Okay. So you couldn’t resist it. You just had to try out the EICAR test virus to see if your virus scanning program worked. So you downloaded it and plunked it on your desktop and tried to run it.
Good news! If you have a major anti-virus program (like McAfee), chances are pretty good it stopped you. Great! Now its time to get rid of it from your beautiful desktop. So you hit the Delete key and… whoops.
“EICAR-test-virus has been blocked. Your computer has not been affected.”
HUH?
Well, you can’t delete it so easily, can you? So you go to the EICAR.org site, and what does it tell you in its long page?
We understand (from the many emails we receive) that it might be difficult for you to delete the test file from your PC. After all, your scanner believes it is a virus infected file and does not allow you to access it anymore… …we are sorry to tell you that EICAR cannot and will not provide AV scanner specific support. The best source to get such information from is the vendor of the tool which you purchased.
Personally, my vendor (BitDefender) didn’t really provide help on this. Hmm. How do you get rid of it?
Well, here is my home-grown way of getting rid of it, among other test viruses. This tutorial assumes that your virus scanner has a quarantine.
How to Get RID of It (for Good)
- First, navigate to your virus software control panel.
- Find (usually under the Anti-virus tab) your quarantine.
- Open up that.
- Find somewhere where it says “Add to Quarantine”, a plus sign, or some button that will allow you to add files to the quarantine.
- Navigate to the EICAR test virus in the pop-up file browser that appears.
- Now the virus is in the quarantine (right)? Hopefully its moved to the quarantine and not just copied.
- Now find that file in your quarantine window.
- Select the file.
- Delete that now-in-quarantine file with a “Delete File from Quarantine” or minus sign button.
Well, now your EICAR file is gone. The next time you want to try it (I usually do once every three months, four every year), just follow these steps and you’ll be in good shape again.
Any other ideas? Rant in the comments.
If you liked this post, feel free to Digg, Del.icio.us, or favorite this post. Thanks. Your encouragement will keep me writing.
Filed under: Tutorial |
-
chaotic tech by Brad is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License. 
stuff from all my blogs- An error has occurred; the feed is probably down. Try again later.
Subscribe by 
i cant get rid of it.
Can you tell me your setup?
i’ve typed in that X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* and saved it as eicar.com in my documents. since then my antivirus pops up every 2 seconds telling me that it has detected a virus. it appears to be c:\WINDOWS\TEMP\tmpE557.tmp
i’ve tried to delete that file but i cant….and when the antivirus asks me what i wanna do…i click on delete..and it deletes it but then it finds another .tmp file..something like tmpADBD.tmp also in the TEMP folder. it doesn’t matter how many times i delet it it always comes back just with an other name like tmpA1B2.tmp, tmpADB1.tmp etc.
and the eicar.com txt file i saved in my documents isn’t there…it just kind of disappeared when i saved it..i cant find it anywhere..
please tell me what to do!!!
oh yeah…and when i open the TEMP folder…i can see the tmp file but when i try deleting it, it says “Cannot delete tmp3B45: Cannot read from source file or disk”.
and everytime i refresh the folder, the file changes its name (the letters and numbers after the first tmp–> tmp????.tmp)…i cannot change the name or delete it or do anything to the file…and i still don’t know where the eicar.com file is…
Do the steps on the file you have inside the My Documents folder, Ryan.
The problem is…there is no file. When I was creating it, I clicked save and the file just kind of blinked shortly in My Documents and then just disappeared. And it’s not hidden I’ve tried that also. I’ve deleted the .tmp files with the size of 68Bytes in the Temp folder by going into safe mode. But when I started the PC again normally they reappeared..just with other names. I think I have to delete something else to prevent the reappearing. But what?
This testvirus is way worse than a real one in my opinion.