5 Replies Latest reply on Aug 20, 2010 3:01 PM by anahata

    Possible False Positive - Artemis!DB070A69E32F (Trojan)

      7/28/2010    11:26:47 AM        Engine version                          =    5400.1158
      7/28/2010    11:26:47 AM        AntiVirus   DAT version                 =    6057.0
      7/28/2010    11:26:47 AM        Number of detection signatures in EXTRA.DAT =    None
      7/28/2010    11:26:47 AM        Names of detection signatures in EXTRA.DAT  =    None
      7/28/2010    11:40:59 AM    Deleted     NT AUTHORITY\SYSTEM    C:\WINDOWS\system32\CCM\CcmExec.exe    C:\E drive\MGEN\MGEN\mgen.exe    Artemis!DB070A69E32F (Trojan)
      7/28/2010    11:43:29 AM    Deleted     NT AUTHORITY\SYSTEM    C:\WINDOWS\system32\CCM\CcmExec.exe    C:\JEFX09\Networking\downloads\mgen\MGEN\mgen.exe    Artemis!DB070A69E32F (Trojan)
      7/28/2010    11:43:58 AM    Not scanned  (scan timed out)     NT AUTHORITY\SYSTEM    C:\WINDOWS\system32\CCM\CcmExec.exe    C:\Opnet\itguru_150A_PL3_8652_update_win.exe   
      7/28/2010    11:48:35 AM    Deleted     NT AUTHORITY\SYSTEM    C:\WINDOWS\system32\CCM\CcmExec.exe    C:\TTM\Archive\Deploy\eclipse\ttm_apps\MGEN\mgen.exe    Artemis!DB070A69E32F (Trojan)
      7/28/2010    11:48:59 AM    Deleted     NT AUTHORITY\SYSTEM    C:\WINDOWS\system32\CCM\CcmExec.exe    C:\TTM\ttm_apps\MGEN\mgen.exe    Artemis!DB070A69E32F (Trojan)
      7/28/2010    9:48:16 PM    Not scanned  (scan timed out)     CCANET\wghelf    C:\WINDOWS\system32\Rockwe~1.scr    C:\tmp\SSIMG.tif   
      7/29/2010    12:53:59 PM    Not scanned  (scan timed out)     CCANET\wghelf    C:\Tmp\is-27BGD.tmp\setup.tmp    C:\TTM\jre\is-IENT8.tmp   
      7/29/2010    12:55:19 PM    Not scanned  (scan timed out)     CCANET\wghelf    C:\Tmp\is-27BGD.tmp\setup.tmp    C:\TTM\jre\jre\lib\is-NRAR7.tmp   
      7/29/2010    12:55:41 PM    Not scanned  (scan timed out)     CCANET\wghelf    C:\Tmp\is-27BGD.tmp\setup.tmp    C:\TTM\jre\lib\is-8VR1T.tmp   
      7/29/2010    12:57:57 PM    Deleted     CCANET\wghelf    C:\Tmp\is-27BGD.tmp\setup.tmp    C:\TTM\ttm_apps\MGEN\is-E8BOE.tmp    Artemis!DB070A69E32F (Trojan)
      7/29/2010    1:20:51 PM    Deleted     CCANET\wghelf    C:\Tmp\is-27BGD.tmp\setup.tmp    C:\TTM\ttm_apps\MGEN\is-KVKIQ.tmp    Artemis!DB070A69E32F (Trojan)

        • 1. Re: Possible False Positive - Artemis!DB070A69E32F (Trojan)

          How do i get this turned in as critical?
          Or get someone to respond... sometimes this support is fast within 5-10 min's this has been open since last week.

          Please let me know how I can escalte this, or do i just need to turn off Atremis on my network.  Let me know.

           

          Thanks in advance.

          • 2. Re: Possible False Positive - Artemis!DB070A69E32F (Trojan)

            8/12/2010    2:28:47 PM        Engine version                          =    5400.1158
            8/12/2010    2:28:47 PM        AntiVirus   DAT version                 =    6072.0
            8/12/2010    2:28:47 PM        Number of detection signatures in EXTRA.DAT =    None
            8/12/2010    2:28:47 PM        Names of detection signatures in EXTRA.DAT  =    None
            8/12/2010    4:04:55 PM    Not scanned  (scan timed out)     CCANET\wghelf    C:\Tmp\is-CEEMV.tmp\setup.tmp    C:\TTM\jre\is-M3360.tmp   
            8/12/2010    4:06:00 PM    Not scanned  (scan timed out)     CCANET\wghelf    C:\Tmp\is-CEEMV.tmp\setup.tmp    C:\TTM\jre\jre\lib\is-UDH0C.tmp   
            8/12/2010    4:06:19 PM    Not scanned  (scan timed out)     CCANET\wghelf    C:\Tmp\is-CEEMV.tmp\setup.tmp    C:\TTM\jre\lib\is-SPFO7.tmp   
            8/12/2010    4:08:28 PM    Deleted     CCANET\wghelf    C:\Tmp\is-CEEMV.tmp\setup.tmp    C:\TTM\ttm_apps\MGEN\is-MGN9B.tmp    Artemis!DB070A69E32F (Trojan)

             

             

             

            The rest of the files don't seem to be deleting anymore, but this one still is ??? how does that happen.

            • 3. Re: Possible False Positive - Artemis!DB070A69E32F (Trojan)

              Hi

               

              We have whitelised this file: mgen, As Artemis is updated in real-time there is no requirement to wait for a full DAT update nor to use an EXTRA.DAT intermediate solution. Simply wait approximately 30 minutes and this false will no longer exist or trigger on your system. Depending on the network settings you have or the caching involved between your system and ours it may take slightly longer for this false alarm to be resolved.

               

              In future, please subit your files in password-protected zip file (password='infected') to virus_research@avertlabs.com

               

              Feel free to contact us further

               

              Regards

              Neha Chattopadhyay

              McAfee SME

              • 4. Re: Possible False Positive - Artemis!DB070A69E32F (Trojan)

                Thanks, in your false positive directions it says the file is not needed to be uploaded for Artemis Detections Fix, is this the case or not?

                I have the group that is having issues with that file testing, I will let you know if that fixed it. Thanks!

                • 5. Re: Possible False Positive - Artemis!DB070A69E32F (Trojan)

                  Hi

                   

                  You just need to scan your file which should no longer detect Artemis

                   

                  Thanks

                  Neha Chattopadhyay

                  McAfee SME