2 Replies Latest reply on May 3, 2010 3:41 PM by nchattop

    Possible False Positive - Artemis!B3B121CCAC92 (Trojan)

      Was trying to get WinRAR's latest trial (WinRAR x86 (32 bit) 3.93):

       

      From RARLAB:

      http://www.rarlab.com/rar/wrar393.exe

       

      From Download.com:

      http://download.cnet.com/3001-2250_4-10007677.html?spi=647993a0865b2953a8079c968 7bf3bd5&part=dl-113677

       

      Relevant Engine/Dat/Detection info from OnAccessScanLog.txt:

      Engine version                          =    5400.1158
      AntiVirus  DAT version                =    5965.0
      4/27/2010    10:49:20 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    C:\Documents and Settings\uname\Local Settings\Application Data\Mozilla\Firefox\Profiles\aMmmlE35.default\Cache\7AF996B3d01    Artemis!B3B121CCAC92 (Trojan)
      4/27/2010    10:49:21 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    D:\Downloads\wrar393.exe.part    Artemis!B3B121CCAC92 (Trojan)
      4/27/2010    11:00:47 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    C:\Documents and Settings\uname\Local Settings\Application Data\Mozilla\Firefox\Profiles\aMmmlE35.default\Cache\8A3D924Dd01    Artemis!B3B121CCAC92 (Trojan)
      4/27/2010    11:00:48 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    D:\Downloads\wrar393.exe.part    Artemis!B3B121CCAC92 (Trojan)
      4/27/2010    11:29:54 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    C:\Documents and Settings\uname\Local Settings\Application Data\Mozilla\Firefox\Profiles\aMmmlE35.default\Cache\617BC0ECd01    Artemis!B3B121CCAC92 (Trojan)
      4/27/2010    11:29:55 PM    Deleted    CNAME\uname    C:\Program Files\Mozilla Firefox\firefox.exe    D:\Downloads\wrar393.exe.part    Artemis!B3B121CCAC92 (Trojan)

       

      I zipped & attached the quarantined version of the file with the password "infected" per the submission instructions.