1 2 Previous Next 16 Replies Latest reply on May 20, 2011 11:12 AM by jungzimm

    Possible False Artemis-Artemis!8A8CB6C6E53A

      File is quarrentined before I am able to zip up a copy to send to you all.

       

      Original File Name: "Service Information.exe"

       

      It is used in the General Motors Service Packages for various GM vehicles.

      The program runs fine on another computer without McAffee real time scan.

       

      Any assistance with getting this to work would be most appriciated.

       

      John

        • 1. Re: Possible False Artemis-Artemis!8A8CB6C6E53A
          Peacekeeper

          From the other PC zip it up as described here and send it to Mcafee asking it to be reviewed when the auto reply cames backsaying it is infected. Use subject False +ve.

          http://vil.nai.com/vil/submit-sample.aspx

          • 2. Re: Possible False Artemis-Artemis!8A8CB6C6E53A

            Have done as requested--emailed zipped file with password "infected"  to virus_research@avertlabs.com with False +ve as subject. Thanks,

            John

            • 3. Re: Possible False Artemis-Artemis!8A8CB6C6E53A
              Peacekeeper

              Did u get an auto reply? If no reply in a day redo it ensure the file is zipped and  with infected as password. (Ok u say that was done) You should have got an immediate reply that you then reply to asking for a revision...

               

              Message was edited by: Peacekeeper on 18/04/11 7:13:41 PM
              • 4. Re: Possible False Artemis-Artemis!8A8CB6C6E53A

                Messed up the password on first attemp.

                 

                2nd attempted resulted in the following:

                 

                          McAfee Labs - Beaverton                                                               

                          Current Scan Engine Version:5400.1158                                                 

                          Current DAT Version:6320.0000                                                         

                          Thank you for your submission.                                                        

                 

                          Analysis ID: 6603853

                 

                          File Name            Findings                       Detection                    Type         Extra

                          --------------------|------------------------------|--------------------------- -|------------|-----

                          image001.gif        |no malware                    |                            |            |no  

                          service information.|inconclusive                  |                            |            |no  

                 

                          inconclusive [service information.exe]                                                            

                 

                             Upon analysis the file submitted does not appear to contain one of the 200,000 known  

                          threats in the AutoImmune database. The file may contain a new threat, or no code     

                          capable of being infected. Your submission is being forwarded to an McAfee Labs       

                          Researcher for further analysis. You will be contacted by McAfee through e-mail with  

                          the results of that analysis.                                                         

                 

                          no malware [image001.gif]                                                                        

                 

                             McAfee Labs has found no indications of malicious code. Upon examining the file we    

                          observed no malicious behavior.                                                       

                 

                             To find detailed information about viruses and other malware, please review McAfee    

                          Labs' Virus Information Library:                             

                 

                                                                        

                     

                 

                 

                I updated McAffee, Re-installed the software and "on access scanner" grabbed it again.  I need a "get-out-of-quarantine-free" card 

                 

                 

                Thanks help.   

                John                                     

                 

                Message was edited by: johnjz on 4/18/11 3:55:49 PM CDT
                • 5. Re: Possible False Artemis-Artemis!8A8CB6C6E53A
                  Vinod R

                  Could you zip and email the .exe file only again.. with subject as  false - Artemis!8A8CB6C6E53A

                  • 6. Re: Possible False Artemis-Artemis!8A8CB6C6E53A

                    Sorry...gone on training for 3 days with no internet access.  Have sent file as requested.  Am not sure where the (image001.gif) file referenced in file analysis came from. The only file I sent was "service information.exe" and that is only file that show up in the zipped folder, or when I extract it.

                    • 7. Re: Possible False Artemis-Artemis!8A8CB6C6E53A

                      Got same instant replay as as I did the first time.  Now file is being referenced as "Generic.Tra!8A8CB6C6E53A" when OnAccessScanning detects and deletes it. Waiting email promised by original response:

                               

                      ...Your submission is being forwarded to an McAfee Labs

                      Researcher for further analysis. You will be contacted by McAfee through e-mail with

                      the results of that analysis. ...

                       

                      Any additional suggestions would be most welcome.

                       

                      John

                      • 8. Re: Possible False Artemis-Artemis!8A8CB6C6E53A
                        Nitin Kumar

                        HI,

                         

                        McAfee(R)Artemis technology provides real-time protection that securesenterprises and consumers from threats as they strike and much quickerthan traditional signatures can be deployed. As Artemis is updated inreal-time there is no requirement to wait for a full DAT update nor touse an EXTRA.DAT intermediate solution. Simply wait approximately 30minutes and this false will no longer exist or trigger on your system.Depending on the network settings you have or the caching involvedbetween your system and ours it may take slightly longer for this false alarm to be resolved.

                         

                        Thanks,

                        Nitin Kumar

                        McAfee SME

                        • 9. Re: Possible False Artemis-Artemis!8A8CB6C6E53A
                          Peacekeeper

                          Nitin

                          OK so to get the false detection noted the user still has to submit the malware? Can to confirm teh steps to get an artemis detection not noted when it is thought to be a false detection?

                          1 2 Previous Next