5 Replies Latest reply on Jul 29, 2015 3:50 PM by dmeier

    Artemis!BCEE2DD4128A

    jjrice

      Trying to update a US Treasury Program called Saving Bond Wizard. McAfee blocks update as Artemis!BCEE2DD4128A

       

      Please help

        • 1. Re: Artemis!BCEE2DD4128A
          catdaddy

          jjrice,

                         Try following these Guidelines/Instructions; What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

           

                           For Corporate/Enterprise ;Submit a Virus or Malware Sample | McAfee Labs

           

          All the Best,

          Catdaddy

          McAfee Volunteer Moderator

          Consumer Products

          • 2. Re: Artemis!BCEE2DD4128A
            catdaddy

            jjrice,

                          Could you please confirm if your issue has been resolved? Or if you need further assistance.

             

            Regards,

            Catdaddy

            • 3. Re: Artemis!BCEE2DD4128A
              dmeier

              I'm currently sorting through the details.

               

              The file detection you mention, points to MD5 hash bcee2dd4128a67f6039162fef34d5c72. Which is reported to have the file name sbwcrv.exe. When extracted the file simply contains .txt files full of numerical values.


              jjrice.JPG


              This is also associated to two download locations having to do with savings bonds, that also have file names sbwcrv.exe.

              However, the files when downloaded from those links, have the MD5 hash of b35d8a1453a51a82ff7ab188251060eb.

               

              Their contents appear to be the same as above, leaving me with the question, what does this file do? Is it expected to simply drop .txt files?

               

              - David

              • 4. Re: Artemis!BCEE2DD4128A
                dmeier

                I'll recommend that you download the file from the source again, and confirm it's not detected.

                 

                I'm not sure why, but the file you first mentioned, seems to be a re-wrapped version using 7Zip, rather than the original that used WinRAR. I just can't tell for what purpose.

                 

                I'll likely whitelist the original file, but would feel better if you could re-download the package, and you should get the one with MD5 b35d8a1453a51a82ff7ab188251060eb, as I did.

                 

                - David

                • 5. Re: Artemis!BCEE2DD4128A
                  dmeier

                  I understand now that the .txt files are a "database update", to the original program "swbsetup.exe".  I still cannot figure out where you got the 7Zip version, and would prefer to not whitelist it, on the basis that the legit site points to the WinRAR version.

                  - David

                  1 of 1 people found this helpful