eicar2.com is a Trojan?

Discussion in 'malware problems & news' started by JVRudnick, Nov 9, 2005.

Thread Status:
Not open for further replies.
  1. JVRudnick

    JVRudnick Registered Member

    Joined:
    Aug 14, 2004
    Posts:
    8
    Hello All...
    running FProt on my w2k3server, and it's found a file called eicar2.com in a Temp folder in my Local Settings folder.

    now after quite a bit of research, I'm still at a loss. How do I determine if the file is the simple virus testing ascii file - or is it a trojan called Trivial?

    so far, cant find that out....FProt has quarantined it, and even tho I throw it away time after time, it's reborn in that same folder...

    anyone know or care to point me at a remover ?

    Jim
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. JVRudnick

    JVRudnick Registered Member

    Joined:
    Aug 14, 2004
    Posts:
    8
    actually, no it's not. all of them do not "unzip" into a file named eicar2.com

    anyone else?

    Jim
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  5. StevieO

    StevieO Guest

    Hi,

    The real eicar file sizes are these

    eicar.com 68 Bytes

    eicar.com.txt 68 Bytes

    eicar_com.zip 184 Bytes

    eicarcom2.zip 308 Bytes

    As you say there is no official unpacked eicar2.com file, so it must be suspicious. Could you delete the folder as is and then recreate it after a reboot ? Failing that use a delete on boot utility to try and eliminate it and then recreate a replacement folder afterwards !

    If your AV refuses to cooperate i might disable it completely in msconfig for the reboot operation, and then enable it again after the hopefully successful delete on boot has worked.

    I would Physically unplug from the internet for the duration as a precaution.


    StevieO
     
Loading...
Thread Status:
Not open for further replies.