Is this a real virus?

I´ve downloaded a virus simulator and NOD32 didn´t detect it... the problem is that I think its not just a simulator, its a real virus.. i´ve sent it to Eset and got no answer. Sent it to KAV and:

Hello, it is a virus tool.


--
Best regards, Shvetsov Dmitry
Virus analyst, Kaspersky Lab.

e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/



> Attachment: virsim.rar

> The site i?ve downloaded this says its a virus simulator... but is this a
> virus simulator or a real virus?
>


Is this a real virus?

 

This one received...

 

But we're not speaking about DFK Threat Simulator or?

 

No problem, harmless

Because a lot of AVs detect this DOS tool as a malware, so, Happy Bytes, it is now in your mail box.

 

Nope, it's not a real virus. So no danger

 

Thanks for the answers Eset!

Just a question: So why KAV said this: "Hello, it is a virus tool."

 

Heh heh, good point...

Because Kav detects this 'test file' as a Trojan

Open notepad and write:

@echo off
resident.bat

Then save it as a file. Is it a malware from your mind?

 

Thanks..!

 

"Hello, it is a virus tool."

A "tool" means that it's not a virus itself.
You can have several different "virus tools" - some might encrypt existing virus and alternating them ---> Virus Tool. Such "TestVirus Dropper" you can classify as Virus Tools, even if they are NOT malicious.

 

But I don't think we add its signature as a virus tool

 

Another handy test file
I wonder how many others there are I'm yet to hear of

 

The question is, what you should do if you NEED that file.

About year ago, while first evaluating NOD32, after week or so fiddling with some difficult micro code(for microsensor), I ended up with "probable virus".

The access to file was blocked, the tools I was working with messed up too. I did not want to change NOD32 to exclude folders or extensions, and I cannot find "no action" option.
Eset support was asking for file. I was asking for general solution and did not submit the file - it is not the standard practice with code used in security devices. In answer, Eset was probably suspecting that I am writing a virus and our discussion was over.

Uninstalling solved the problem, but I would like to ask, what is the correct action in situation like this.

Thanks.

 

To submit the file. If the submitted file is evaluated like FP, then after next update will not be detected.

 

It definitely makes sense if you picked up that file somewhere.
Or, even if it is some code of existing program that can appear on other computer.
Or, if you are just playing around with something.

But it does not, if you are working on something and know what you are doing.
Or, there is no way that file can get to another computer - like microcontroller code.
Or, if internal regulations prevent you from submitting the file.
Or, if there is no time to wait until analysis and update is done.

I understand that NOD32 is not just for home user surfing dubious sites.
So, there should be some way to deal with such situations, and submitting file for analysis as main solution is just plain not serious (of course, it can be done with the purpose of improving NOD32).

 

Does adding it to the exclusions list not resolve your problem?

 

Submit the file to Eset, and if you cannot wait, disable AMON while the file is being analised in Eset labs.

 

I think that md5 exclusion directly from alert window should perfectly solve the problem.
Otherwise, how can I exclude file which is not created yet and I don't know the name? Stupid tools I was using, was creating file first in temporary directory, under some random name.
So, I would need to exclude all the directory, which I do not want, due to obvious reasons. I even think that ability to exclude directories is far more dangerous than ability to switch AV off.

 

IMHO it would not. ESET has to investigate all the FP and analyse why it happened. Therefore MD5 is not good solution.

 

And if you call the file resident.bat then you could successfully use your PC as a small heater just by running it. (after disabling AMON)