3 Replies Latest reply on Mar 16, 2010 7:47 AM by MoxieMomma

    Likely FP: Artemis!02DD84D01D89

      The following file was (mistakenly?) detected as a Trojan by McAfee Security Center on a regularly scheduled overnight scan on 3/12/2010.
      Since -- unlike most other ISSs - MSC doesn't notify the user of any detections by means of a widget for the system tray icon (and I sometimes forget to check in the morning the results of the previous night's scan), I did not discover the item in quarantine until today.

       

      Attempts to login at Webimmune this morning were unsuccessful.

      I attempted to restore the file and I sent it to Avert via email as a password-protected zip file attachment, as instructed (thank you, Ex_Brit, for the recent details on how to do this).
      However, since MSC automatically re-quarantines the file immediately as soon as it is restored, I cannot operate my Cyberlink Power DVD application.

      Filename: VC1DSSE2.DLL
      File path: C:\PROGRAM FILES (x86)\CYBERLINK\POWERDVD DX\KERNEL\BD\VIDEOFILTER
      Detection Name: Artemis!02DD84D01D89 (Trojan)
      Item: C:\PROGRAM FILES (x86)\CYBERLINK\POWERDVD DX\KERNEL\BD\VIDEOFILTER\VC1DSSE2.DLL

      I have experienced no symptoms on the computer.
      All daily scans with MSC have been clean, as have numerous scans with both Malwarebytes AntiMalware Pro 1.44 and SuperAntiSpyware 4.34.1.
      My MSC product information:
      OEM McAfee Security Center on my Dell Studio XPS 8100 (purchased Feb, 2010), 2009 versions (I have not yet received the 2010 versions via update service):
      Security Center: 9.15.175
      Virus Scan 13.15.116 (Today's DAT version is 5921 (3/15/2010), but the DAT version on 3/12/2010 would have been an earlier version)
      Personal Firewall 10.15.106
      Anti-Spam 10.15.106
      Parental Controls 11.15.102

      System Information: Dell Studio XPS 8100 (new!), running Windows 7 Ultimate (64-bit). Everything is fully-patched and up-to-date. 

       

      I did receive automated reply to my email submission as "inconclusive" and that it did not match any of the known threats in the database, but further study would be needed.


      In the interim, since MSC automatically re-quarantines the file immediately as soon as it is restored, I cannot operate my Cyberlink Power DVD application with the file missing/quarantined.

      Please advise. Thank you,



      MM

       

      WARNING: ATTACHED ZIP FILE MAY CONTAIN AN INFECTION

        • 1. Re: Likely FP: Artemis!02DD84D01D89

          Thank you for submitting your suspicious file.
          Synopsis -

          McAfee Labs researchers have examined the file in question and no malware was found.

          Solution -

          McAfee(R) Artemis technology provides real-time protection that secures enterprises and consumers from threats as they strike and much quicker than traditional signatures can be deployed. As Artemis is updated in real-time there is no requirement to wait for a full DAT update nor to use an EXTRA.DAT intermediate solution. Simply wait approximately 30 minutes and this false will no longer exist or trigger on your system. Depending on the network settings you have or the caching involved between your system and ours it may take slightly longer for this false alarm to be resolved.


          Please use the following link to reach our technical support group for McAfee products.

          Corporate Customers:
          <http://www.mcafee.com/us/support/index.html>

          Single User/Home User:
          <http://service.mcafee.com/default.aspx>

          Regards,

          Jiju Kurian
          McAfee Labs

          • 2. Re: Likely FP: Artemis!02DD84D01D89

            Hello, jkurian:

             

            Thanks for responding quickly.

            The file in question appears to be a driver file for my OEM Blu-Ray player application and the application is crippled without it.

             

            Thus far, every attempt to restore the file results in an immediate re-quarantine by McAfee SC.

             

            Please advise as to how to permanently restore it.

             

            Thanks,

             

            MM

             

             

            Message was edited by: MoxieMomma (grammar) on 3/16/10 7:21:28 AM CDT
            • 3. Re: Likely FP: Artemis!02DD84D01D89

              Resolved, I think.

               

              I just checked and the file seems to have been restored and is no longer triggering the detection.

               

              Thanks for your prompt response,

               

              MM