+

                   

                         

                          |
                  image002.png              |
                  497910884d7225ed34b555c99a37034a | clean            |                      | clean           |

                   

                        
                  +---------------------------+----------------------------------+---------------- --+----------------------+-----------------+