7 Replies Latest reply on Feb 9, 2011 12:51 PM by ConorD62



        • 1. Re: Artemis!1256D75EE32E

          Hi Reci,

          Can you please provide more detail other than "!"




          • 2. Re: Artemis!1256D75EE32E

            Hi ConnorD62,


            The exclamation mark was suggested by McAfee to report a possible false positive. However, I can give some more detail to the community.


            The event started to occur 12 December 2010 on an Acer TravelMate 6592 G and is recurrurring since. Everytime when the Explorer is started or incidentally on starting Outlook the Acer eDataSecurity starts scanning which produces a file eDScsp.exe which is then quickly quarantined by my McAfee Internet Security Suite. Restoring it and running the latest version of Stinger at the most sensitive setting in Superscan mode does not bring up the trojan. De reported signature is not known on the web. On other file reported schortly after the initial occurence was A0034921.exe contained the same signature. Source unknown and info also unretrievable. Running the machine with system recovery swirched off did not solve the problem. By the way the Acer Empowering Technology is pre/installed but never activated on the machine. However, I spotted several of its functions to be at work in the background.


            I am now considering the eDScsp.exe to declare as ´safe´ but before I do I need to find out how this is done (McAfee do not suggest it when it pops-up) and I need to be sure it not a real threat. None of my other computers on my network reported this event sofar. One is also an Acer but without the Acer Empowering Technology.


            Hope this helps


            Thank you

            • 3. Re: Artemis!1256D75EE32E

              Hi Reci,

              Can you please upload the file to http://www.virustotal.com

              And post the link here.



              • 4. Re: Artemis!1256D75EE32E

                Hi ConorD62,


                Thank you for helping me.


                This is the link:

                http://www.virustotal.com/file-scan/reanalysis.html?id=a27ab5680dfc68a0e51b68b10 9629f957ed9210dae48a0cbf46361a37a67e63b-1297271250


                The following message was given:


                File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

                Date first seen:2010-10-20 06:27:44 (UTC)
                Date last seen:2010-12-03 14:33:49 (UTC)
                Detection ratio:17/43

                What do you wish to do?


                I cannot understand the report very well. It seems this file is used a lot by the virus builders. However, my specific problem has been reported 8/9 februari 2010 but nobody seems to have an opinion. I requested a new analysis on my file for which the result was 13/ 42 (31.0%).

                Hope it is still a false alarm.

                • 5. Re: Artemis!1256D75EE32E


                  Unfortunatly, it seems like a lot of people have flagged this up,

                  I don't think this will get un flagged.



                  EDIT: On a second look of the VirusTotal report, most of the Anti Viruses that flagged it are very unrealiable,

                  I think you should wait until someone with higher authority comes in here.




                  Message was edited by: ConorD62 on 09/02/11 11:35:07 CST
                  1 of 1 people found this helpful
                  • 6. Re: Artemis!1256D75EE32E

                    Thanks a lot ConorD62. I have no experience with this. It is my first serious virus related problem in 20+ years. I notified McAfee using the button in the quarantine box, so I expect I have to wait now until they respond or adapt the definitions. At least I know now it would not be wise at this state to declare the file safe.


                    Thanks again for helping.

                    • 7. Re: Artemis!1256D75EE32E

                      Hi Reci,

                      I would also do this.


                      Email file to: virus_research@mcafee.com


                      When submitting samples via E-mail all samples must be packaged in a .ZIP file and email header should start with the word "False" (minus the "").

                      Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected.

                      If you've done that properly an automated response should be received almost immediately, followed by a manual one, usually within 24 - 48 hours.

                      If you don't receive anything it either means the file was submitted incorrectly or the response is sitting in your Junk or Spam mail folders.


                      **If they respond that it is an infection and you are sure it is not, forward* that email immediately to virus_research@mcafee.com and insert the word 'False' (minus the '') in front of the header, but keep the rest of the header intact.

                      * recommending forward because at the moment if you hit reply it goes to the old avertlabs email address in error.






                      Message was edited by: ConorD62 on 09/02/11 12:51:55 CST