2 Replies Latest reply on Jun 23, 2010 8:44 AM by SamSwift

    Possible False Positive - Artemis!C8AD600E509C (Trojan)

      5/19/2010 10:48:32 AM  Engine version                          = 5400.1158
      5/19/2010 10:48:32 AM  AntiVirus   DAT version                 = 5987.0
      5/19/2010 10:48:32 AM  Number of detection signatures in EXTRA.DAT = None
      5/19/2010 10:48:32 AM  Names of detection signatures in EXTRA.DAT  = None
      5/19/2010 2:09:27 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe C:\3.1.0.8 OS Create\-2 OS\2.3.0.11 OS\Program Files\Simple DNS Plus\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:09:40 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe C:\3.1.0.8 OS Create\3.1.0.7 OS\Program Files\Simple DNS Plus\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:15:32 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe C:\ROB\-2 DIBS\2.3.0.11\2.3.0.11 OS\Program Files\Simple DNS Plus\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:15:47 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe C:\ROB\-3 DIBS\3.1.0.7\3.1.0.7 OS\Program Files\Simple DNS Plus\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:16:53 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe C:\ROB\OS\-2 DIBS\2.3.0.13a OS\Program Files\Simple DNS Plus\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:17:14 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe C:\ROB\OS\-3 DIBs\3.1.0.9a OS\Program Files\Simple DNS Plus\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:18:59 PM Deleted  TCP0069\fcms C:\WINDOWS\Explorer.EXE C:\ROB\OS\-2 DIBS\2.3.0.13a OS.zip\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:20:53 PM Deleted  TCP0069\fcms C:\WINDOWS\Explorer.EXE C:\ROB\OS\-2 DIBS\2.3.0.12 OS.zip\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:27:06 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe D:\FCMS\DIB_OS\PSW_3.1.0.1 OS\Program Files\Simple DNS Plus\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:41:35 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe D:\Hochan\2.3.0.10 OS\Program Files\Simple DNS Plus\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:44:54 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe D:\OS\-2\2.3.0.12 OS\2.3.0.12 OS\Program Files\Simple DNS Plus\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:46:29 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe D:\OS\-2\2.3.0.12 OS\3.1.0.8 OS\Program Files\Simple DNS Plus\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:49:52 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe D:\System Volume Information\_restore{32649328-DB17-45D5-968B-75130E2AE1EA}\RP451\A0119642.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:49:52 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe D:\System Volume Information\_restore{32649328-DB17-45D5-968B-75130E2AE1EA}\RP451\A0119643.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:49:53 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe D:\System Volume Information\_restore{32649328-DB17-45D5-968B-75130E2AE1EA}\RP451\A0119644.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 2:49:53 PM Deleted  NT AUTHORITY\SYSTEM C:\WINDOWS\system32\CCM\CcmExec.exe D:\System Volume Information\_restore{32649328-DB17-45D5-968B-75130E2AE1EA}\RP451\A0119645.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 3:01:08 PM Deleted  TCP0069\fcms C:\WINDOWS\Explorer.EXE C:\ROB\OS\-2 DIBS\2.3.0.12 OS.zip\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 3:02:49 PM Deleted  TCP0069\fcms C:\WINDOWS\Explorer.EXE C:\Rajesh\OS\2.3.0.12 OS\2.3.0.12 OS.zip\sdnsmain.exe Artemis!C8AD600E509C (Trojan)
      5/19/2010 3:31:45 PM Deleted  TCP0069\fcms C:\WINDOWS\Explorer.EXE C:\Rajesh\OS\2.3.0.12 OS.zip\sdnsmain.exe Artemis!C8AD600E509C (Trojan)

        • 1. Re: Possible False Positive - Artemis!C8AD600E509C (Trojan)
          Nitin Kumar

          Hi,

           

          McAfee Labs researchers have examined the file in question and no malware was found.

           

          McAfee(R) Artemis technology provides real-time protection that secures enterprises and consumers from threats as they strike and much quicker than traditional signatures can be deployed. As Artemis is updated in real-time there is no requirement to wait for a full DAT update nor to use an EXTRA.DAT intermediate solution. Simply wait approximately 30 minutes and this false will no longer exist or trigger on your system. Depending on the network settings you have or the caching involved between your system and ours it may take slightly longer for this false alarm to be resolved.

          • 2. Re: Possible False Positive - Artemis!C8AD600E509C (Trojan)
            SamSwift

            Marking as assumed answered. Please let us know if the issue is not resolved.

            Thanks,

            Sam