MALWARE Detection - Type: TROJAN, Detection Name: ARTEMIS!Cxxxxx. I can no longer use QSPICE under this circumstance

Hello all,

YESTERDAY I updated QSPICE, and after the update I received a virus detection type TROJAN, Detection Name: ARTEMIS! C4xxx (some numbers). I want to mention that QSPICE I installed it on my working laptop, laptop that has antivirus/virus detection security system/corporate firewalls.

Were detected three instances of malware, which are listed below:

  1. C:\Program Files\QSPICE\Examples\acmesemi.dll - Trojan horse variant, Detection name: ARTEMIS!C46926E99603
  2. C:\Users\name\AppData\Local\Temp\v7vg.0\02a6b3b8.EXE - Trojan horse variant, Detection name: ARTEMIS!C46926E99603
  3. C:\Users\name\AppData\Local\Temp\v49w.0\02a6bbc0.EXE - Trojan horse variant, Detection name: ARTEMIS!C46926E99603

And after detecting this TROJAN virus, TODAY I had (MANDATORY/URGENTLY) to uninstall QSPICE from my working laptop, forced by IT guys due to this TROJAN/MALWARE virus detection.

Under these conditions I can no longer use QSPICE on my working laptop, due to this virus detection. I can only use QSPICE on a laptop where viruses are allowed to enter.

From what I’ve read and from what I understood so far, this QSPICE is free for everyone, free even for commercial use.

What should I do in this case? @Jeff_Strang @Engelhardt

image

image

Those are false positives. What you need to do is ask ARTEMIS for your money back. There’s really the only solution.

The problem is this: Any 3rd party selling anti-virus software needs viruses to exist and they need you to believe you get occasionally infected with them for that party to be in business. During the dot com bubble, there were online scanners that would report false positives so you’d buy their product. Today, it remains a low risk for a 3rd party to report false positives as long as they don’t do it on extremely popular software. QSPICE is new, so a 3rd party can tell you it’s infected and have you not use it. The perception can be that the virus company saved your day, where the opposite is the fact.

People love to hate Microsoft, but only the Microsoft virus product has a business model that is in your interest. Microsoft(and yourself) are the only parties that don’t want viruses on your computer. 3rd parties all want viruses to exist and occasionally infect your computer. 3rd party virus companies are not your friend.

Two final thoughts (i) There is absolutely no excuse for detecting acmesemi.dll as infected. It is digitally signed with an extended verification authority at the highest level of security and has a SHA256 digest. The C++ source code top acmesemi.dll is even included. (ii) QSPICE is developed on a secure platform in a very secure location whereas virus companies need to have all those viruses to be able to detect them and can’t afford as secure of location as I work in.

–Mike

1 Like

Hello,

I have the same problem but with Avast. If I turn off for 10 minutes, the download starts but rapidely freeze and stay permanentely in that state.
Any explanation for happing this? How can I fix it?

Thank you,
Eduardo

Cornel, which anti-virus program is flagging QSPICE?

Acmesemi.dll is an example model that you can create using QSPICE’s C++ compiler. As Mike said, there’s no reason for it to be flagged, except that it’s new.

Jeff

We are applying for whitelist status with Avast and ESET.

Hello Jeff,

Please apply with Norton, as well.

On a Windows 11 Pro machine Norton flagged getqspice.com as “a known dangerous webpage” and quickly removed the installer. On a Win 10 Home the installer appeared as a 0 size file.

Thanks,

Horia

Thanks- I submitted the page to Norton. They do not have a whitelist program like Avast or ESET. If you wouldn’t mind clicking that “submit a dispute” link, it might also help.

The page itself is flagged as suspicious because it was registered recently (30 June). Hopefully once we get to more than a month out, that will no longer be a concern.

I already submitted the “dispute” to Norton.

Jeff, I don’t know exactly which anti-virus program/corporate firewalls the company I work for uses (but I saw something called Trellix). The guys from IT and cyber security completely scanned my laptop, they opened for me a ticket (which I hope that this ticket to be closed without problems) and jumped on me after the TROJAN “virus” generated by the update I made to QSPICE. I can use LTspice without problems, so I thought that I can use also QSPICE without such problems.

Jeff, and also, the IT ad cyber security guys forced me to uninstalled QSPICE from my laptop and they also told me nicely to not install QSPICE (at least until this thing with the TROJAN “virus” is solved).

I understand- IT Security’s job is to mitigate risk. We’re going through the whitelisting process with Avast, Norton, and ESET. It will take a few days. When the download server’s URL gets past the 30 day mark (around 31 July), it will also eliminate some false anti-virus flags. I can’t find a way to engage with Trellix as a software developer, so it may need to be whitelisted internally by your IT security team.

welcome to beta testing and compiling your own software…

where crappy anti-virus software flags every new executable as being bad, LOL

1 Like

Hi folks-

Avast has now whitelisted multiple key QSPICE files, including the AcmeSemi.dll sample. If you were having trouble with Avast, I’d appreciate you trying it again.

AVG has the same whitelisting page & process as Avast, so I’m hoping that the Avast whitelist carries over to AVG. If someone is able to check AVG, that would also be helpful.

Antivirus 360 Total Security blocks InstallQSPICE.exe

While I haven’t retried the QSPICE installation, I can say that AVG no longer prevents QSPICE from updating!

July 29th: It looks like Norton did the homework. Was able to install and run QSPICE on both Win 10 Home and Win 11 Pro machines.

That’s great news about Norton. Thank you!

Zscalar is blocking as the download; Identifying it as a trojan. Is anyone aware of a dispute/whitelist process for them?

Same problem, Zscaler has blocked the installation of QSPICE in my company laptop.

I haven’t found a way to whitelist with Zscaler. If you, as a user, have a “submit sample” option, we’d love to get them to review it.

On a somewhat related note, I have learned that Palo Alto Networks considers domains to be ‘new’ within 32 days of registration or ownership change. We’re at 32 days today, so let’s see what happens tomorrow. I’m keeping an eye on it.