ecar virus simulator

Discussion in 'ESET NOD32 Antivirus' started by badactor, Nov 17, 2010.

Thread Status:
Not open for further replies.
  1. badactor

    badactor Registered Member

    Joined:
    Nov 17, 2010
    Posts:
    2
    I hit an article where the staff mentioned Ecar.com Google shows only two
    post to this site, so a third.

    I run Nod32 now ESETnod32 almost all the time, now with XPro64bit, but
    the OS doesn't matter nor the anti-virus program.

    I have
    XADDED5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
    that should make this page unvisitable without ADDED if I assume correctly.
    I used to add it to usenet posts to set off alerts.

    If I take that line and create fake.com I get "that file isn't made for this OS" at the moment, other times (OS's) I get nothing.

    I go to ~No links to malware allowed here.~ (site is clean but contains virus's) to test my anti-virus programs
    .
    viruswarning.jpg
    .
    Nod32 catches about 80% which is very good.

    But my question is why doesn't the Ecar string work?
    My string was picked up 1 May 2003, as The Anti-Virus test file, But shouldn't matter.

    Just curious, thanks.
     
    Last edited by a moderator: Nov 17, 2010
  2. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    Yes. And since it's a VX site, I wouldn't expect a serious antivirus to detect more of the stuff out there.
     
  4. badactor

    badactor Registered Member

    Joined:
    Nov 17, 2010
    Posts:
    2
    One of the test was to send Ecar back to myself, to see if
    it were caught. I just noticed the E-mail wasn't sent.
    (Agent newsreader 1.93 using stunnel for POP3).

    The reason:
    11/16/2010 7:37:35 PM Error reported by Server: 552-5.7.0 Our system detected an illegal attachment on your message.
    Please.: Sending email message "test".

    No clue what the Please is all about, but shows at least my mail server is blocking ecar :doubt: .

    Thanks for the replies.
     
  5. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    It's Eicar, not Ecar. Are you sure you are visiting the correct site? Or more accurately - EICAR - European Institute for Computer Antivirus Research.


    Jim
     
  6. no_idea

    no_idea Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    83
    The operating system might matter if you just test the EICAR.com "virus".

    As this is a simple DOS program, it might no longer be able to run in a 64bit Windows environment, as Microsoft has pruned this function from their 64bit systems.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.