Overview
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
|
Minimum DAT
4001 (1998-11-25) Updated DAT4001 (1998-11-25) |
Minimum Engine
5400.1158 File Length
|
Description Added
2000-05-03 Description Modified2002-05-16 |
Malware Proliferation
Characteristics
This tool is an industry recognized testing file. The name is derived from an organization named EICAR, or European Institute for Computer Anti-Virus Research. The file, and its use, is also described at this website.
The file is comprised of a test string, and is a DOS executable. Running the file should not do anything more than display a message on your screen:
EICAR-STANDARD-ANTIVIRUS-TEST-FILE
The EICAR.COM test file can be obtained from either EICAR or by copying the text below into NOTEPAD and saving the file as EICAR.COM:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
The file should be 68 or 70 bytes in length and is an executable on Intel platforms. If on-access scanning is enabled, the file will be detected during the save process in NOTEPAD.
There is one known attack on the concept of the EICAR test file; please read the description of Bat/Bwg.a@MM for details.
Symptoms
Method of Infection
This is not a virus.
Removal
-
Variants