Eicar testvirus and stuff

Post by **Dare2** » Tue Mar 07, 2006 4:06 pm

Just an aside .. what is in a text file should be a virus checker's business. You can write executable code in a text file (DOS, anyway ..).

If your AV is any good it will detect this:

X5O!P%@AP[4\PZX54(P^)7CC)7}$ EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

[/list]
Copy and paste, remove the space between the $ and the EICAR and save (so it is a 68 character file). If your AV hasn't screamed yet, ask it look at the file. If it still doesn't scream, get a new AV.

The "!" is int 21.

Trond · Post by **Trond** » Tue Mar 07, 2006 4:25 pm

Dare2 wrote:You can write executable code in a text file (DOS, anyway ..).

Yes, but you can't execute it, so it's harmless.

Post by **Dare2** » Tue Mar 07, 2006 4:32 pm

Try http://www.eicar.org for info. Interesting stuff.

I've started a hijack on this bug report, though, so if it is worth discussing (probably not) maybe in offtopic?

techjunkie · Post by **techjunkie** » Tue Mar 07, 2006 5:30 pm

Trond wrote:
Dare2 wrote:You can write executable code in a text file (DOS, anyway ..).
Yes, but you can't execute it, so it's harmless.

Well, JavaScript, Perl, PHP and VBScript are also text files and a VBScript for example can do a lot of nasty stuff.

techjunkie · Post by **techjunkie** » Tue Mar 07, 2006 5:34 pm

Dare2 wrote:If your AV is any good it will detect this:
X5O!P%@AP[4\PZX54(P^)7CC)7}$ EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
[/list]
Copy and paste, remove the space between the $ and the EICAR and save (so it is a 68 character file). If your AV hasn't screamed yet, ask it look at the file. If it still doesn't scream, get a new AV.

Crap! eTrust didn't find it!

Trond · Post by **Trond** » Tue Mar 07, 2006 8:33 pm

techjunkie wrote:
Trond wrote:
Dare2 wrote:You can write executable code in a text file (DOS, anyway ..).
Yes, but you can't execute it, so it's harmless.
Well, JavaScript, Perl, PHP and VBScript are also text files and a VBScript for example can do a lot of nasty stuff.

I assure, a VBScript in a file with a .txt extension can't do anything. As soon as you rename it to .vbs or whatever the antivirus should scan it.

techjunkie wrote:
Dare2 wrote:If your AV is any good it will detect this:
X5O!P%@AP[4\PZX54(P^)7CC)7}$ EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
[/list]
Copy and paste, remove the space between the $ and the EICAR and save (so it is a 68 character file). If your AV hasn't screamed yet, ask it look at the file. If it still doesn't scream, get a new AV.
Crap! eTrust didn't find it!

Either because you put it in a .txt file instead of a .com/.exe file, or because eTrust doesn't care about detecting it. It is not a dangerous program, it is only a self-proclaimed standard test file.

PB · Post by PB » Tue Mar 07, 2006 9:05 pm

> Crap! eTrust didn't find it!

Yes it does (I used to use eTrust). Save that text as a .com file, not .txt, and
it'll detect it.

Michael Vogel · Post by **Michael Vogel** » Tue Mar 07, 2006 9:30 pm

Just a step back to the original question, the IDE(-related) problem...

blueznl wrote:it's a problem i have reported earlier, and i can confirm my program is long gone and finished, it's the reloading that may cause it

did anyone try using a tool (sysinternals had something for that?) to see what is eating up cpu time, and if the ide at that moment is opening / reading a / the file?

Before starting this posting I checked it with the internal task manager -and it's just the PureBasic IDE, which take 95%+ of the CPU load (while waiting for the tool process to end?). I will do some further investigations soon...

Michael

Bonne_den_kule · Post by **Bonne_den_kule** » Tue Mar 07, 2006 10:43 pm

Here is a program I wrote, which makes batch (*.bat) files REALLY DANGEROUS AND NASTY!!!!:

http://www.purebasic.fr/english/viewtop ... ight=batch

And the best/worst of it;
IT IS NOT DETECTED BY MY ANTIVIRUS (f-secure)

techjunkie · Post by **techjunkie** » Tue Mar 07, 2006 11:30 pm

To Trond,

Create a text file named "vbscript.txt" and let it include,

Code: Select all

MsgBox "Hello World!"

in same directory create a file called "test.vbs" and let it include,

Code: Select all

Dim fso, f, s
set fso = CreateObject("Scripting.FileSystemObject")
set f = fso.OpenTextFile("vbscript.txt",1)
s = f.ReadAll()
ExecuteGlobal s

Double click on test.vbs

and there are many, many more ways to execute VBScript in a text file.

To PB,

Of course I renamed it to both .exe and .com. I'm not stupid! :roll:

IF I'm been stupid, I haven't used PureBasic... Hehe...

I guess I have a crapy version of eTrust (Version 7.0.142)

PB · Post by PB » Wed Mar 08, 2006 12:30 am

> Of course I renamed it to both .exe and .com. I'm not stupid!

I didn't say you were... relax.

> I guess I have a crapy version of eTrust (Version 7.0.142)

Did you remove the space in the middle of the string?

Post by **Dare2** » Wed Mar 08, 2006 2:11 am

Trond wrote:it is only a self-proclaimed standard test file.

True. The Eicar site covers what it is/is not.

Many AVs detect it.

Don't most AV's have testing or not option for non-executable files? Is that the problem, perhaps, techjunkie?

@Bonne_den_kule

Now i am nervous to go look at your batch file.

Edit: Just did.

Bonne_den_kule · Post by **Bonne_den_kule** » Wed Mar 08, 2006 4:24 pm

Dare2 wrote: @Bonne_den_kule

Now i am nervous to go look at your batch file.

Edit: Just did.

Hehe... it doesn't bite...

techjunkie · Post by **techjunkie** » Wed Mar 08, 2006 8:44 pm

PB wrote:> Of course I renamed it to both .exe and .com. I'm not stupid!

I didn't say you were... relax.

Sorry - it wasn't meant to sound hard / rough / mad / rude. We Swedes often do the misstake that we are to "direct" in emails and so on, so other people feel offended, it's very common.

We maybe joke and other people doesn't understand that it is a joke, sad but true...

Here is some very good hints, when communicating with Swedes.

http://www.techjunkie.org/UK_consultant2005.pdf