Sign In
Register
Help
Hey Everyone!!
OK, we all have heard of the "Eicar Test File to test our A / V . Try downloading this file to test again.
As soon as I clicked on the download button, Avira let out a cry and forbid me to download.
Now it's time to test your AntiSpyware or AntiMalware.Try, if you will , to download and execute this Trojan
made specifically to test the ability of your AntiMalware. Trojan Simulator .
Back in August, on GiveAwayOfTheDay they had A-Squared for a free download. A full app. with auto
up-dates for a full year. I already have SUPERAntiSpyware Professional and was hesitant to install A-Squared. Since SUPERAntiSpyware
Professional is a For Life subscription , I reasoned that I would evaluate this new version 4.0 for a year and see if it is as good as
SUPERAntiSpyware. So, I disabled the "Real Time Scanner" in SUPERAntiSpyware and installed A-Squared. I must admit that, in the three
months that I have used it , it only reported one False Positive. They were notorious for for False Positives before this new version.
When I downloaded the "Trojan Simulator" file, which is a .ZIP, I unpacked it and proceded to install by double clicking on the .exe file.
Well, as soon as I double clicked on the .exe , A-Squared jumped up and stopped the installation within a fraction of a second , created
a rule and now when I try to double click on the .exe , nothing happens.
My point to this letter long post is , if your AntiSpyware or AntiMalware does what it was intended to do, you should experience the same
results as I have. I have tried this test in both XP and Vista .I must admit that I did not expect such quick responce from A-Squared.
I will continue to evaluate my copy of
A-Squared and make a full report when the time for the auto-updates come to an end.
So, if you are brave enough to test your security , why not have a go at this test Trojan and see for yourself if you are well Protected.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
Time to test your PC Security.
MultiQuote
#3
Flashorn 
- Expert
-
- Group: Members
- Posts: 2,848
- Joined: 19-May 07
- Location:Canada
Posted 18 November 2008 - 05:26 AM
Hey Tech!!
And here I thought you of all people would at least give it a try.
Now I know where the brave are.LOL!
It's ok Tech, but you know, this is only a test file. it will not harm your lapy.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
And here I thought you of all people would at least give it a try.
Now I know where the brave are.LOL!
It's ok Tech, but you know, this is only a test file. it will not harm your lapy.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
#5
coastie65
- Moderator
-
- Group: Moderators
- Posts: 10,336
- Joined: 02-April 07
- Location:Richmond Va.
Posted 18 November 2008 - 10:40 AM
Hey Flash, When i tried to download the eicar thing, it was quarantined by Webroot right of the bat. I then tried the Trojan simulator and it was a no go, as the download was Blocked by XP SP2. coastie
#6
Flashorn
- Expert
-
- Group: Members
- Posts: 2,848
- Joined: 19-May 07
- Location:Canada
Posted 19 November 2008 - 03:57 AM
Hey coastie!!
Thanks for taking the test. Now, I have a few serious questions for you.
First of all, is Webroot , the Spy Sweeper or is it the Suite?
Second , I believe that you have Avast on you PC for AntiVirus protection?
Now , answer me this. The test file Eicar is a VIRUS file. Shouldn't Avast
have caught this file. This is what I got when I tested with Avira:
!http://forums.pcworld.com/legacyimages/
1!
I think that you should have another look at the Settings for Avast.
Maybe Spirit could answer this because I don't understand.
Also , you said that when you ran the Trojan test file, XP stopped the process.
Are you referring to D.E.P. ( Data Execution Prevention ) ? It is good to know
that you have it turned on but, IF Webroot is your Real Time AntiSpyaware
then IT should have stopped this process from starting and NOT D.E.P.
This Trojan test file will inject malicious code in the memory which is why
D.E.P. was developed to counteract but, it is up to your Real Time Shields
to do this work. This is only a test file. Should you encounter a Real nastie,
how would your AntiSpyware react? A real one would overrun the memory
buffers and I don't think D.E.P. would save your bacon ( PC ).I would look into this as well.
I would show you what A-Squared does but, it won't even let me start it
now that it has written a rule to stop this process from ever starting again.
IF you have the Webroot suite , you know that it has a AntiVirus built in.
This would mean that you are running two AntiVirus applications and you
know that a set-up like that does not work. But, I don't think you are, I'm just
speculating and trying to understand what you said about the test results you got.
OK coastie, shed some light on this for me please. It's been bugging me since I
read your post but, as you know I was away last night on family business.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
Thanks for taking the test. Now, I have a few serious questions for you.
First of all, is Webroot , the Spy Sweeper or is it the Suite?
Second , I believe that you have Avast on you PC for AntiVirus protection?
Now , answer me this. The test file Eicar is a VIRUS file. Shouldn't Avast
have caught this file. This is what I got when I tested with Avira:
!http://forums.pcworld.com/legacyimages/
1!
