1 2 Previous Next 13 Replies Latest reply on Sep 7, 2015 6:03 AM by catdaddy

    False Artemis!8267C92286C9 (Trojan)

    dinesh.ahuja

      We are getting this detection but when we try to a specific file from one location to another.

      Whereas if we scan this file manually on the same machine with same McAfee it does not show any detection.

      Attached is the zip file having exe


      Sorry it against the forums Terms of service to attach suspect files see below Mod

        • 1. Re: False Artemis!8267C92286C9 (Trojan)
          Peacekeeper

          What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

           

          Follow the email submissions and zip and password protect the file. You will get an immediate reply with an analysis ID number post that here and if not addressed in 4 days post back and I will escalate it direct to the lab techs

          • 2. Re: False Artemis!8267C92286C9 (Trojan)
            dinesh.ahuja

            I tried to send the file using Winzip and added the password as infected and somehow when it reaches the server it says

             

            McAfee Labs - Beaverton

            Current Scan Engine Version:5700.7163

            Current DAT Version:7827.0000

            Thank you for your submission.

             

            Analysis ID: 9448447

             

            File Name Findings Detection Type         Extra

            --------------------|------------------------------|---------------------------- |------------|-----

            automation_desktopsa|no password                   |                            |            |no  

             

            no password [automation_desktopsamplesvs10x86vb_x86.exe]                                          

             

               A file you submitted did not arrive in a password-protected ZIP file. Please see      

            http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx for          

            instructionson how to submit a sample to McAfee Labs.                                 

             

            Note –

             

            Due to the prevalence of network gateway AV products, it is important that all        

            submissions be zipped and the zip file password-protected (password - infected). Some 

            products will reject an email that contains a virus that is not sent in this way. In  

            addition, often we receive a file that appears not to have been infected, to find     

            later that the file was infected when it left the sender, and was cleaned somewhere   

            along the line.

             

            Regards,                                                                               

             

             

             

            McAfee Labs                                                                           

            • 3. Re: False Artemis!8267C92286C9 (Trojan)
              catdaddy

              dinesh.ahuja,

                                Due to our Geographical locations and time zones. (Australia) Peacekeeper is most likely asleep at this time. I am certain he will correspond this afternoon when awakening.

               

              All the very Best,

              Catdaddy

              McAfee Volunteer Moderator

              Consumer Products

              • 4. Re: False Artemis!8267C92286C9 (Trojan)
                exbrit

                It appears you aren't submitting them correctly.

                They must be zipped and password protected  (i.e. encrypted) using the word infected and from the above you are not doing one or the other, or both.

                Here's how using Winzip:  How do you encrypt files in a Zip file with WinZip? - WinZip Computing :: Knowledgebase

                 

                Or using Windows own compression:  How to create and use compressed (zipped) folders in Windows XP

                • 5. Re: False Artemis!8267C92286C9 (Trojan)
                  dinesh.ahuja

                  Finally i was able to send it successfully.

                  • 6. Re: False Artemis!8267C92286C9 (Trojan)
                    dinesh.ahuja

                    Here is the response

                     

                    McAfee Labs - Beaverton

                    Current Scan Engine Version:5700.7163

                    Current DAT Version:7827.0000

                    Thank you for your submission.

                     

                    Analysis ID: 9448609

                     

                    File Name Findings Detection Type         Extra

                    --------------------|------------------------------|---------------------------- |------------|-----

                    automation_desktopsa|inconclusive                  |                            |            |no  

                     

                    inconclusive [automation_desktopsamplescs64bit.exe]                                                

                     

                       Automated analysis was not able to determine that this file is malware. This file is  

                    being sent for further processing and the DAT files will potentially be updated if    

                    detection of this sample is warranted.                                                

                    • 7. Re: False Artemis!8267C92286C9 (Trojan)
                      exbrit

                      That's the automated response.  Sounds good, now it will be several days before anything happens usually.

                      • 8. Re: False Artemis!8267C92286C9 (Trojan)
                        catdaddy

                        dinesh.ahuja,

                                           Could you please confirm if your issue has been resolved, or if you need further assistance?

                         

                        Thank You,

                        Catdaddy

                        McAfee Community  Moderator

                        Consumer Products

                        • 9. Re: Re: False Artemis!8267C92286C9 (Trojan)
                          dmeier

                          The file that was detected, has this MD5 hash: 8267c92286c98bdb5e7a676496e79b80, the file that you submitted, has this MD5 hash: fd2a21cce7a34cfe33d8ee11e4ffa704 (file name automation_desktopsamplescs64bit.exe, I'm not sure where the discrepancy is.

                           

                          Let me check to confirm we actually have the sample on our side, and I'll write back.

                           

                          - David

                          1 2 Previous Next