«

McAffee says I have it. Sometimes. Other times it tells me there are
no threats on my system.

What is this, and how do I know whether I actually have it?

Nick

From: "Nick B II" <>

| McAffee says I have it. Sometimes. Other times it tells me there are
| no threats on my system.

| What is this, and how do I know whether I actually have it?

| Nick

Heuristic detection. But you supplied insufficient information. You posted
"Artemis!0369AFFB46AA" but should ALSO be in the body of the post as well as WHAT was
indentified as being detected as "Artemis!0369AFFB46AA".

Log snippet(s) would help.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Nick B II <> writes:

> McAffee says I have it. Sometimes. Other times it tells me there are
> no threats on my system.
>
> What is this, and how do I know whether I actually have it?

Artemis is McAfee's heuristic detection engine. It's the "we don't
have a signature for this file, but it looks kinda suspicious
behaviorally, and we're still trying to figure out how suspicious it
is." Artemis also uses an internet facing database from mcafee that
grades it as an iffy file, and whether your mcafee client blocks it
depends on your heuristic detection level setting.

If you're interested in tinkering, you can restore the file from
quarantine with access protection disabled, and upload the file to
virustotal.com to see what other vendors think of the same file.

But doing that without managing to own yourself is not without
potential risk.

From: "Regis" <>

| Nick B II <> writes:

>> McAffee says I have it. Sometimes. Other times it tells me there are
>> no threats on my system.

>> What is this, and how do I know whether I actually have it?

| Artemis is McAfee's heuristic detection engine. It's the "we don't
| have a signature for this file, but it looks kinda suspicious
| behaviorally, and we're still trying to figure out how suspicious it
| is." Artemis also uses an internet facing database from mcafee that
| grades it as an iffy file, and whether your mcafee client blocks it
| depends on your heuristic detection level setting.

| If you're interested in tinkering, you can restore the file from
| quarantine with access protection disabled, and upload the file to
| virustotal.com to see what other vendors think of the same file.

| But doing that without managing to own yourself is not without
| potential risk.


You are "assuming" it is a file and it is worth restoring from quarantine. Theere is
insufficient information from this post to make such a statement. It could have been a
heuristic detection on Internet content in his browser cache. Thus it would be
unwarranted to restore from quarantine even if it was a False Positive declaration.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

> From: "Regis" <>
>
> | Nick B II <> writes:
>
>>> McAffee says I have it. Sometimes. Other times it tells me there are
>>> no threats on my system.
>
>>> What is this, and how do I know whether I actually have it?
>
> | Artemis is McAfee's heuristic detection engine. It's the "we don't
> | have a signature for this file, but it looks kinda suspicious
> | behaviorally, and we're still trying to figure out how suspicious it
> | is." Artemis also uses an internet facing database from mcafee that
> | grades it as an iffy file, and whether your mcafee client blocks it
> | depends on your heuristic detection level setting.
>
> | If you're interested in tinkering, you can restore the file from
> | quarantine with access protection disabled, and upload the file to
> | virustotal.com to see what other vendors think of the same file.
>
> | But doing that without managing to own yourself is not without
> | potential risk.
>
>
> You are "assuming" it is a file and it is worth restoring from quarantine. Theere is
> insufficient information from this post to make such a statement. It could have been a
> heuristic detection on Internet content in his browser cache. Thus it would be
> unwarranted to restore from quarantine even if it was a False Positive declaration.

I may be assuming, but at least I'm not an... nah, I won't go there.
LOL.

Yes, it's entirely possible the file isn't worth a worry or isn't a
threat, but then that's why one might preface an option with "if
you're interested in tinkering."

Restoring it and handling it safely to submit it to multiple engines
remains a good path to answer the original poster's first question
which was: "what is this?"

And probably more useful than peppering him with a litany of "your
question is worthy of me, specify the following" cruft.

From: "Regis" <>


| I may be assuming, but at least I'm not an... nah, I won't go there.
| LOL.

| Yes, it's entirely possible the file isn't worth a worry or isn't a
| threat, but then that's why one might preface an option with "if
| you're interested in tinkering."

| Restoring it and handling it safely to submit it to multiple engines
| remains a good path to answer the original poster's first question
| which was: "what is this?"

| And probably more useful than peppering him with a litany of "your
| question is worthy of me, specify the following" cruft.


Well your "If you're interested in tinkering" is just plain dumb. You don't tinker with
possibly malicious files and based upon the wording of the OP I can tell he shouldn't be.

The post lacks specific information to answer "What is this, and how do I know whether I
actually have it?". It is question on an unknown etity. That entity must be discerned
and quantified. A heuristic detection on an unknown files does prescribe "tinkering". It
requires obtaining the crucial information to come to a prescription of advice.




--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp