Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
416 Views 0 Replies Latest reply: May 3, 2013 1:50 PM by Valkyrja RSS
Valkyrja Newcomer 49 posts since
Apr 1, 2010
Currently Being Moderated

May 3, 2013 1:50 PM

New detections starting with SUSPECT-

Today I received a number of notifications in ePO that a number of files on remote computers had a detection. All began with Suspect-AH! and I have never seen these before. A closer examination revealed that many of them were Word documents that had used multiple "." to break up the name of the document. I know that naming items in that fashion can be a flag but not a sole reason for deleting a file.

 

The product is VirusScan 8.8.0.849 with DAT 7063.0000. The scan engine is 5400.1158. I have not applied Patch 3 due to the fact that I do not have Windows 8 machines present. Artemis Sensitivity level: Medium.

 

The systems in question are Windows XPSP3 and Windows 7SP1 computers. All workstations, no servers.

 

An example:

\Documents and Settings\(%USERNAME%)\Local Settings\Temporary Internet Files\Content.Outlook\(%RANDOM%)\An.eaxmple.doc2010.doc

 

I replaced parts of the path with appropriate items to relay their import but hide personal details.

 

In ePO:

Threat Name:Suspect-AH!299E2451731C
Threat Type:Trojan
Action Taken:Deleted
Threat Handled:true

 

I did a search for Suspect-AH and did not find anything. Is this how Artemis files are being named now?


--
You should hear the way my brain works sometimes.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points