3 Replies Latest reply on May 6, 2013 5:40 AM by showvik

    Possible false alarm? Artemis!CF09A45B2660

      I have read online that certain Artemis trojans that appear in a McAfee scan are not actually a virus but part of the McAfee program. McAfee "support" has tried to charge me $129 for the privilege of checking to see if it is in fact are virus or not.

       

      McAfee cannot remove this from my system and the file path it gives me to remove it myself contains nothing (including no hidden folders as far as i can see)

       

      Can anybody advise? I am not very good with computers but don't want to waste my time taking PC to a computer store if not necessary.

       

      Also, does anybody know what these Artemis viruses actually do to the PC? Does is open my computer up to hackers?

       

      Thanks in advance.

        • 1. Re: Possible false alarm? Artemis!CF09A45B2660
          exbrit

          Support would normally steer you to their virus removal service which, as with other security software makers, is a chargeable service, but there's always a free alternative, see the last link in my signature below.

           

          Artemis is the name McAfee gives unknowns that are detected and automatically submitted to the labs for analysis.

           

          If you think it's a false detection, which sometimes it can be, then read here:  https://community.mcafee.com/thread/2016

           

           

           

          .

           

          Message was edited by: Ex_Brit on 09/04/13 9:14:47 EDT AM
          • 2. Re: Possible false alarm? Artemis!CF09A45B2660

            Unfortunately you can't believe everything you read on the Internet.

             

            Artemis is the code name for the McAfee system which tries to detect malware much earlier than our researchers and data centers - it can be 5 to 30 days in front of typical detection methods.

             

            https://community.mcafee.com/community/security/malware_discussion/artemis

             

            Basically, whenever your machine sees a new piece of code, it hashes it (creates a mathematical "signature" of the code), pulls out some attributes, like whether the code is signed, 64bit mode etc, and then asks the McAfee brain in the cloud whether this file has been seen before.

             

            Depending on who else is asking about that same thing, and the unique attributes of it, the McAfee brain (Artemis) may decide that it's unwise to run that program - That's when you get an Artemis warning message.

             

            Your program may be ok, but it's reached a threshold that it's more than likely bad. We don't know anything else about the function of the file at this time, only that it matches the characteristics of other files which have turned out to be bad.  If the file no longer exists, then probably your system already deleted it. Maybe it was a temp file? What folder was it in?

             

            If you want to do a deep scan of your system, you can use Stinger - http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

            • 3. Re: Possible false alarm? Artemis!CF09A45B2660

              Hi,

               

              This is a valid hit and identified as ZeroAccess variant.

               

              You may read more about this malware, including the remediation steps, from the following resource:

               

              https://kc.mcafee.com/corporate/index?page=content&id=PD23412

               

              Use the following Rootkit Removal tool to confirm that the infection is cleaned successfully:

               

              http://www.mcafee.com/in/downloads/free-tools/how-to-use-rootkitremover.aspx

               

              We also recommend you to submit the suspicious samples using one of the methods mentioned at:

               

              http://www.mcafee.com/in/mcafee-labs/resources/how-to-submit-sample.aspx

               

              The e-mail method should be suitable here. Kindly include the detection logs in your submission.

               

              You may also use GetSusp to check if there are any more suspicious files on the affected machine.

               

              http://www.mcafee.com/in/downloads/free-tools/getsusp.aspx

               

              Do let us know the submission ID received on making a successful submission. We will respond to your submission with specific instructions to remediate this.

               

              Note: If the machine has Windows Vista or higher or has UAC(User Access Control) enabled, the above tools should be run from an Administrator account. Otherwise, you may right click on the tool and select 'Run As Administrator.'

               

              Regards,

              Showvik

               

              Message was edited by: showvik on 5/6/13 5:40:09 AM CDT

               

              Message was edited by: showvik on 5/6/13 5:40:30 AM CDT