Page 1 of 1
Posted: Tue Mar 07, 2006 4:06 pm
by Dare2
Just an aside .. what is in a text file should be a virus checker's business. You can write executable code in a text file (DOS, anyway ..).
If your AV is any good it will detect this:
- X5O!P%@AP[4\PZX54(P^)7CC)7}$ EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
[/list]
Copy and paste, remove the space between the $ and the EICAR and save (so it is a 68 character file). If your AV hasn't screamed yet, ask it look at the file. If it still doesn't scream, get a new AV.
The "!" is int 21.
Posted: Tue Mar 07, 2006 4:25 pm
by Trond
Dare2 wrote:You can write executable code in a text file (DOS, anyway ..).
Yes, but you can't execute it, so it's harmless.
Posted: Tue Mar 07, 2006 4:32 pm
by Dare2
Try
http://www.eicar.org for info. Interesting stuff.
I've started a hijack on this bug report, though, so if it is worth discussing (probably not) maybe in offtopic?
Posted: Tue Mar 07, 2006 5:30 pm
by techjunkie
Trond wrote:Dare2 wrote:You can write executable code in a text file (DOS, anyway ..).
Yes, but you can't execute it, so it's harmless.
Well, JavaScript, Perl, PHP and VBScript are also text files and a VBScript for example can do a lot of nasty stuff.
Posted: Tue Mar 07, 2006 5:34 pm
by techjunkie
Dare2 wrote:If your AV is any good it will detect this:
- X5O!P%@AP[4\PZX54(P^)7CC)7}$ EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
[/list]
Copy and paste, remove the space between the $ and the EICAR and save (so it is a 68 character file). If your AV hasn't screamed yet, ask it look at the file. If it still doesn't scream, get a new AV.
Crap! eTrust didn't find it!
Posted: Tue Mar 07, 2006 8:33 pm
by Trond
techjunkie wrote:Trond wrote:Dare2 wrote:You can write executable code in a text file (DOS, anyway ..).
Yes, but you can't execute it, so it's harmless.
Well, JavaScript, Perl, PHP and VBScript are also text files and a VBScript for example can do a lot of nasty stuff.
I assure, a VBScript in a file with a .txt extension can't do anything. As soon as you rename it to .vbs or whatever the antivirus should scan it.
techjunkie wrote:Dare2 wrote:If your AV is any good it will detect this:
- X5O!P%@AP[4\PZX54(P^)7CC)7}$ EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
[/list]
Copy and paste, remove the space between the $ and the EICAR and save (so it is a 68 character file). If your AV hasn't screamed yet, ask it look at the file. If it still doesn't scream, get a new AV.
Crap! eTrust didn't find it!
Either because you put it in a .txt file instead of a .com/.exe file, or because eTrust doesn't care about detecting it. It is not a dangerous program, it is only a
self-proclaimed standard test file.
Posted: Tue Mar 07, 2006 9:05 pm
by PB
> Crap! eTrust didn't find it!
Yes it does (I used to use eTrust). Save that text as a .com file, not .txt, and
it'll detect it.
Posted: Tue Mar 07, 2006 9:30 pm
by Michael Vogel
Just a step back to the original question, the IDE(-related) problem...
blueznl wrote:it's a problem i have reported earlier, and i can confirm my program is long gone and finished, it's the reloading that may cause it
did anyone try using a tool (sysinternals had something for that?) to see what is eating up cpu time, and if the ide at that moment is opening / reading a / the file?
Before starting this posting I checked it with the internal task manager -and it's just the PureBasic IDE, which take 95%+ of the CPU load (while waiting for the tool process to end?). I will do some further investigations soon...
Michael
Posted: Tue Mar 07, 2006 10:43 pm
by Bonne_den_kule
Here is a program I wrote, which makes batch (*.bat) files REALLY DANGEROUS AND NASTY!!!!:
http://www.purebasic.fr/english/viewtop ... ight=batch
And the best/worst of it;
IT IS NOT DETECTED BY MY ANTIVIRUS (f-secure)
Posted: Tue Mar 07, 2006 11:30 pm
by techjunkie
To Trond,
Create a text file named "vbscript.txt" and let it include,
in same directory create a file called "test.vbs" and let it include,
Code: Select all
Dim fso, f, s
set fso = CreateObject("Scripting.FileSystemObject")
set f = fso.OpenTextFile("vbscript.txt",1)
s = f.ReadAll()
ExecuteGlobal s
Double click on test.vbs
and there are many, many more ways to execute VBScript in a text file.
To PB,
Of course I renamed it to both .exe and .com. I'm not stupid! :roll:
IF I'm been stupid, I haven't used PureBasic... Hehe...
I guess I have a crapy version of eTrust (Version 7.0.142)
Posted: Wed Mar 08, 2006 12:30 am
by PB
> Of course I renamed it to both .exe and .com. I'm not stupid!
I didn't say you were... relax.
> I guess I have a crapy version of eTrust (Version 7.0.142)
Did you remove the space in the middle of the string?
Posted: Wed Mar 08, 2006 2:11 am
by Dare2
Trond wrote:it is only a self-proclaimed standard test file.
True. The Eicar site covers what it is/is not.
Many AVs detect it.
Don't most AV's have testing or not option for non-executable files? Is that the problem, perhaps, techjunkie?
@Bonne_den_kule
Now i am nervous to go look at your batch file.
Edit: Just did.
Posted: Wed Mar 08, 2006 4:24 pm
by Bonne_den_kule
Dare2 wrote:
@Bonne_den_kule
Now i am nervous to go look at your batch file.
Edit: Just did.
Hehe... it doesn't bite...
Posted: Wed Mar 08, 2006 8:44 pm
by techjunkie
PB wrote:> Of course I renamed it to both .exe and .com. I'm not stupid!
I didn't say you were... relax.
Sorry - it wasn't meant to sound hard / rough / mad / rude. We Swedes often do the misstake that we are to "direct" in emails and so on, so other people feel offended, it's very common.
We maybe joke and other people doesn't understand that it is a joke, sad but true...
Here is some very good hints, when communicating with Swedes.
http://www.techjunkie.org/UK_consultant2005.pdf