I think that you should have another look at the Settings for Avast.
Maybe Spirit could answer this because I don't understand.
Also , you said that when you ran the Trojan test file, XP stopped the process.
Are you referring to D.E.P. ( Data Execution Prevention ) ? It is good to know
that you have it turned on but, IF Webroot is your Real Time AntiSpyaware
then IT should have stopped this process from starting and NOT D.E.P.
This Trojan test file will inject malicious code in the memory which is why
D.E.P. was developed to counteract but, it is up to your Real Time Shields
to do this work. This is only a test file. Should you encounter a Real nastie,
how would your AntiSpyware react? A real one would overrun the memory
buffers and I don't think D.E.P. would save your bacon ( PC ).I would look into this as well.
I would show you what A-Squared does but, it won't even let me start it
now that it has written a rule to stop this process from ever starting again.
IF you have the Webroot suite , you know that it has a AntiVirus built in.
This would mean that you are running two AntiVirus applications and you
know that a set-up like that does not work. But, I don't think you are, I'm just
speculating and trying to understand what you said about the test results you got.
OK coastie, shed some light on this for me please. It's been bugging me since I
read your post but, as you know I was away last night on family business.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
#7
coastie65
- Moderator
-
- Group: Moderators
- Posts: 10,336
- Joined: 02-April 07
- Location:Richmond Va.
Posted 19 November 2008 - 07:22 AM
Hey Flash, On the eicar test, it was quarantined by Spysweeper first, before Avast! even had shot at it. On the Trojan simulator, the download was outright blocked by SP2 according to the message, and never downloaded, so apparantly Avast! never even got a shot at that either. coastie
#8
SpiritWind
- Expert
-
- Group: Members
- Posts: 1,921
- Joined: 19-August 06
Posted 19 November 2008 - 09:58 AM
Hi All :The Subject of "Eicar" ( and sometimes "Spycar" ) occasionally appears on the Avast
Support Forums '; perhaps Avast "detection" of this is "explained" by One of the Avast
Developers at forum.avast.com/index.php?topic=36532.msg306273;topicseen#msg306273 !?
In researching this, I found fascinating the Info in the Thread at
[http://forum.avast.com/index.php?topic=38116.0] .
#9
Adama
- Veteran
-
- Group: Members
- Posts: 6,757
- Joined: 07-September 07
- Location:California
Posted 19 November 2008 - 10:11 AM
Hey Flash! How are you?!
Well, I'm with Tech.... I'll have to pass too. :p :D
But I do have a question about your new thread = Is this thread to ask questions about any security program, or just the one that you are talking about?
Well, I'm with Tech.... I'll have to pass too. :p :D
But I do have a question about your new thread = Is this thread to ask questions about any security program, or just the one that you are talking about?
#10
mcbarker
- Expert
-
- Group: Members
- Posts: 1,078
- Joined: 10-August 06
- Location:Connecticut, USA
Posted 19 November 2008 - 10:49 AM
I gave it a shot. I tried to download all three versions of Eicar, but NOD32 blocked access to the website, and wouldn't let me download any of the files. Same thing happened with the Trojan Simulator file. NOD32 blocked access to the website, and wouldn't let me download the ZIP archive.
McAfee SiteAdvisor green-lighted the Eicar website (Cybersoft.com), but red-lighted the Trojan Simulator site (Mischel Internet Security).
I also have Webroot Spy Sweeper, but it didn't get a chance to respond.
McAfee SiteAdvisor green-lighted the Eicar website (Cybersoft.com), but red-lighted the Trojan Simulator site (Mischel Internet Security).
I also have Webroot Spy Sweeper, but it didn't get a chance to respond.
#12
Adama
- Veteran
-
- Group: Members
- Posts: 6,757
- Joined: 07-September 07
- Location:California
Posted 19 November 2008 - 11:29 AM
Wow, that's pretty awesome, McB. Looks like your NOD32 is keeping your computer really protected and secure.
But I wonder why the McAfee SiteAdvisor would greenlight the website....?
But I wonder why the McAfee SiteAdvisor would greenlight the website....?
#14
Flashorn
- Expert
-
- Group: Members
- Posts: 2,848
- Joined: 19-May 07
- Location:Canada
Posted 20 November 2008 - 05:33 AM
Hey Spirit!!
Thanks for the links. I came away with some understanding of what is happening but,
as I said to coastie, his settings in Avast could use some tweaking. From what I could
see, you can adjust the settings to be more aggressive if you like but, it would mean
opening up the .ini file and going through a long process. I don't know if coastie
would be up for that.
