8 Replies Latest reply on Nov 15, 2014 2:19 AM by catdaddy

    False positive Artemis!5490F131035A

    tuchkina

      My aplication idecrawler.exe has been detected like virus

       

      Never the less - i am sending false positive reports to your lab via 3 diff way and email.

       

      I receive answer about

      it's detected upgrate you virus data.

       

      i am developer. i want to fix and cxlean my software from a bad virus reputation.

       

      how can i do it?

        • 1. Re: False positive Artemis!5490F131035A
          Hayton

          If you submitted the application to McAfee Labs for testing and they replied that it failed their tests you have to look for the reasons why this might be so. If the prpgram failed the tests I cannot give a definite explanation why this happened but you should look for information on this site and any other site that also failed the program.

           

          There was a separate post about Idle-Crawler a week ago which provided some information about the application but in neither post do you say what is the version number that generates this particular Artemis detection. That could be significant because I have found reports relating to several different versions of this program from the past two months. All of these reports describe the program being analysed as the Idle-Crawler Installer or Setup program. The file size varies.

           

          Version 35.0.0.84 :

          • 13 July   -   Detected by 35 of 54 anti-malware programs (VirusTotal)

                                        File size 1.9 Mb

                                        McAfee  -  Artemis!9FA261FEB49F

                                        McAfee-GW-Edition  -  Heuristic.BehavesLike.Win32.Suspicious-PKR.S

                                        Microsoft  -  TrojanClicker:Win32/Clikug.C

           

           

          Version 59.0.0.407 :

          • 18 June  -  Detected by 12 of 68 anti-malware programs (HerdProtect)

                                        File size 1.4 Mb

                                        McAfee  -  Artemis!5490F131035A

           

          • 09 July   -   Detected by 27 of 54 anti-malware programs (VirusTotal)

                                        File size 1.3 Mb

                                        McAfee  -  Artemis!279412014E59

                                        McAfee-GW-Edition  -  Heuristic.BehavesLike.Win32.Suspicious-PKR.S

                                        Microsoft  -  TrojanClicker:Win32/Clikug.C

           

          • 13 July   -   Detected by   5 of 68 anti-malware programs (HerdProtect)

                                        File size 1.6 Mb

           

          Version 62.0.0.410 :

          • 30 June   -   Detected by 19 of 54 anti-malware programs (VirusTotal)

                                        File size 1.6 Mb

                                        McAfee  -  RDN/Generic.dx!ddl

                                        Microsoft  -  TrojanClicker:Win32/Clikug.C

           

          Version 65.0.0.413 :

          • 09 July   -   Detected by 35 of 68 anti-malware programs (HerdProtect)

                                        File size 1.6 Mb

                                        "Injects advertisements in the web browser in the form or banner ads and popups"

                                        McAfee  -  Artemis!0FF2B0F7AD04

                                        McAfee Web Gateway  -  Heuristic.BehavesLike.Win32.Suspicious-PKR.S

                                        Microsoft Security Essentials  -  TrojanClicker:Win32/Clikug.A

           

          Version 67.0.0.415 :

          • 11 July   -   Detected by 35 of 68 anti-malware programs (HerdProtect)

                                        File size 1.7 Mb

                                        "Injects advertisements in the web browser in the form or banner ads and popups"

                                        McAfee  -  Artemis!0FF2B0F7AD04

                                        McAfee Web Gateway  -  Heuristic.BehavesLike.Win32.Suspicious-PKR.S

                                        Microsoft Security Essentials  -  TrojanClicker:Win32/Clikug.A

          • 2. Re: False positive Artemis!5490F131035A
            tuchkina

            So please explane to me what you write me above?

            I have been sent the file and i asked you as a developer to review and reclassified my software, as i m been doing with the other antivirus companies.

            The reply just come to me all the time with detection - but i insist that my soft is not a virus: it is do not install without agreement of user, it is do not collecting private data of user.

            I want to know how to understand reply and which fact you have to name my soft as a virus - cos it is the only one way i can solve my problem

            • 3. Re: False positive Artemis!5490F131035A
              Hayton

              No, I asked which version of the software you asked the Labs to whitelist. There seem to be several versions around, and McAfee does not have the same detection for all of them. An Artemis number means something unknown has been found, but the detection may be a false positive; and there are different Artemis detection numbers for different versions of the program. Only one version was formally classified as a problem, and that dates from two weeks ago (Version 62). Version 59 is passed as okay, no problems with that version, according to the HerdProtect scan listing.

               

              The inclusion of the equivalent Microsoft detection for each version is simply because Microsoft have given an indication of the reason why the program was given a (potential) threat detection. This information is not available for McAfee's Artemis detections.

               

              I say nothing about the program itself : let McAfee Labs decide whether anything it does renders it potentially undesirable.

               

              In your original post you asked what you had to do get your software removed from the detection lists as shown by sites such as VirusTotal. The answer is, you have to look for the reasons why the program might have been detected by any of the antivirus vendors and (if necessary) remove or change whatever it is in the program that is causing them to flag it as suspicious. I would have thought that any reply you got from McAfee Labs might have indicated what it was they found (in terms of program behaviour) that could have caused an Artemis detection - if they found anything, that is. If they passed it as okay they would have said so.

               

              Edit -

              The Artemis number you provided is the one associated with Version 59, as shown in the HerdProtect report from 18 June. That version now seems to be okay, if the most recent HerdProtect listing is to be believed : there is no McAfee detection listed for that version.

               

              2nd edit : If you wish, I can provide an automatic translation of this post and my earlier post. I don't think English is your first language; Google Translate has difficulties in translating from English to Slavic languages but it's usually an acceptable translation.

               

              Message was edited by: Hayton on 16/07/14 19:07:26 IST

               

              Message was edited by: Hayton on 16/07/14 19:12:49 IST
              • 4. Re: False positive Artemis!5490F131035A
                tuchkina

                Good day.

                Thanks for thinking about my english. can tell you it's ok to understand what you are writing to me.

                The thing is: I have been sent file version 62 To Lab.

                I got a letter

                Thank you for submitting your suspicious file(s). We have determined that the following files are detected with our current DAT files.

                 

                        Reference  : (Escalation) 9037701

                        ---------------------------------

                       

                        +---------------------------+----------------------------------+--------------- ---+----------------------+-----------------+

                | File Name                | MD5                              | Findings        | Detection            | Type            |

                +---------------------------+----------------------------------+---------------- --+----------------------+-----------------+

                 

                        | idle-crawler.url          | c24a0852dbcba62fc6f92eab56510482 | clean            |                      | clean          |

                 

                        +---------------------------+----------------------------------+--------------- ---+----------------------+-----------------+

                 

                       

                        | setup.exe                | e551d4180af346be29164022b842997f | detected        | rdn/generic.dx      | trojan          |

                 

                        +---------------------------+----------------------------------+--------------- ---+----------------------+-----------------+

                 

                        VIL Link: http://vil.nai.com/vil/content/v_8380427.htm

                       

                        | setup.url                | e8b372c878f4069e000321341cb8ecec | clean            |                      | clean          |

                 

                        +---------------------------+----------------------------------+--------------- ---+----------------------+-----------------

                 

                Solution: 

                To ensure that you have the maximum capability of detecting and cleaning this malware, please make sure you have the latest McAfee scanning engine.

                \

                \

                \My question has not been answered - my software was not reviewed.

                Idlecrawler is not doing fraudclicks, neither using private data of user,  neither showing ads to user.

                We do ad research - and that is totally different. We collect data about advertising settings which have been implamented in google ads to be shown to user through google.

                I tried to answer on the letter above with questions and explanation to the mail of Lab, but nobody answer me.

                 

                Please help me to find Lab managers

                • 5. Re: False positive Artemis!5490F131035A
                  tuchkina

                  Waiting for your answer

                  • 6. Re: False positive Artemis!5490F131035A
                    id_supreme

                    I don't know why Idle crawler is flagged as a virus or a threat by most of AVs. Idle crawler is very sophisticated program for marketing needs. What it does and how it works can easily be understood and its effectiveness has shattered the competitors. Below is a video where Idle Crawler is properly described.

                     

                    Idle Crawler - Effective tool for successful marketing! idlecrawler.com - YouTube

                    • 7. Re: False positive Artemis!5490F131035A
                      catdaddy

                      @id_supreme,

                                       If you feel that the Software mentioned is Legitimate, please follow the Guidelines/Instructions:

                       

                      Corporate

                      Detection Dispute Submission | McAfee Labs

                       

                      Consumer

                      What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

                       

                      Regards,

                      Catdaddy

                      McAfee Volunteer Moderator

                      Consumer Products

                      • 8. Re: False positive Artemis!5490F131035A
                        catdaddy

                        I might add in addition, as you can see by prior discussions in regards to this Software. There are varying Versions. Therefore until you submit as suggested, for possible Clearance/Whitelisting it will continued to be detected.

                         

                        I hope this helps...

                        Kind Regards,

                        Catdaddy