0 Members and 4 Guests are viewing this topic.
The developers of one anti-virus software, Malwarebytes, have said that they did not add the EICAR test file to their database, because "adding fake malware and test files like EICAR to the database takes time away from malware research, and proves nothing in the long run"
Hi HelpIsNeeded,It seems most AV engines does not detect it anymore.Please see the results of VirusTotal :https://www.virustotal.com/gui/file/a29fbf9bbef6c3bbb204dd7bb9f5a6619529a6fb6371985a73242092133de227/detectionSo, no wonder Norton and MalwareBytes didn't detect it.Regards.
Hi HelpIsNeeded,Shortcuts (LNK files) are not malicious.Can you please update and do a complete system scan with RogueKiller ? We made some adjustements to the engine.Regards.
Hi HelpIsNeeded,It is a little more complicated than that.Explorer.exe is the file explorer of Windows NT-based system and part of the Windows GUI (desktop, Start Menu, Taskbar), the Windows Shell.There is a caching mechanism implemented in explorer.exe to display already viewed files faster (you can test this with large images). There is no source code available, so it's speculation at this point but, after asking some colleagues, we came to the conclusion that there is a file on your computer that contains the EICAR test string and that its content is cached in explorer.exe memory, hence triggering the detection.In conclusion, the EICAR test is really present, but it's not the result of an injection, but some caching mechanisms.We refined RogueKiller engine to detect that difference. That's why the detection is now gone.Regards.