EICAR Test Virus

Discussion in 'other anti-virus software' started by bryanjoe, Oct 30, 2006.

Thread Status:
Not open for further replies.
  1. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    Currently trialling the site on AVG Free (not sure if this is one the official site)

    http://www.rexswain.com/eicar.html

    AVG Free managed to Prompt Alert on eicar.com when downloading

    No response for the other 2 when downloading.
    Alert was prompted when on-demand scan of the 2 files...

    Still not so bad.

    What is your antivirus software and does it prompt u of virus activity on the 2 zip files?
     
  2. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    I've clicked on them from here http://www.eicar.org/anti_virus_test_file.htm and Avast home blocked all four in http, (Page wouldn't open..."cannot be displayed" message) but in https, only blocked 1, 3 &4 , and the zipped ones only when open attempted. The txt file (2) displayed in the web page, no bells or whistles went off.
    Interesting. I wonder why the difference? Might have to ask at the Avast forum.
     
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    f-secure 2007 automatically blocks / prevents or removes ALL before it can get on the machine.
     
  4. ASpace

    ASpace Guest

    @bryanjoe

    Hi . I use NOD. Its internet scanner blocks all files (including the archives) . Anyway , if your AVG doesn't pop-up on the zip files , don't worry , when the ZIP is unpacked , it will :)
     
    Last edited by a moderator: Oct 30, 2006
  5. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Quote from one of the folks at Avast:

    "The Web Shield scans only the HTTP traffic of the browser, that's why standard protocol http eicar files are detected. The others four samples of the eicar test, which use the secure HTTPS protocol are not detected during download by the Web Shield, because the Web Shield simply do not scan this traffic. So when you download the four samples on your PC and do a scan with avast!, all of them will be detected "

    I can confirm this is the case.
     
  6. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543
    I clicked on the eicar.com.txt file and f-secure did nothing.a few seconds later a blank new window opened and all I could see was this:

    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*



    wasn't f-secure supposed to block this page ?
     
  7. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    976
    Location:
    Brooklyn, USA
    Antivir Security suite denies access when trying to download. I guess it's working then.

    Gary
     
  8. ASpace

    ASpace Guest

    Yes , but only if F-Secure is set to scan TXT files . Many AVs doesn't scan TXT files by default because TXT doesn't bring malware in them ;)
     
  9. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    1. Open Notepad
    2. Write exactly "Mike has you owned" (without enter and without quotes)
    3. Save it
    4. Reopen it with Notepad :D
     
  10. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543

    Just did. When I opened the txt file all I could see was this:

    楍敫栠獡礠畯漠湷摥

    o_O??
     
  11. ASpace

    ASpace Guest

    Mike (IC) created a new Halloween virus for Notepad :D :D :D :D <just kidding , of course>
     
  12. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    hahaha :D Mike ownz you :D this is a nice old trick :)

    It was born with "Bush hid the facts", but every string that has <4 letter> <3 letters> <3 letters> <5 letters> works :D It's some unicode parsing bug in notepad :)
     
  13. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543
    An old trick ? Ok, I am slow.But.Why do I get those "chinese" kind-of-like things?

    I really don't get ito_O
     
  14. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
  15. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543
    Have a look:
     

    Attached Files:

  16. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006

    when you save the file you call it a filename with the .com extension on the end for it to work
     
  17. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    great one mike:thumb: lmao
     
  18. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i have tried this page with f-secure,

    it loads up a white page, without that text and in the bottom right corner, it pops up (animated slide) "virus has been removed"

    maybe check your f-secure settings
     
  19. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543

    Oops I had scan web traffic unticked.Enabled that and that did the trick.Thanks CSJ
     
  20. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    no problem, i would suggest you set it to ask you about everything in the system control for better protection, if you need it :D
     
  21. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    LOL, Mike! That's super. :D
     
Loading...
Thread Status:
Not open for further replies.