3 Replies Latest reply on Jan 29, 2014 1:24 PM by vinoo

    Possible False Positive - Artemis!BB934E25232B

    hazard772

      Greetings!

       

      Well, straight to the point -

       

      Summary:

      Mcafee detected a trojan while installing a purchased CD-version of Assassin's Creed IV: Black Flag

      Virus name: Artemis!BB934E25232B

      Filepath: Support/Software/uplay.unis.exe

      ---

       

      Description of what happened:

       

      Near the finish of installing a CD version of the game "Assassin's Creed IV: Black Flag" (which uses 3 disks. I was on the 3rd disk a the time of the incident), Mcafee popped up and said it detected a trojan in this filepath: Support/Software/uplay.unis.exe, quarantined the file, and asked me to either 'Restart Now' or 'Restart later'. I chose the latter - Restart later. After which, the installation 'was successfully installed'. I then tried to run the game, but Uplay (the game launcher for just about every Ubisoft game) then gave a prompt about installing the game..when it was already installed.

       

      Also, just seconds, if not miliseconds prior to Mcafee's popup, the installer for the game also popped a error message up. I cannot remember the full details since this happened a couple hours ago and was busy with a few things, but it said Access Denied at the bottom.

       

      After all this, I restarted the computer, tried to run the game again, and the Uplay launcher still said the same thing. Decided to run a scan on the ubisoft folder, and came back clean. So I uninstalled Assassin's Creed III (since I didn't want there to be any conflicts with uninstalling the Uplay launcher or the game I just installed), uninstalled Assassin's Creed IV: Black Flag(successfully, from the looks of things), as well as uninstalled the Uplay launcher/client, and am now here reporting the issue.

       

      Have yet to try reinstalling anything since the installation took around..an hour or so. Also, didn't have the Mcafee Real-Time Scanning disabled while the installation was taking place, but am somewhat considering this when I attempt it again unless the issue gets fixed with a update or something.

      --

       

      Additional details (Not sure if any of this may help, but might as well mention it):

       

      At first I was thinking that the issue occurred because I already had Uplay installed since I already had Assassin's Creed III installed via Steam, and I was installing this game via CD and perhaps something was getting overwritten wrongly or something like that. Not sure if this was infact the case.

       

      Looking into the issue, however, it was apparent that mcafee has had various issues with this game that were reported by others, such as other files being detected as a trojan with a different artemis name, etc.

       

      Also, when I click the hyperlink of the artemis name in the Mcafee Security History log, it brings me to a search on the mcafee site that says it didn't find anything.

      --

       

      Any help with this would be greatly appreciated.

       

      Thanks!

       

      --PS: In the "Information needed for possible Artemis false positive investigations" discussion/document - https://community.mcafee.com/docs/DOC-1265 -, the hyperlink 'webimmune' appears to be broken/invalid, or atleast for me it is.

       

      EDIT:: I read in another (unrelated) false-positive discussion topic about someone whitelisting a file..can someone explain to me how to do this?

       

      EDIT2: Copy/Paste/Quote of a user posting on the ubisoft forums back in November of last year, with the same issue:

       

       

      When I installed Assassin's Creed IV Black Flag, it was just about finished when this error popped up: "Unable to execute file: E:\Support\Software\uplay_unins.exe CreateProcess failed; code 5. Access is denied." At the same time, McAfee popped up and told me it blocked a trojan it had detected in the same file mentioned in the error, called Artemis something, and had blocked it. I don't know if this is nothing really, just McAfee being over-sensitive, but I thought I'd check to see if anyone else had the same problem. It didn't seem to stop it from finishing, so I'm not overly worried, but still want to know.

       

      Message was edited by: hazard772 on 1/28/14 7:51:46 PM CST