Please see this file http://zeroday-software.110mb.com/sss-final.zip
It can easily create a EICAR virus test file and dodge both avast and threatfire. :-[
I am using Avast+Threatfire+Outpost firewall
But, outpost can survive it. >:(
Please follow the procedure given in pictures and try.
(It is only a test program, It does not contain any viruses)
I really don’t understand what it is you are trying to get at.
The eicar test file has clearly defined standards and format and changing those means it is no longer an eicar test file, so won’t be detected as such. Outside of the eicar code it would be a benign text file as none of the content would match malicious signatures.
Yes, L’arc got it right.
Avast cant patch the hole that occurs while PC shuts down.
And if this is right, why cant a virus automatically stimulate a shutdown and infect system files.
I’m happy to see that Comodo got it.
As I’m a newbie, I cant understand Tech’s reply as ‘Edited:Wrong Post’
ashdisp.exe isn’t necessary for protection. You just closed the GUI. ashServ.exe is the core detection and protection engine. And from what i see, it’s still running.
Not true.
If ashDisp.exe is not running, avast! doesn’t ask what to do with the infected file (or Eicar) - and simply blocks it right away (when it’s about to be executed).
The EICAR file remains after restart. If a manual scan of the path of sss.exe is done after restart, avast detects the eicar file.
So, it means that avast doesn’t block.
Scanning created/modified files is “on close” - so even if ashDisp.exe is running and avast! is able to ask, it asks after the file is created (or infected), i.e. when the malware is already on disk.
Here, it can’t ask, so it doesn’t do anything.
avast! “doesn’t do anything”. But can you execute EICAR? If file is left on disk, that doesn’t mean avast! didn’t prevent its execution. The execution was blocked, the file was just not deleted/quarantined. Thats all. So in the end avast! did detect the file, but since it’s graphic user interface was terminated it just blocked the file and finishes at that. If GUI was available, it would have asked the user what do to with the file. So bottom line, i don’t see this as vulnerability. Unless you can get the malware to execute when ashDisp.exe is terminated.