1 2 Previous Next 11 Replies Latest reply on Jun 13, 2012 11:49 AM by roadkillsd

    False Artemis!C9BEA7A645AB

      This is a game trainer for Mass Effect. It injects code in order to override processes in the game so I can cheat. Much like a GameShark or Action Replay device to allow things like invincibility or unlimited ammo. It is completely harmless and should not be blocked. I have run it numerous times with the scanner turned off in order to play the game with it on. Please remove this from the scan as a threat.

       

      Mass Effect Trainer +12.exe

      Artemis!C9BEA7A645AB

       

      Thank you

        • 1. Re: False Artemis!C9BEA7A645AB
          Peacekeeper

          Submit the file as per

          http://vil.nai.com/vil/submit-sample.aspx

           

          They will immediately reply saying it is infected . Reply to that email with subject "false +ve detection Artemis!C9BEA7A645AB"

           

          Post the analysis number from the reply email here and if no fix in 3 days post back and I will stir them up.

          1 of 1 people found this helpful
          • 2. Re: False Artemis!C9BEA7A645AB

            I submitted it on 6/4 and got the following reply but have not heard anything since. Do you know if they notify you directly or it just gets updated without any notification?

             

            McAfee Labs - Beaverton

            Current Scan Engine Version:5400.1158

            Current DAT Version:6732.0000

            Thank you for your submission.

             

            Analysis ID: 7058755

             

            File Name Findings Detection Type Extra

            --------------------|------------------------------|---------------------------- |------------|-----

            mass effect trainer |inconclusive | | |no

             

            inconclusive [mass effect trainer +12.exe]

             

            Automated analysis was not able to determine that this file is malware. This file is

            being sent for further processing and the DAT files will potentially be updated if

            detection of this sample is warranted.

             

            Note –

             

            Due to the prevalence of network gateway AV products, it is important that all

            submissions be zipped and the zip file password-protected (password - infected). Some

            products will reject an email that contains a virus that is not sent in this way. In

            addition, often we receive a file that appears not to have been infected, to find

            later that the file was infected when it left the sender, and was cleaned somewhere

            along the line.

             

            Regards,

             

             

             

            McAfee Labs

            • 3. Re: False Artemis!C9BEA7A645AB
              Peacekeeper

              They should notify you but will ping a lab techa nd get him to have a look see

              • 4. Re: False Artemis!C9BEA7A645AB
                vinoo

                Do you have a public link from where this trainer file can be downloaded from? This is needed to verfiy its origin.

                 

                There are 20+ vendors detecting this file currently.

                https://www.virustotal.com/file/a7183d0f7c5683eceb851b7b0eee462f94bc53bbabf3bd82 2fcbfe79e73e05d5/analysis/

                • 5. Re: False Artemis!C9BEA7A645AB

                  It's from a member only site CheatHappens.com so you can't exactly link directly to the file without a login but it's located here: http://www.cheathappens.com/13879-PC-Mass_Effect_cheats. It's the first one on the list called MASS EFFECT MEGA TRAINER 1.02 (STEAM).

                   

                  Thanks!

                  • 6. Re: False Artemis!C9BEA7A645AB
                    vinoo

                    Thanks for the info.

                    File has been whitelisted. Give it ~25 mins for the false suppression to populate the Artemis cloud.

                    • 7. Re: False Artemis!C9BEA7A645AB
                      Peacekeeper

                      Thanks Mate.

                      • 8. Re: False Artemis!C9BEA7A645AB

                        Hmmm. Been more than 24hrs and it still tries to quarantine it as soon as I unzip it to a folder location. I've manually run the update process in McAfee Security Center and even rebooted my PC but still quarantines the file the moment I extract it.

                         

                        My software info:

                        McAfee SecurityCenter          McAfee VirusScan          McAfee Person Firewall          McAfee SiteAdvisor          McAfee Anti-Spam          McAfee Parental Controls          McAfee QuickClean and Shredder

                        Version: 11.0                           Version: 15.0                  Version: 12.0                             Version: 3.4                       Version: 12.0                   Version: 13.0                                Version: 11.0

                        Build: 11.0.678                        Build: 15.0.302               Build: 12.0                                 Build: 3.4.1.195                Build: 12.0.292                Build: 13.0.319                             Build: 11.4.418

                        Affid: 636                                  DAT: 6739                                                                              Affid: 636                           Content Ver: 4249

                                                                           Boot DAT: 6732.0000

                        • 9. Re: False Artemis!C9BEA7A645AB
                          vinoo

                          You're right. Let me escalate to the backend team to find out what's going wrong.

                          1 2 Previous Next