6 Replies Latest reply on Sep 4, 2015 8:25 PM by catdaddy

    Artemis!AE5D7AEFD4F6

    mac_mdp

      I downloaded A ROM file from cyanogenmod.org (DO NOT CLICK IN THE LINK BELOW, IT'S GIVEN FOR MODERATORS ONLY)


      Sample removed for security reasons and board terms of service - no need - the Labs already have it and Moderators do not open malware samples.

       

      I right-click scanned the zip file and McAfee found Artemis!AE5D7AEFD4F6 Trojan.

      (As always, if I right-click scan a single file McAfee shows two files scanned, but that error is for another topic )

       

      McAfee says the file has been quarantined, but the zip file is still in the download folder.

      I have Spybot with TeaTimer disabled, it shows no threats.

       

      I'll look registry changes using Artemis! search results. And I'll run a full scan. Post results ASAP.

       

      Is this a false positive?

       

      mac

       

      Message was edited by: Ex_Brit on 14/02/14 9:02:50 EST AM
        • 1. Re: Artemis!AE5D7AEFD4F6
          exbrit

          Have you checked the Quarantine folder?  I don't know whether you are using consumer, Windows or Mac software, or Enterprise software so can't advise on how to find that.

           

          If you believe it's a false positive then appeal it and I've outlined what to do here:  https://community.mcafee.com/thread/2016

           

          If you aren't sure then you'll have to await the labs decision on the Artemis investigation.

           

          I removed the zip as Mods and others here do not open samples,. ever.

           

           

          .

           

           

           

          Message was edited by: Ex_Brit on 14/02/14 9:09:46 EST AM
          • 2. Re: Artemis!AE5D7AEFD4F6
            mac_mdp

            I'm on Win XP, Dell MIni 10, home user.

             

            I opened mcafee, went to quarantined items tab, nothing to show,

            even though the Quarantine folder has what it seems, a copy of the zip file but with another name.

            The zip file I have downloaded was still in the Chrome download folder. I ran another right-click scan on it and mcafee said the file was now ok.

            Then I trashed it.

             

            I looked into the registry but I found no changes yet. Still cheking, it takes time

             

            I removed the zip as Mods and others here do not open samples,. ever.

             

             

            mac

             

            El mensaje fue editado por: mac_mdp on 14/02/14 12:56:03 CST
            • 3. Re: Artemis!AE5D7AEFD4F6
              exbrit

              Dell Mini1010 wow.  I have one and no longer use McAfee on it because it slowed it too much (from what it already was...slow anyway).   Do you find the software works?  If so what version is it?

               

              Maybe it quarantined something within the folder only?   just a thought.

              • 4. Re: Artemis!AE5D7AEFD4F6
                mac_mdp

                Maybe it quarantined something within the folder only?   just a thought.

                Size of quarantined item and the original zip file was almost the same, just a few bits of difference.

                Possibly mcafee soft was not sure if it was a real threat and put a copy in the Quarantine folder leaving the original file untouched...

                I believe that it is unlikely that the guys at Cyanogenmod.org host an infected file.

                Dell Mini1010 wow.  I have one and no longer use McAfee on it because it slowed it too much (from what it already was...slow anyway).   Do you find the software works?  If so what version is it?

                Mcafee internet security v12.8

                It came with my dell. It slows the machine, but full version of other antivirus does the much same.

                I have suscription for two more years, if not I'd install Mac OS X

                 

                mac

                • 5. Re: Artemis!AE5D7AEFD4F6
                  exbrit

                  Yes I've often thought about a MAC but for one reason or another never quite made it.   So I have my pre-Dell Alienware monster still crunching away here.   It'll last me a while longer.

                   

                  Well I guess all you can do is wait and see what they come up with re: the Artemis detection.

                  • 6. Re: Artemis!AE5D7AEFD4F6
                    catdaddy

                    Due to the fact this was asked in 2/14/2014. I am marking this thread as 'Assumed Answered' and Locking.

                     

                    Cliff

                    Moderator