Can someone do me a favor and send me a virus?

[suave] · #1 June 10th, 2005, 10:44 PM

I want to personally test a couple of antivirus software and I need some sample viruses.

So if someone could be so kind enough to send a couple my way

thanks

as of now, I am trying out F-Prot and I want to see what happens when it detects a virus. It actually found a "suspected file" on my system and it doesn't give me an option to even delete it so that's wierd.

ronjor · #2 June 10th, 2005, 10:50 PM

Do you have F-Prot set to disinfect?

Go to www.eicar.org and download some of their files. Much safer than hosing your computer.

bigc73542 · #3 June 10th, 2005, 10:51 PM

You can try the eicar test virus file but it is against the TOS of the forum to send anyone a virus or other malware.

bigc

[suave] · #4 June 10th, 2005, 11:03 PM

Ron,

thanks for the link!

Now here is my problem with F-Prot:

I set it to prompt me when it finds anything:
http://img213.echo.cx/img213/2912/fprot17ex.th.gif

It finds this:
http://img213.echo.cx/img213/2604/fprot7ff.th.gif

It never prompts me about it, and there is no way for me to delete the file

ronjor · #5 June 10th, 2005, 11:10 PM

That second screen shot says it all. F-Prot suspects a file but doesn't know what it is. No way to clean an unknown file.
Submit that file on their website. They are good about getting back to you in a hurry.

http://www.f-prot.com/virusinfo/submission_form.html

[suave] · #6 June 10th, 2005, 11:17 PM

Yeah but I mean, don't you think there should be an option that would allow me to right-click this file and delete it?

Doesn't that make sense? Maybe I should email them about that.

Also, I downlaod that sample from eicar and when I extracted the zip file, I got a message from F-Prot that there was a virus and that it had been blocked. The problem was that when I closed the F-Prot screen it gave me the same message again.... and again and again and it was an endless loop. I must have closed the message 100000 times. The only way to stop it was to disable F-Prot which probably let the virus through.

It would be nice to have options when the virus is found (instead of that warning screen) you know, like repair/delete/quaranteen...

It's too bad that this virus scanner sucks like that... because I really like it since it uses barely any resources.

ronjor · #7 June 10th, 2005, 11:24 PM

Check your options.

[suave] · #8 June 10th, 2005, 11:36 PM

Sorry ron, I wasn't too clear in my post.

I was refering to the RealTime Protector.

The OnDemand scanner lets me repair/delete with no problem, but the realtime protector only warns me about it and in the case above gave me an endless loop of warnings.

Do you really use this antivirus or do you just have screenshots of it from the past? Judging from your post count, I can tell you have been here for a looooong time, and as an active user. And since you made all those posts, it means you have read many many topics about antivirus products and have a great deal of info about them.

WHat I am getting at here, is that if you made F-Prot your choice then I am confident that this is a good antivirus even though I think it sucks.

I'd take your word for it cause you know more than me. So if you tell me you use it then I will use it too.

ronjor · #9 June 10th, 2005, 11:50 PM

I use F-Prot as an on demand scanner. The realtime protector needs work, a lot of work. I believe they are working on a new version 4.0 that will address a lot of issues.

I'll give those eicar files a try with F-Prot running real time. Tomorrow.

I've used most of the antivirus programs out there at one time or another over an eleven year span.

[suave] · #10 June 11th, 2005, 12:02 AM

thanks ron.

And when you test the eicar files. make sure you extract the archive, and you will see that you will be in an endless loop while the archive extracts.

ronjor · #11 June 11th, 2005, 08:03 AM

[suave]

I gave extracting the eicar2.zip and got the real time warning message while trying to do so. The warning message tells you to run the on demand scanner.

I see your point. Hopefully, the next version will have a much better way to deal with malware caught by the real time scanner.

mercurie · #12 June 11th, 2005, 09:43 AM

I have often wondered why Command AV has/needs two engines. Would this be the reason why as Ronjor says real time scanner needs a lot of work?

ronjor · #13 June 11th, 2005, 09:50 AM

mercurie

How are you? The realtime scanner in F-Prot is only good for detecting malware.
You have to use the on demand scanner for the dirty work.
Most realtime scanners have a list of options to deal with malware as it is found.
F-Prot doesn't.

Does Command have options available in the realtime scanner?

mercurie · #14 June 11th, 2005, 10:15 AM

Just fine Ronjor.

I think Command does...under Dynamic Virus Protection then...
Action on Infection
(drop down) Report, Delete, Rename, Disinfect, Quarantine. Sounds like enough choices from the most savy (lets study this) to the newbie (just get rid of it)

ronjor · #15 June 11th, 2005, 10:19 AM

Thanks mercurie. Looking forward to Version 4 of F-Prot.

mercurie · #16 June 11th, 2005, 10:31 AM

Thank you all for posting. The information here I have learned is useful and I also will wait before trialing F-Prot until 4 comes out for my old Compaq (2001 vintage). Got to fly see you all around later.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search