Neutered Virii
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Neutered Virii

  1. #1
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447

    Neutered Virii

    Was just thinking about my AVP - I have it set to auto-update and once a week or so I also do a manual just to make sure.
    But other than that it just sits there quietly doing its job....or at least I hope it is doing its job.

    I have yet to have a virus scare - ok so I try wherever possible to only download from a product manufactuers site.

    But how do we know if our AVP is working correctly without downloading some virii and checking?? But this opens up all kinds of risks

    thats why i was wondering is there such a thing as neutered virii?? virii which has had its sting removed
    it still contains the relevant structure to set off the alarms but cannot reproduce itself of cause damage to a computer.

    has anyone heard of such a thing before??

    v_Ln

  2. #2
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,694
    Intersting idea.

    I've been on kazaa for the past few days, so I know my AV is wide awake. Damn thing went off every few minutes.


    Edit: I forgot to ask, why would there be a reason for the AV to not be working? This is getting me paranoid.
    Real security doesn't come with an installer.

  3. #3
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    D0pp139an93r there is no real reason why it shouldn't be working - but i just realised it has never really had a true _test_

    I just take it for granted that it is dooing its job when I can't say for sure that it is

    edit >> for example we test our firewalls by scanning ourselves to ensure they are doing their job correctly and keeping us stealthed but I have never given my AVP a work out.

    v_Ln

  4. #4
    AO Soccer Mom debwalin's Avatar
    Join Date
    Mar 2002
    Posts
    2,185
    Well, one reason it wouldn't be working would be because you've downloaded a virus that's disabled it

    But I think Val meant more as a test...just to be sure that it actually is ready and able to catch those viruses that it says it is able to.

    edit: Sorry, Val slipped in above me and said basically what I said.
    Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.

  5. #5
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    No reasone to use a 'neutered' virus, as long as you dont execute the infected program. Simply find a executable you know to be infected and scan it. If it triggers your AV, its working.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  6. #6
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Hi Val, there is a test virus out there called EICAR. This test string has been used for years to test virus software.

    The Eicar Test String is not a real virus. It is a text file that is used to test antivirus software. By default, the file name is Eicar.com

    You can get a copy of it HERE

    Hope this helps.

    Cheers:
    DjM

  7. #7
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    DjM - thanks for that just gave it a try and AVP picked up on it
    so at least I know now it is doing something - lol

    v_Ln

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    Also Val, Create a VB Proggie and put in the string to bind it to run with every executable.

    Sub 7 start up one. Not published for obvious reason.

    Any av will detect this as w32.generic.

  9. #9
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    How about experimenting with real stingy virii? This is not as stupid as it sounds ....well maybe a bit. Put a bunch of virii in a floppy and have it scanned by your av software. Most likely they'll be zipped, or copy infected files on a TEST pc into a floppy and see if it will pick them up. I think EICAR is better though , less risky and more controlable.

    cheers,

  10. #10
    If you know assembler, you can strip the infection routine and see what happens. There are many to choose from here: http://www.sirkussystem.com/virus.html

    assemble, link and have fun.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •