1 2 Previous Next 13 Replies Latest reply on Oct 23, 2009 6:56 PM by exbrit

    Artemis!xxxxx trojan

      Since Sept 1, 2009 McAfee (COX) VirusScan Security Suite V13.3, engine 5301.4018, DAT 5730.0000 started reporting the virus “artemis!xxxxx” on 4 files in the GIMP V2.0 program plus others which were windows restore files. McAfee quarantined the files. I used AVG free V 8.5.409 DAT file 270.13.76/2345 to check these files for virus and none were found – after I restored the files in McAfee. I then went Webimmune.net and had all 4 of the GIMP .exe files checked for virus and all checked out inconclusive!

      I can find no way to give this info to McAfee because they don’t have phone support. I tried CHAT and give up in frustration with the “canned” answers after they only half way read my questions.

      Has anyone else had this problem recently? I read a similar post in February and it suggested sending files to Webimmune (which I did) and it said if Webimmune found no virus, it would report it to McAfee and hopefully they will “exclude it from their database”.

      It's only 2 days now after sending to Webimmune so I'm not sure how long it takes for them to fix McAfees Artemis which is the new "Active Protection" component of Security Center using heuristics.
        • 1. RE: Artemis!xxxxx trojan
          exbrit
          I've put stickies in various spots on how to deal with Artemis and other possibly false detections. here's one of them: http://community.mcafee.com/showthread.php?t=228162
          • 2. Artemis!xxxxx trojan - REPLY
            When Artemis and/or McAfee finds it has mistakenly misidentified files with virus, what does the program do to tell the user that they have messed up and the user/OrTheirProgam needs to unquaranteen the files they misundentified so they are returned to the user so they can be used. I'm sure McAfee has misundeftified some of my files in the past an am peturbed that they don't provide that feature.
            • 3. RE: Artemis!xxxxx trojan - REPLY
              exbrit


              Artemis is the "Active Protection" part of VirusScan and can be turned off if you wish. Basically, if something unknown is detected, it dials home to compare with the latest database. If it's not found and it thinks it could be malicious it tells you that it has quarantined whatever it is. Then it's up to you to decide.
              It's dealing with unknowns so it can't make the final decision for you. It was only introduced in the last year or so.
              • 4. Artemis!xxxxx trojan - REPLY
                Thanks ExBrit. I have turned off "active protection" so Artemis isn't working. Then went back to all the .exe files (from the program GIMP) which I think are OK and "restored" them with McAfee. I haven't restored all the "system restore" files which McAfee quaranteened as I don't have any idea what the file is that McAfee identified - each of the system restores identifies a file as a sequentially number file with the name A0088503.exe, A0088504.exe etc!

                How would I tell when Artemis has been updated so I can turn ON active protection and hopefully not get these mistaken virus identifications? When this first saw these virus reports, I just restored the files but the next days scan just quaranteened them back.
                • 5. RE: Artemis!xxxxx trojan - REPLY
                  exbrit
                  Basically you don't know when it's been updated until it stops detecting something as an infection. The best and fastest way is to submit the files if possible as per that link in the above post. If you do it by email then they will hopefully send you an extra.dat or include the items in a subsequent update.

                  By turning off Artemis or should I say Active Protection, they will never receive those files so will never update to cover them.
                  • 6. Artemis!xxxxx trojan - REPLY
                    I submitted several of the files by email to webimmune. EVERY TIME I try to submit any of the small files directly using Virusscan, I keep getting the error message something like could not send file - network problem. Any idea what is wrong with "network". A few days ago when I "chatted" on the web with Mcafee, that tech said they know they are having problems! When will it be fixed?

                    I may have misunderstood. I assume that when I stopped "active protection" that McAfee is still using the DAT file to check for virus - is that correct? or am I now getting NO virus protection? Hopefully Artemis and DAT file protection are separately enabled or disabled.
                    • 7. RE: Artemis!xxxxx trojan - REPLY
                      exbrit
                      I have the same issues with that network error. I submit by email after reinstating the file as per that link.

                      No idea when that error will be fixed.

                      You regular VirusScan is still protecting, don't worry.
                      • 8. RE: Artemis!xxxxx trojan - REPLY
                        Can you tell me where I can find the files that McAfee has quaranteened so I can check the file size. I'm sure the file is saved in some way on my PC as I can restore it. I want to see how much space is being used especially for the system restore files that McAfee Artemis thinks have a virus. I did a search on this web site and can find the answer to this question.
                        • 9. RE: Artemis!xxxxx trojan - REPLY
                          exbrit
                          Quarantined files are encrypted, therefore inaccessible.

                          See this thread for more info and links: http://community.mcafee.com/showthread.php?t=233666
                          1 2 Previous Next