Virus Eicar.Mod found with PandaActive scan

Discussion in 'Computer Security' started by Lex_¯, Sep 10, 2006.

  1. Lex_¯

    Lex_¯ Guest

    I just performed the PandaActive scan online. A virus called << Eicar.Mod >>
    was found. It's located in the file << Help.chm >> in the PestPatrol
    directory. Is this a serious problem?

    It wasn't detected by Windows Defender and AdAware SE Personal nor by Norman
    Virus Control.

    Hope to get an answer here.

    Ciao, Lex
     
    Lex_¯, Sep 10, 2006
    #1
    1. Advertisements

  2. Lex_¯

    Malke Guest

    Eicar is used to test the efficacy of your antivirus or antimalware
    program. Perhaps PestPatrol includes it. Contact their tech support and
    ask them. In the meantime, here is information about Eicar:

    http://www.eicar.org/anti_virus_test_file.htm

    Malke
     
    Malke, Sep 10, 2006
    #2
    1. Advertisements

  3. Lex_¯

    Lex_¯ Guest

    Thx a lot for your reply. I've just read the site you mentioned. I think the
    PestPatrol Help-file contains this Eicar look-like virus and that it's
    probably harmless. Perhaps PandaActive's online scan looks a tiny bit deeper
    in the matter compared to the usually used protection.

    Btw I'm pleased to say that it didn't find any other infections on my
    system.

    Ciao, Lex
     
    Lex_¯, Sep 10, 2006
    #3
  4. Lex_¯

    Robert Moir Guest

    Lex_¯ wrote:


    The EICAR test file/sequence IS harmless (aside from the inconveniance and
    confusion vendors cause when they drop it on your hard disk without
    telling you).

    ..chm files can contain vulnerabilities, so if you're running a virus
    scanner that doesn't bother with them then I'd worry about that.
     
    Robert Moir, Sep 10, 2006
    #4
  5. From: "Robert Moir" <>

    | Lex_¯ wrote:
    ||
    | The EICAR test file/sequence IS harmless (aside from the inconveniance and
    | confusion vendors cause when they drop it on your hard disk without
    | telling you).
    |
    | .chm files can contain vulnerabilities, so if you're running a virus
    | scanner that doesn't bother with them then I'd worry about that.
    |

    ..CHM files often used to exploit vulnerabilities. You have it backwards :)
    They are also used for a Trojan payload.
     
    David H. Lipman, Sep 10, 2006
    #5
  6. Lex_¯

    Lex_¯ Guest

    Robert and Dave,

    Both your replies made me worry again. I'm not familiar with this stuff, nor
    am I bothered by knowledge about virusses and other unwanted things. I do
    hope my protection is sufficient.

    I posted a question about this situation to the helpdesk of my virusprogram
    (Norman Virus Control) asking them how this happened and why their programm
    obviously didn't recognize Eicar.Mod in this packed form within Help.chm in
    the PestPatrol directory, whilst PandaActive scanning online did. I'll send
    the follow-up to this group.

    Ciao, Lex
     
    Lex_¯, Sep 10, 2006
    #6
  7. From: "Lex_¯" <lexbennink¯@¯gmail.com>


    | Robert and Dave,
    |
    | Both your replies made me worry again. I'm not familiar with this stuff, nor
    | am I bothered by knowledge about virusses and other unwanted things. I do
    | hope my protection is sufficient.
    |
    | I posted a question about this situation to the helpdesk of my virusprogram
    | (Norman Virus Control) asking them how this happened and why their programm
    | obviously didn't recognize Eicar.Mod in this packed form within Help.chm in
    | the PestPatrol directory, whilst PandaActive scanning online did. I'll send
    | the follow-up to this group.
    |
    | Ciao, Lex
    |

    You should NOT be worried !

    You posted EICAR was found in HELP.CHM in the "PestPatrol directory". It sounds like the
    EICAR test string was in the Help File.

    Now there are many ways yto test with the EICAR string. When the string is in a CHM file it
    basically will require an AV scanner to scan whiothin Archive files since a CHM (Compiled
    Help Module) uses a modified ZIP format.
     
    David H. Lipman, Sep 10, 2006
    #7
  8. Lex_¯

    Lex_¯ Guest

    Thank you for this reply. I checked the configuration of my Anti-Virus
    program and saw that it didn't have an option for scanning archive files as
    well (at least I couldn't find it). I'll await the answer from the helpdesk
    and might pose a question about those archived files containing malware
    strings as my next question if they don't come up with that.

    Thx again.

    Ciao, Lex.
     
    Lex_¯, Sep 10, 2006
    #8
  9. Lex_¯

    Robert Moir Guest

    David H. Lipman wrote:

    right. brain must first use typing before. ;-)
     
    Robert Moir, Sep 10, 2006
    #9
  10. From: "Robert Moir" <>


    |
    | right. brain must first use typing before. ;-)
    |

    :)
     
    David H. Lipman, Sep 10, 2006
    #10
  11. Lex_¯

    Lex_¯ Guest

    Follow-up on this matter:

    I checked with http://virusscan.jotti.org/ and there was no virus found by
    either of the 15 scanners used there. Also I've sent the "infected" file to
    the helpdesk of my antivirus program (Norman Virus Control). Just wait and
    see what comes up. Only Panda Activescan onlie sofar detected this
    (test-)virus Eicar.Mod.

    Ciao, Lex
     
    Lex_¯, Sep 12, 2006
    #11
  12. Lex_¯

    Lex_¯ Guest

    The people from Norman just got back to me and consider the Panda Activescan
    result to be a false positive result, they advise me to ignore it.

    Ciao, Lex
     
    Lex_¯, Sep 12, 2006
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.