1 2 Previous Next 16 Replies Latest reply on Oct 5, 2016 2:11 PM by catdaddy

    False  Artemis!ABA2DFCBE39F

    wixey

      Hi,

       

      McAfee Security Center Detected and Quarantined the following during a Full Scan today: Artemis!ABA2DFCBE39F

       

      According to McAfee's Quarantine data the Trojan was detected at 22:22pm, but I've never been sure if the detection time indicates the time the infection was detected after entering the system, or if it just indicates what time is was when the scan found the infection. If it's the former, the site I was on at the time was "www.astrodienst.com", which I've visited many times before without any problems virus-wise.

       

      What confuses me is how this apparent Trojan didn't cause any of the effects normally associated with this kind of infection, e.g. displaying pop-ups, redirecting search results, etc. I ran an MBAM scan last night which found nothing, so presumably it turned up today. I've searched the McAfee virus database but it doesn't recognize it.

        • 1. Re: False  Artemis!ABA2DFCBE39F
          catdaddy

          Hi Wixey,

                         Is the quarantined file still in your Quarantine area?   Any how follow these Guidelines/Instructions to get your Artemis Files submitted :What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal

           

                          Give it 3 or 4  business days for them to process. If not resolved, kindly post back the (Analysis ID #) you should receive after your submission. Then I/We will contact someone internally on your behalf, and escalate your issue.

           

                           The Engineers work closely with us, so it should be no problem.

           

          All the Best,

          Cliff

          • 2. Re: False  Artemis!ABA2DFCBE39F
            wixey

            Hi catdaddy,

             

            Yes, the file is still in Quarantine. I've read the link but an unsure where to locate the file once it's been removed from Quarantine, as it's a .tmp file.

            • 3. Re: False  Artemis!ABA2DFCBE39F
              catdaddy

              In the vast majority of the time a False Artemis! ends up being harmless. In your particular case especially since the Site you mentioned is rated safe by McAfee Web Advisor. I also accessed it with no issues I might add. It could be the case that it was not that site, so I would submit the Detection as suggested and save the Analysis ID#, for future use if the need arises.

              • 4. Re: False  Artemis!ABA2DFCBE39F
                wixey

                Hi,

                 

                Just an update. I sent a sample via email (the ID number is 10168368) but so far the results are inconclusive; the reply I got back a few hours ago said the sample "might be malware" and more tests needed to be carried out.

                 

                This has left me in an awkward situation as since I had to restore the Artemis file from Quarantine to send a sample and now can't re-Quarantine it as McAfee no longer detects it as suspicious, even after a Full Scan. I'm not happy leaving the files where they are knowing they "might" be harmful. Despite this, I haven't seen any odd behavior from the computer, although two "ini" desktop files appeared on my desktop at startup. I've never seen these before, even though I have "show hidden files" checked. I'm not sure if this is linked to the Artmeis or not and if so, whether it's something to be concerned about.

                • 5. Re: False  Artemis!ABA2DFCBE39F
                  catdaddy

                  Hi Wixey,

                                  Trust me on this..if you have not experienced nothing untoward as far as your Software functioning properly, etc. I would not be concerned. Let us await for the the results from McAfee Labs. I may be mistaken, however I feel comfortable expressing such.

                   

                                   Thank you for providing the Analysis ID #  as asked...

                   

                  Regards,

                  Cliff

                  • 6. Re: False  Artemis!ABA2DFCBE39F
                    catdaddy

                    Your Escalated Ticket Number is:Ticket #: AM000638 - False Artemis

                    I also received this  from the Labs shortly after my last post....

                     

                    Hi Cliff,

                     

                    We are looking into it.

                     

                    Regards,

                    Masthan

                    • 7. Re: False  Artemis!ABA2DFCBE39F
                      catdaddy

                      wixey,

                                      I just received confirmation that your detection has indeed been suppressed. Could you kindly confirm as well?

                       

                      The detection is suppressed now.

                       

                      Md5: dad9f9eb3b5f5a81f12a5499bed34c5f

                       

                      Thank you,

                      Masthan

                      • 8. Re: False  Artemis!ABA2DFCBE39F
                        wixey

                        Hi catdaddy,

                         

                        Thanks for getting back. So far I haven't received any messages regarding the detection being suppressed (I've also checked my Junk Mail folder in case it got sent there).

                         

                        Does "suppressed" mean the file was clean? If so, is it all right to delete the file from Quarantine? Also, is it okay to delete the .zip file containing a copy of the submitted file?

                         

                        Having done some research on the detected file I'm almost certain it was linked to a program called Texmod, which modifies PC game textures. I've been using this program for a couple of years and have never had problems with it, but wouldn't be surprised if McAfee thought it might be malware as I've seen other Anti Virus programs mark it as dangerous because it temporarily modifies files. Presumably the Anti Virus programs think the program is acting like a Trojan and label it as one.

                        • 9. Re: False  Artemis!ABA2DFCBE39F
                          catdaddy

                          wixey,

                                            Generally speaking, when I get correspondence back from the Labs. Indeed the Detection has  been suppressed/white listed and should not be detected again. As for your question of 'Deleting/Removing from your Quarantined Area...Yes I would indeed do so.

                           

                                            For as confirmed by the Technician/Engineer from McAfee Labs, it is safe.

                           

                                           I almost took the Liberty of Marking the thread as 'Correctly Answered', as the case is always their determination is basically (Written in Stone).

                           

                                           You may try accessing the Site/or what ever you attempted to initially. If there are no issues, then indeed you can be self-assured that all is OK . Now I have to get ready for our Weekly Conference Call. I will check back afterwards.

                           

                          All the Best,

                          -CD/Cliff

                          1 2 Previous Next