1 2 Previous Next 10 Replies Latest reply on May 2, 2012 8:39 AM by michaelm1

    Possible False Artemis!226F985A2463 - McAfee File

      Hi,

       

      I just started my pc, and a message popped up from McAfee that the above had been found and removed (Trojan). Looking at the History and Logs, it referred to the following file:

       

      C:\Program Files\McAfee\MSC\McIPTShm.dll

       

      This appears to be a McAfee file, and has not been picked up on my wife's pc which also has McAfee protection (the file still exists there, and appears to have been there for some time). My pc has a slightly newer version of McAfee as it updated at the weekend.

       

      Is this anything to be concerned about, or is this a false positive - very surprised to see McAfee delete one of it's own files.

       

      Thanks,

       

      GK

        • 1. Re: Possible False Artemis!226F985A2463 - McAfee File
          Vinod R

          Thanks for posting- we will check on this and get back to you.

          • 2. Re: Possible False Artemis!226F985A2463 - McAfee File

            I had the same thing occur regading the Aremis file, immediately after installing the new McAfee version. I was told to restart after installing the new version and the message about the Trojan appeared as soon as it was done rebooting. I have shut down my computer and am now using another to communicate. Concerned about using mine until I understand what is happening, but I have work to do on it.

            • 3. Re: Possible False Artemis!226F985A2463 - McAfee File

              Just this afternoon, I got a pop up notifying me the presence of the same trojan, which was able to be quarantined, etc.  As soon as a McAfee Total Protection update is initiated, the file seems to be replaced with the update session and not long after, the popup appears again.  I sent the file to McAfee via the main user interface.  One thing that was odd about all this, and frustrating, is that the virus signatures are able to detect it, but when you click on the hyperlink to take you to the virus info site at McAfee, it was not listed, at least at that earlier time today.  I do, however, realize that these are probably all similar, but the site did list many other ones ending with a lengthy alphanumerical string in their name.  At any rate, McAfee's Security Center seems to work ok without the file being in the program MSC folder after it is quarantined or deleted.  Since it seems it is being put in with an update, perhaps the file that is being sent as an update, has some glitch in it that is falsely triggering an identification of the artemis type.  Anyway, thanks, just thought I'd add to all this.  For now I will wait a bit before doing an update and hopefully if it is something wrong with a recent update to that mcIPTShm.dll file in the MSC folder, a fixed version will be added soon.  If it is a real thing, please advise.  Thanks so much !!

               

              GS

               

              on 4/30/12 3:06:33 PM CDT
              • 4. Re: Possible False Artemis!226F985A2463 - McAfee File
                Vinod R

                Thank you for sharing this information.

                 

                Artemis detection is part of our Global Threat Intelligence system. And is a realtime proactive update that has a self healing and learning logic. This system sometimes due to the high detection rate detects and removes seemingly stable files as well. Let's wait for the system to update it self. (Usually its take only a matter of an hour or so before it gets rectified on its own. subject to the network perforamance and the geography the end user is located.).

                 

                In any way- I have forwarded the request to the concerned team.

                 

                Appreciate your patience patience.

                • 5. Re: Possible False Artemis!226F985A2463 - McAfee File

                  I've got the same thing on 4 pcs...ran updates but MVT still reports the file and COM object as missing.  Even if a trojan was found, when MVT is run, why doesn't Mcafee download a fixed file to replace the missing file???  On one pc, I had found an object related to the "trojan" and purged it from quaranteen.

                   

                  Haven't we seen this before...Mcaffe Please make it so MVT doesn't just say "Unable to fix".... PLEASE GUYS

                  • 6. Re: Possible False Artemis!226F985A2463 - McAfee File
                    dougr_t3_support

                    Thanks for all the reports. This specific detection has been analyzed and updated in our database. Please let me know if you continue to receive this exact detection.

                     

                    Regards,

                    • 7. Re: Possible False Artemis!226F985A2463 - McAfee File

                      Not sure..if you fixed new detections...BUT, on my system MVT still reports 2 errors....related to the (now missing DLL).  In fact, I see on one pc that Mcafee detected and id'd the same named file (a purported trojan) and quarantined it on 4/20 and again on 4/30/12??  Are we to RESTORE the purported trojan dll from with Mcafee...If not then what?

                       

                      Obvisously, if we don't restore it (trust it) it won't be detected again as it's missing?  And I'd think it must be there for a reason and have a task in security?  And for those systems where users trusted the trojan message and deleted the "offending dll"  how about have MVT or the next (soon) McAfee update put it back on our systems ...PLEASE??

                       

                      Bob

                      • 8. Re: Possible False Artemis!226F985A2463 - McAfee File

                        Most recent update just installed (6:35PM Eastern USA) seems to have fixed all and re-intsalled the lost DLL...

                        • 9. Re: Possible False Artemis!226F985A2463 - McAfee File
                          dougr_t3_support

                          Thanks for the update. Sounds like the update mechanism saw the file was missing and pulled down a fresh copy. The work our content team did earlier has prevented it from being re-detected.

                          1 2 Previous Next