[Flashorn]

Hey Everyone!!



OK, we all have heard of the "Eicar Test File to test our A / V . Try downloading this file to test again.

As soon as I clicked on the download button, Avira let out a cry and forbid me to download.

Now it's time to test your AntiSpyware or AntiMalware.Try, if you will , to download and execute this Trojan

made specifically to test the ability of your AntiMalware. Trojan Simulator .



Back in August, on GiveAwayOfTheDay they had A-Squared for a free download. A full app. with auto

up-dates for a full year. I already have SUPERAntiSpyware Professional and was hesitant to install A-Squared. Since SUPERAntiSpyware

Professional is a For Life subscription , I reasoned that I would evaluate this new version 4.0 for a year and see if it is as good as

SUPERAntiSpyware. So, I disabled the "Real Time Scanner" in SUPERAntiSpyware and installed A-Squared. I must admit that, in the three

months that I have used it , it only reported one False Positive. They were notorious for for False Positives before this new version.



When I downloaded the "Trojan Simulator" file, which is a .ZIP, I unpacked it and proceded to install by double clicking on the .exe file.

Well, as soon as I double clicked on the .exe , A-Squared jumped up and stopped the installation within a fraction of a second , created

a rule and now when I try to double click on the .exe , nothing happens.



My point to this letter long post is , if your AntiSpyware or AntiMalware does what it was intended to do, you should experience the same

results as I have. I have tried this test in both XP and Vista .I must admit that I did not expect such quick responce from A-Squared.

I will continue to evaluate my copy of

A-Squared and make a full report when the time for the auto-updates come to an end.



So, if you are brave enough to test your security , why not have a go at this test Trojan and see for yourself if you are well Protected.



FLASHORN. !http://forums.pcworld.com/legacyimages/
1!

[Tech4me]

Gooooood morning.....I think I'll pass.....I have enough trojans in my laptop already....

Thanks anyway.

[Flashorn]

Hey Tech!!



And here I thought you of all people would at least give it a try.



Now I know where the brave are.LOL!



It's ok Tech, but you know, this is only a test file. it will not harm your lapy.



FLASHORN. !http://forums.pcworld.com/legacyimages/
1!

[hmccorkle]

I shouldn't have to test my PC security. I keep my definitions up to date and use common sense when browsing the web.

[coastie65]

Hey Flash, When i tried to download the eicar thing, it was quarantined by Webroot right of the bat. I then tried the Trojan simulator and it was a no go, as the download was Blocked by XP SP2. coastie

[Flashorn]

Hey coastie!!



Thanks for taking the test. Now, I have a few serious questions for you.

First of all, is Webroot , the Spy Sweeper or is it the Suite?



Second , I believe that you have Avast on you PC for AntiVirus protection?

Now , answer me this. The test file Eicar is a VIRUS file. Shouldn't Avast

have caught this file. This is what I got when I tested with Avira:

!http://forums.pcworld.com/legacyimages/
1!



I think that you should have another look at the Settings for Avast.

Maybe Spirit could answer this because I don't understand.



Also , you said that when you ran the Trojan test file, XP stopped the process.

Are you referring to D.E.P. ( Data Execution Prevention ) ? It is good to know

that you have it turned on but, IF Webroot is your Real Time AntiSpyaware

then IT should have stopped this process from starting and NOT D.E.P.

This Trojan test file will inject malicious code in the memory which is why

D.E.P. was developed to counteract but, it is up to your Real Time Shields

to do this work. This is only a test file. Should you encounter a Real nastie,

how would your AntiSpyware react? A real one would overrun the memory

buffers and I don't think D.E.P. would save your bacon ( PC ).I would look into this as well.



I would show you what A-Squared does but, it won't even let me start it

now that it has written a rule to stop this process from ever starting again.



IF you have the Webroot suite , you know that it has a AntiVirus built in.

This would mean that you are running two AntiVirus applications and you

know that a set-up like that does not work. But, I don't think you are, I'm just

speculating and trying to understand what you said about the test results you got.



OK coastie, shed some light on this for me please. It's been bugging me since I

read your post but, as you know I was away last night on family business.



FLASHORN. !http://forums.pcworld.com/legacyimages/
1!

[coastie65]

Hey Flash, On the eicar test, it was quarantined by Spysweeper first, before Avast! even had shot at it. On the Trojan simulator, the download was outright blocked by SP2 according to the message, and never downloaded, so apparantly Avast! never even got a shot at that either. coastie

[SpiritWind]

Hi All :



The Subject of "Eicar" ( and sometimes "Spycar" ) occasionally appears on the Avast

Support Forums '; perhaps Avast "detection" of this is "explained" by One of the Avast

Developers at forum.avast.com/index.php?topic=36532.msg306273;topicseen#msg306273 !?

