I have sent an suspicious file[1] to virus support email before. In some recent regular update, I found the file have been recognised as Win32:Rjump [Wrm].
Here I want to point out a problem (may be a bug). This virus file can be copied from one place to another place freely. Avast did not prompt me any alert!. Even the On-demand scanner could not find this virus[2] unless slide the “type of scan” to thorough[3]. Only righ-click explorer extension can recognise it.
Is it caused by super-sized virus file? (this file has a size of 3.35MB).
Please check it !
BTW, I have only leave the standard shield working and disable all of others providers.
Why did the moderators delete the link with the suspect file ?? ???
I would like to test it. If you are concerned about security and accidental virus activation you could rename it to not be clickable as you preach this practice yourselves. I saw the link at the morning and I would like to test it in Avast, Windows Defender and Ewido.
Please find a way (if possible, I don’t want to put my interests above your rules at all) for ours to have the infeced file.
Why did the moderators delete the link with the suspect file ?? Huh
I would imagine that is because the moderators have control of the forum and would wish to protect those less aware viewers of the forum from encountering problems.
I don't want to put my interests above your rules at all)
The moderators may be able to accommodate your wish.
Seriously though … I think that avvidro has a valid point. Can our moderators find a way … even if it means a bit more work for serious and knowledgeable investigators … that protects the innocent viewer from clicking on a link but stilll allows those with asbestos gloves and a taste for adventure to probe the evils in The Net?
We (EICAR) understand (from the many emails we receive) that it might be difficult for you to delete the test file from your PC. After all, your scanner believes it is a virus infected file and does not allow you to access it anymore. At this point we must refer to our standard answer concerning support for the test file. We are sorry to tell you that EICAR cannot and will not provide AV scanner specific support. The best source to get such information from is the vendor of the tool which you purchased. Please contact the support people of your vendor. They have the required expertise to help you in the usage of the tool. Needless to say that you should have read the user’s manual first before contacting them.
The link was not clickable, but it was still a link to real malware - which is something that shouldn’t appear on the forum.
Regarding the detection… you can say that avast! doesn’t really detect the file - the detection will be added in one of the next VPS updates.
The fact that the quick scanner does detect it is indeed somehow related to the file size (as the “quick scanner” has the maximum possible sensitivity, but also the slowest speed). Anyway, a detection will be added that will work even in the resident protection.
What is the differences among “quick scanner”, “on-access scanner”, “explorer extension scanner”. I know the on-access scanner is the resident protection which can be configed in “standard shield”. Is there a place to config the explorer extension scanner? How about quick scanner?
Well, yes, that’s correct. The “Trojan-gen” detection is returned only after nothing else (such that this Win32:Rjump) is detected in the file. In this case, the residents don’t see the Rjump signature, so they fall to the Trojan-gen. The quick scanner, inspecting the whole file, still detects the Rjump signature, just as it did before.