Hi all !
I’ve just made an Eicar standard virus test, avast! detects immediately the “virus”, but now I can’t delete it usin the avast! warning windows.
If someone can help me I’ll be very happy
Is the “test file” already gone? :
How do you mean you cannot delete it? Do you click Delete button on that warning pop-up window? And is then EICAR file still there or not?
Maybe some other programs are using the file?
Explorer.exe is one which likes doing that.
Try using ForceDel to close any handles and delete the file.
Good Luck!
explorer.exe = Windows Explorer
iexplore.exe = Internet Explorer
Although IE is integrated into Windows Explorer
Try ForceDel if you are having trouble deleting the file.
http://www.codeguru.com/Cpp/W-P/files/fileio/article.php/c1287
What is the path to the eicar test file?.It may be that (if you use XP) that a restore point has been created and a copy of the eicar file is now in the protected system restore folder.Can you confirm this?
me
Yes, if that’s the case, you would have to disable System Restore before deleting that file.
System Restore could be disabled via System Properties.
niko, bassbag reply asks for the path of the eicar.com test file that has been detected by Avast. It is not necessary to perform an system restore on that date. (System Restore does not modify your existing files. It only overwrites system file changes and the registry.) Since the path you provided isn’t the system restore folder, you could either try deleting eicar in Safe Mode or try using the ForceDel utility I mentioned above.
Good Luck!
Actually i can reproduce nikos error to.If i download eicar.com file (to temp internet files)avast intercepts and pops up with the delete move etc , but cannot do any of the functions.The only way to let it do its work is to download the file completley and then do the scan.Is this a bug?
see attachment…
me
Ummm… I don’t have this problem.
I tried it on my XP and it deleted okay…
Maybe just a 9x problem? ???
P.S. I see from your screenshot that BitDefender is installed on your computer. Is it possible that BitDefender is locking down access for the test file?
I m not sure whtehr its a 98 thing because niko uses XP pro.The bit defender i use is the free version which is only an on demand scanner…not resident or running.On further investigating , the eicar.com file is now completly locking my system and only a reboot works.The avast detection bar springs up and the machine locks, although control alt delete is accessible and it shows asherve.exe not responding.Then all other programmes encounter errors and shut down.There is also an entry in the avast warning logs when this happens…
10/06/04 22:17:28 Default 4294966701 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\WXMN0PER\EICAR[1].COM” file.
10/06/04 22:19:21 Default 4293065153 AAVM - initialization warning: Recovering from last crash, .
10/06/04 22:19:50 Default 4293065153 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
10/06/04 22:19:51 Default 4293065153 An error has occured while attempting to update. Please check the logs.
10/06/04 22:20:07 Default 4293065153 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\AR4DCXIT\EICAR[1].COM” file.
10/06/04 22:21:26 Default 4293065153 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\WXMN0PER\EICAR[1].COM” file.
10/06/04 22:21:49 Default 4293065153 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\DESKTOP\EICAR.COM” file.
10/06/04 22:22:46 Default 4293212861 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\Desktop\EICAR.COM” file.
10/06/04 22:23:12 Default 4293065153 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\WXMN0PER\EICAR[1].COM” file.
10/06/04 22:23:46 Default 4293065153 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\Temporary Internet Files\Content.IE5\WXMN0PER\eicar[1].com” file.
10/06/04 22:25:35 Default 4293065153 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\AR4DCXIT\EICAR[1].COM” file.
10/06/04 22:26:18 Default 4293065153 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8TQJGTE7\EICAR[1].COM” file.
I need to investigate further but would appreciate any comments too.
me
Happened again with similar log…
10/06/04 22:17:28 Default 4294966701 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\WXMN0PER\EICAR[1].COM” file.
10/06/04 22:19:21 Default 4293065153 AAVM - initialization warning: Recovering from last crash, .
10/06/04 22:19:50 Default 4293065153 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
10/06/04 22:19:51 Default 4293065153 An error has occured while attempting to update. Please check the logs.
10/06/04 22:20:07 Default 4293065153 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\AR4DCXIT\EICAR[1].COM” file.
10/06/04 22:21:26 Default 4293065153 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\WXMN0PER\EICAR[1].COM” file.
10/06/04 22:21:49 Default 4293065153 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\DESKTOP\EICAR.COM” file.
10/06/04 22:22:46 Default 4293212861 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\Desktop\EICAR.COM” file.
10/06/04 23:03:05 Default 4294963835 Sign of “EICAR Test-NOT virus!!” has been found in “C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\AR4DCXIT\EICAR[1].COM” file.
10/06/04 23:04:44 Default 4293672295 AAVM - initialization warning: Recovering from last crash, .
10/06/04 23:05:19 Default 4293672295 Function setifaceUpdatePackages() has failed. Return code is 0xC0000005, dwRes is C0000005.
Does Avast attempt to update everytime i clcik on the eicar.com virus? , as i notice AAVM warnings.
me
Hmm, bassbag that log doesn’t look very nice, really. Particularly the lines “Recovering from last crash” indicate something very mean happened to avast. Did you see the program “crash”, really?
Is it a foggy day ?
Hi vik…
I cant see avast crash…it just freezes along with my computer,only on the eicar.com file.As soon as i click it , the blue yellow bar pops up by taskbar showing theres a virus (no audible sound though) and my system hangs.The only thing i have acess to is control +alt +delete which says ashserve.exe not responding.Then all my othe programmes like naviscope ,remind me (calendar ) etc throws up an error message and says they have to close until i just have to do a hard reboot.The logs are directly after thes occurrences.When i have some more time ill shut down different progs and see if theres a conflict.However avast detects many test viruses and trojans that i ve thrown at it with nio problem.It just doesnt seem to like the eicar.com test for some reason.
me
Niko…
avast seems to work perfectly except for that particular file.I do not believe a reinstall would help at all ,though i will try it this weekend.
me
Thanks a lot Bassbag, I’m completly lost with this eicar problem.
I’m just a user, that all !
Do you think Forcedel will help me (like Softwareguy said) ?
It should be easy to delete the offending file, you can always change the file extension to .txt.This usually allows you to delete it,if its in use by another programme after a reboot.I think the problem i have with eicar may be somewhat different though.
me
After some experimenting , i still cant find any conflicts with other programmes as avast behaves the same with everything shutdown when clickng the eicar.com file.What ihave found is that when ashserve.exe stops responding (info in control alt delete) and i then shut down ashserve and restart it again , it works perfectly on the eicar.com file.Im at a loss as to what it can be at th moment.Mayeb if theres anyone here with 98se they could try the file so i can rule out an operating system problem.
me
Hi Bassbag it’s Niko
I notice that when I search “eicar.com” file no file like this is find on my computer.
I notice that when I start a avast! scan for HDD no virus is detected (good!)
In fact it’s only when I start a avast! scan for HDD and including archives that I’ve got the warning avast! windows…
So where is locate the eicar.com ???