.

EICAR?

<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Fri May 17, 2013 11:13 am

EICAR?

So all of this afternoon i've been getting alerts from MSE and Bitdefender that it is detecting the EICAR test virus on my PC (In C:\Windows\TEMP). Now, I am familiar with EICAR, but there is no reason it would be on this PC.Is anyone aware of any attacks or malware that masquerades as EICAR? I ask because it is continuously detected, with no action from me, i.e now browsers opened or any such thing. I may disconnect from the internet to see if it is still being affected...
Last edited by SephStorm on Fri May 17, 2013 12:19 pm, edited 1 time in total.
sectestanalysis.blogspot.com/‎
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Fri May 17, 2013 5:28 pm

Re: EICAR?

Nothing I am aware of, at most it would be a distraction to confuse IR folks.  Do you have a sample of the file?  Maybe a some file just happens to have the string in it that makes AV recognize EICAR.
Certs: GCWN
(@)Dewser
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Fri May 17, 2013 9:59 pm

Re: EICAR?

not yet, if I get another alert, i'll see if I can nab a copy.

Looks unlikely i'll be able to do so. I set MSE to alert and restored the file, but its not there when i look. This is absolutely crazy, i'm considering wiping the box.
Last edited by SephStorm on Sat May 18, 2013 6:46 am, edited 1 time in total.
sectestanalysis.blogspot.com/‎
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Mon May 20, 2013 4:58 am

Re: EICAR?

I don't suppose the machine in question is joined to a corporate network?

Occationally I.T depts will use domain credentials to put EICAR on all domain connected machine to test the A/V.

So for example - group policy pushes out the EICAR - A/V detects it, and the I.T dept corrolate the A/V results against the Domain Computers list to determine which machines either don't have A/V on them, or it isn't working well enough.

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software