Virus unexecuted:

Dear Moderator(s),

How can i keep a virus (for testing) in my PC in a manner that it doesn’t execute. I know if it is in Virus Chest, it will not be exectued, but if i extract it to USB (Pen Drive), will it be exectued then, if I attach the USB again to my PC?

Regards.

You shouldn’t keep a live virus for testing, there is the eicar test file which can do no harm.

What is it that you want to test ?

For virus testing: www.eicar.org

Dear DavidR,

Thanks for ur reply.

Actually a threat was detected by avast! in the full computer scan, which I wanted to test with some other Anti Virus, so that’s y i asked.

I thought if i extract it to USB (pen Drive) then it might not harm my computer. But u r right.

Regards.

Dear Tech,

Thanks for ur reply.

Regards.

You’re welcome.

The best way to test is using something like virustotal, see below.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see #### below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

Dear DavidR,

Thanks a lot, it was really very helpful :slight_smile:

Regards.

Dear,

You said:

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

But if i export any threat to the suspect folder and add it to exclusion in standard shield, wont that virus execute and affect my PC?

You’re welcome.

First you don’t have to continually add to the exclusions, that is what the wildcard * (asterisk) directly after the \ does, excludes all files in the suspect folder. So for new files added to the suspect folder they are already covered by the C:\Suspect* exclusion.

Second, it is only there so you can upload it to virus total (a copy would exist in the chest) and the act of extracting from the chest or uploading doesn’t execute the file, but you do have to exercise care (don’t go double clicking it). Once you have uploaded it to virustotal and got the information/results link etc. you can delete it from the suspect folder.

Dear DavidR,

Thanks a lot man. Got it. :slight_smile:

Regards.

You’re welcome.