8 Replies Latest reply on Aug 10, 2016 3:29 PM by catdaddy

    FALSE: Artemis!93D3036559E2

    stefanschnell

      Hello community,

       

      I am fresh in this community, so at first I will say hello

       

      My name is Stefan and I am a software engineer in a company which develops software for the German statutory health insurance. Our software bases on SAP and I develop the most time in ABAP language. Additionally in my free time I programmed software to simplificate the development process in the SAP context. Therefore I develop a tool for SAP GUI Scripting, which automate user interaction. And now I have trouble with this tool with a virus alert in our company.

       

      Sine version 3.00 of my tool detects McAfee enterprise Artemis!93D3036559E2 resp. McAfee-GW-Edtion Artemis in my tool, Tracker.exe. Funny is, that in the version 3.01 - with tiny bug fixes - McAfee doesn't detects malware. But actual in the version 3.02 - which is only compiled with a newer version of the compiler - it detects Artemis again. So I send this morning the complete package to virus lab of McAfee, as it described here. This afternoon I found another description here which proposes to send more information.

       

      Well I hope I can offer this information here:

      • A list of all files contained in the sample submission, including a brief description of where or how you found them
        COM.ps1 - PowerShell script for COM support
        Hinweis.txt - Text file with hints
        Recorder.dll - Library which contains version information about Recorder.exe
        Recorder.exe - Executable which records user activities on the SAP GUI for Windows
        Scintilla.dll - Library for the editor
        Snippets.xml - XML file with code snippets
        Tracker.chm - Help file
        Tracker.exe - Main program, Scripting Tracker
        Tracker.ini - Preference file of Scripting Tracker
        TypeLibInfo.dll - Library to analyze SAP GUI Scripting APIThe complete set of files can be found http://tracker.stschnell.de/tracker.zip
      • What symptoms cause you to suspect that the sample is malicious
        McAfee virus scanner detects in Tracker.exe Artemis virus
      • Whether any security products find a virus
        Only McAfee virus scanner detects Artemis
      • Your McAfee product information
        McAfee enterprise with signature files from 08.08.2016
      • Any system details that may be relevant, including operating system and service packs
        Windows 7, x64

       

      Thanks for your support.

       

      Cheers

      Stefan