Also , Avast will not stop the download of this file but, will detect it when scanned. A different
way of doing things I guess. As long as it gets the job done, I don't mind that. One should Always
scan Any files downloaded from the internet even though you know the source to be of good
reputation . It's too bad not enough take this advice seriously which usually brings them either
here or at specific Malware Removal sites.
Thanks for the links , it was interesting reading.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
Thanks for the links. I came away with some understanding of what is happening but,
as I said to coastie, his settings in Avast could use some tweaking. From what I could
see, you can adjust the settings to be more aggressive if you like but, it would mean
opening up the .ini file and going through a long process. I don't know if coastie
would be up for that.
Also , Avast will not stop the download of this file but, will detect it when scanned. A different
way of doing things I guess. As long as it gets the job done, I don't mind that. One should Always
scan Any files downloaded from the internet even though you know the source to be of good
reputation . It's too bad not enough take this advice seriously which usually brings them either
here or at specific Malware Removal sites.
Thanks for the links , it was interesting reading.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
#15
Flashorn
- Expert
-
- Group: Members
- Posts: 2,848
- Joined: 19-May 07
- Location:Canada
Posted 20 November 2008 - 05:58 AM
Hey mcb!!
Thanks for taking the test. I would hope that Nod32 would stop this file.
As for Webroot , I have problems with this AntiSpyware. Seems for scanning
but, your not the first one I have heard of saying it was a little slow on take off.
McAfee did red light my page but, did you check the comments on the site?
If you would install WOT along side McAfee SiteAdvisor you would get a better
view of what is a bad site : Web Of Trust .
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
Thanks for taking the test. I would hope that Nod32 would stop this file.
As for Webroot , I have problems with this AntiSpyware. Seems for scanning
but, your not the first one I have heard of saying it was a little slow on take off.
McAfee did red light my page but, did you check the comments on the site?
If you would install WOT along side McAfee SiteAdvisor you would get a better
view of what is a bad site : Web Of Trust .
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
#16
Flashorn
- Expert
-
- Group: Members
- Posts: 2,848
- Joined: 19-May 07
- Location:Canada
Posted 20 November 2008 - 06:03 AM
Hey coastie!!
You can stop scratching your head now. If you really want to know what is happening
just turn off D.E.P. , re-boot your machine and download the files again to see if any
of your security apps. react. If not, then you have problems LOL!
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
You can stop scratching your head now. If you really want to know what is happening
just turn off D.E.P. , re-boot your machine and download the files again to see if any
of your security apps. react. If not, then you have problems LOL!
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
#17
Flashorn
- Expert
-
- Group: Members
- Posts: 2,848
- Joined: 19-May 07
- Location:Canada
Posted 20 November 2008 - 06:07 AM
Hey sweetie!!
As I can see , you didn't wait for me to respond to your query.
But, you were right to start a new thread as this is just for the
test files. We are not discussing security application but,
want to see if the ones you have are really protecting your PC.
I already commented on your thread and will see if you need
anymore info. latter on.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
As I can see , you didn't wait for me to respond to your query.
But, you were right to start a new thread as this is just for the
test files. We are not discussing security application but,
want to see if the ones you have are really protecting your PC.
I already commented on your thread and will see if you need
anymore info. latter on.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
#18
Flashorn
- Expert
-
- Group: Members
- Posts: 2,848
- Joined: 19-May 07
- Location:Canada
Posted 20 November 2008 - 06:13 AM
Hey lilx!!
Did you try the test at school because you were afraid that your PC
could not handle it LOL!
I thought that the school PCs were for learning and not for downloading.
If I were your IT , I would have restricted ANY downloads from the school's PCs.
I guess your lucky not to have me as your IT EH!
Thanks for trying the test though.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
Did you try the test at school because you were afraid that your PC
could not handle it LOL!
I thought that the school PCs were for learning and not for downloading.
If I were your IT , I would have restricted ANY downloads from the school's PCs.
I guess your lucky not to have me as your IT EH!
Thanks for trying the test though.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
#19
coastie65
- Moderator
-
- Group: Moderators
- Posts: 10,336
- Joined: 02-April 07
- Location:Richmond Va.
Posted 20 November 2008 - 06:42 AM
Flashorn said:
Hey coastie!!
You can stop scratching your head now. If you really want to know what is happening
just turn off D.E.P. , re-boot your machine and download the files again to see if any
of your security apps. react. If not, then you have problems LOL!
FLASHORN. !http://forums.pcworld.com/legacyimages/
You can stop scratching your head now. If you really want to know what is happening
just turn off D.E.P. , re-boot your machine and download the files again to see if any
of your security apps. react. If not, then you have problems LOL!
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
>
[/quote]
Yeah, the DEP setting is maxed in here. At least I know that works. :D Spysweeper did nail the first thing though, so I guess it is doing it's job. I have SUPERantispyware in here as a redundant scan to Spysweeper.