In researching this, I found fascinating the Info in the Thread at

[http://forum.avast.com/index.php?topic=38116.0] .

[Adama]

Hey Flash! How are you?!

Well, I'm with Tech.... I'll have to pass too. :p :D

But I do have a question about your new thread = Is this thread to ask questions about any security program, or just the one that you are talking about?

[mcbarker]

I gave it a shot. I tried to download all three versions of Eicar, but NOD32 blocked access to the website, and wouldn't let me download any of the files. Same thing happened with the Trojan Simulator file. NOD32 blocked access to the website, and wouldn't let me download the ZIP archive.

McAfee SiteAdvisor green-lighted the Eicar website (Cybersoft.com), but red-lighted the Trojan Simulator site (Mischel Internet Security).

I also have Webroot Spy Sweeper, but it didn't get a chance to respond.

[coastie65]

I'm still scratching my head over the fact that the Trojan simulator was blocked by Win XP SP2 before it was picked up by Avast! or Spysweeper.

[Adama]

Wow, that's pretty awesome, McB. Looks like your NOD32 is keeping your computer really protected and secure.

But I wonder why the McAfee SiteAdvisor would greenlight the website....?

[lilxkid24]

symatec antivirus detected this as well just tested it with the school comp since im there right now.

[Flashorn]

Hey Spirit!!



Thanks for the links. I came away with some understanding of what is happening but,

as I said to coastie, his settings in Avast could use some tweaking. From what I could

see, you can adjust the settings to be more aggressive if you like but, it would mean

opening up the .ini file and going through a long process. I don't know if coastie

would be up for that.



Also , Avast will not stop the download of this file but, will detect it when scanned. A different

way of doing things I guess. As long as it gets the job done, I don't mind that. One should Always

scan Any files downloaded from the internet even though you know the source to be of good

reputation . It's too bad not enough take this advice seriously which usually brings them either

here or at specific Malware Removal sites.



Thanks for the links , it was interesting reading.



FLASHORN. !http://forums.pcworld.com/legacyimages/
1!

[Flashorn]

Hey mcb!!


Thanks for taking the test. I would hope that Nod32 would stop this file.

As for Webroot , I have problems with this AntiSpyware. Seems for scanning

but, your not the first one I have heard of saying it was a little slow on take off.



McAfee did red light my page but, did you check the comments on the site?

If you would install WOT along side McAfee SiteAdvisor you would get a better

view of what is a bad site : Web Of Trust .





FLASHORN. !http://forums.pcworld.com/legacyimages/
1!

[Flashorn]

Hey coastie!!



You can stop scratching your head now. If you really want to know what is happening

just turn off D.E.P. , re-boot your machine and download the files again to see if any

of your security apps. react. If not, then you have problems LOL!



FLASHORN. !http://forums.pcworld.com/legacyimages/
1!

[Flashorn]

Hey sweetie!!



As I can see , you didn't wait for me to respond to your query.

But, you were right to start a new thread as this is just for the

test files. We are not discussing security application but,

want to see if the ones you have are really protecting your PC.

I already commented on your thread and will see if you need

anymore info. latter on.



FLASHORN. !http://forums.pcworld.com/legacyimages/
1!

[Flashorn]

Hey lilx!!



Did you try the test at school because you were afraid that your PC

could not handle it LOL!



I thought that the school PCs were for learning and not for downloading.

If I were your IT , I would have restricted ANY downloads from the school's PCs.

I guess your lucky not to have me as your IT EH!

Thanks for trying the test though.



FLASHORN. !http://forums.pcworld.com/legacyimages/
1!

[coastie65]

Flashorn said:

Hey coastie!!





You can stop scratching your head now. If you really want to know what is happening


just turn off D.E.P. , re-boot your machine and download the files again to see if any


of your security apps. react. If not, then you have problems LOL!






FLASHORN. !http://forums.pcworld.com/legacyimages/

1!
>
[/quote]


Yeah, the DEP setting is maxed in here. At least I know that works. :D Spysweeper did nail the first thing though, so I guess it is doing it's job. I have SUPERantispyware in here as a redundant scan to Spysweeper.

[lilxkid24]

i do both at the same time xD. Nod32 the antivirus i had at home detected it as well