2 Replies Latest reply on Jul 10, 2012 7:03 AM by irhayward

    Artemis!294EC52C61C7 trojan


      Folders in my network shares are being hidden, and .exe files created with folder icons.

      McAfee VSE 8.8 says the .exe files are clean.

      Stinger detects them as Artemis!294EC52C61C7 trojan and deletes them.


      I am struggling to see why Stinger can detect and delete, and VSE 8.8 with latest DAT files cannot.

      My only course of action is finding out which user owns the .exe files and scanning their machine with Stinger.


      This is exactly what we installed ePO to avoid doing.


      Help appreciated.




      Ian Hayward

        • 1. Re: Artemis!294EC52C61C7 trojan

          Hi irhayward,


          Well, ePO means you are using the VirusScan Enterprise edition, correct?


          VSE (using ePO if you like) can have it's Artemis or GTI settings changed. I would check the setting you currently have in place for your systems. By default, this setting is set to Low I believe.


          Stinger, on the other hand, is not meant to be used broadly, but rather after a problem has been identified and specialty removal employed. It too has Artemis (or GTI) technology to help with 0-day infections. By default, it has a higher level of GTI/Artemis set. So, by it's default settings, Stinger is more likely to find False Positives when Artemis is the discovering technique. (By the way, Artemis or GTI, is simply a discovery of a 'Suspected' infection based on heuristics and other system's similar detections based on the web. So, GTI does not help remove a virus or malware, simply identify a potential file.)


          If you reduce the Artemis setting in Stinger, does Stinger still detect your files as potentially infected? How about changing VSE's Artemis level; does this detect these files?



          Ron Metzger

          • 2. Re: Artemis!294EC52C61C7 trojan

            Hi Ron,


            Thanks for your prompt reply. I have increased the Heuristic scanning level from "Very Low" to "Medium" in ePO. VSE 8.8 is now detecting and deleting the files reported as Artemis!294EC52C61C7 trojan (and a few other suspect files with other detections).


            I have written an ePO query to display the detection information and deletions, and I am now chasing user machines and removable devices around our fairly complex environment.


            Thanks again


            Ian Hayward