3 Replies Latest reply on Apr 12, 2012 1:23 PM by showvik

    Possible False positive - Artemis!769E63185BE6

      2 years back I had created an exe file from a bat file by using "Bat to Exe Converter v1.5.1". From 10th April McAfee has started detecting this exe to be infected with "Artemis!769E63185BE6". As this exe has been bundled with a product that is in the market for past 2 years I need to detrmine whthere the files is really infected ASAP.


      One more update: McFee is detecting the virus on desktops but not on the server edition of microsoft OS .. Desktops and servers have sane version of Dat file (6677.0000)


      Message was edited by: mail4deepak on 4/12/12 5:09:21 AM CDT


      Message was edited by: SamSwift - please no attachements, even if you believe them to be clean. on 12/04/12 13:50:10 IST
        • 1. Re: Possible False positive - Artemis!769E63185BE6



          I'll ask one of the team to take look at the detection name. Are you able to send us the file using the submit a sample link on the main security awareness community page please? Do make sure you put the word 'FALSE' in the email subject line.



          • 2. Re: Possible False positive - Artemis!769E63185BE6

            I was able to submit to Virus_Research@avertlabs.com. This is the reply that I got.


            McAfee Labs - Beaverton                                                   
            Current Scan Engine Version:5400.1158                                     
            Current DAT Version:6677.0000                                             
            Thank you for your submission.                                            

            Analysis ID: 6991476

            File Name            Findings                       Detection                    Type         Extra
            --------------------|------------------------------|---------------------------- |------------|-----
            dbcreatebackupdump.e|inconclusive                  |                            |            |no

            inconclusive [dbcreatebackupdump.exe]                                     

               Automated analysis was not able to determine that this file is malware. This file is
            being sent for further processing and the DAT files will potentially be updated if
            detection of this sample is warranted.                                    

            • 3. Re: Possible False positive - Artemis!769E63185BE6



              Artemis!769E63185BE6 has been suppressed. Please allow up to 30 minutes for the update to reflect in Artemis system. Some systems where Artemis feature was not enabled, may not have shown this detection.