Skip to content

How to Delete the EICAR Test Virus from your Computer

December 29, 2007

Okay. So you couldn’t resist it. You just had to try out the EICAR test virus to see if your virus scanning program worked. So you downloaded it and plunked it on your desktop and tried to run it.

Good news! If you have a major anti-virus program (like McAfee), chances are pretty good it stopped you. Great! Now its time to get rid of it from your beautiful desktop. So you hit the Delete key and… whoops.

“EICAR-test-virus has been blocked. Your computer has not been affected.”

HUH?

Well, you can’t delete it so easily, can you? So you go to the EICAR.org site, and what does it tell you in its long page?

We understand (from the many emails we receive) that it might be difficult for you to delete the test file from your PC. After all, your scanner believes it is a virus infected file and does not allow you to access it anymore… …we are sorry to tell you that EICAR cannot and will not provide AV scanner specific support. The best source to get such information from is the vendor of the tool which you purchased.

Personally, my vendor (BitDefender) didn’t really provide help on this. Hmm. How do you get rid of it?

Well, here is my home-grown way of getting rid of it, among other test viruses. This tutorial assumes that your virus scanner has a quarantine.

How to Get RID of It (for Good)

  1. First, navigate to your virus software control panel.
  2. Find (usually under the Anti-virus tab) your quarantine.
  3. Open up that.
  4. Find somewhere where it says “Add to Quarantine”, a plus sign, or some button that will allow you to add files to the quarantine.
  5. Navigate to the EICAR test virus in the pop-up file browser that appears.
  6. Now the virus is in the quarantine (right)? Hopefully its moved to the quarantine and not just copied.
  7. Now find that file in your quarantine window.
  8. Select the file.
  9. Delete that now-in-quarantine file with a “Delete File from Quarantine” or minus sign button.

Well, now your EICAR file is gone. The next time you want to try it (I usually do once every three months, four every year), just follow these steps and you’ll be in good shape again.

Any other ideas? Rant in the comments.

If you liked this post, feel free to Digg, Del.icio.us, or favorite this post. Thanks. Your encouragement will keep me writing.

Advertisements
9 Comments leave one →
  1. Lewis permalink
    March 28, 2008 12:03 pm

    i cant get rid of it.

  2. March 29, 2008 7:07 pm

    Can you tell me your setup?

  3. Ryan permalink
    March 30, 2008 6:25 am

    i’ve typed in that X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* and saved it as eicar.com in my documents. since then my antivirus pops up every 2 seconds telling me that it has detected a virus. it appears to be c:\WINDOWS\TEMP\tmpE557.tmp
    i’ve tried to delete that file but i cant….and when the antivirus asks me what i wanna do…i click on delete..and it deletes it but then it finds another .tmp file..something like tmpADBD.tmp also in the TEMP folder. it doesn’t matter how many times i delet it it always comes back just with an other name like tmpA1B2.tmp, tmpADB1.tmp etc.
    and the eicar.com txt file i saved in my documents isn’t there…it just kind of disappeared when i saved it..i cant find it anywhere..
    please tell me what to do!!!

  4. Ryan permalink
    March 30, 2008 7:44 am

    oh yeah…and when i open the TEMP folder…i can see the tmp file but when i try deleting it, it says “Cannot delete tmp3B45: Cannot read from source file or disk”.
    and everytime i refresh the folder, the file changes its name (the letters and numbers after the first tmp–> tmp????.tmp)…i cannot change the name or delete it or do anything to the file…and i still don’t know where the eicar.com file is…

  5. March 30, 2008 10:02 am

    Do the steps on the file you have inside the My Documents folder, Ryan.

  6. Ryan permalink
    March 30, 2008 4:48 pm

    The problem is…there is no file. When I was creating it, I clicked save and the file just kind of blinked shortly in My Documents and then just disappeared. And it’s not hidden I’ve tried that also. I’ve deleted the .tmp files with the size of 68Bytes in the Temp folder by going into safe mode. But when I started the PC again normally they reappeared..just with other names. I think I have to delete something else to prevent the reappearing. But what?
    This testvirus is way worse than a real one in my opinion. 🙂

  7. December 12, 2008 3:05 pm

    i dont find a control pannel in my anti virus and i do not seen a quarantine tab
    probbly it s because im using AVG Antivirus NOT McAfree
    hmm…

  8. December 12, 2008 4:37 pm

    @Ryan: It’s okay… if you can’t see it, then it isn’t there, and as long as it isn’t bugging you, then it is okay.

    @Bugs: AVG has a quarantine feature; I used it before… look again.

  9. F-Secure User permalink
    February 5, 2009 12:21 pm

    Hi! I tried out this Eicar test file, and after saving it i got sum Antivirus warnings, and then my AV said that “The object changed name”, so now i got an undeletable New Textdocument.0xt on my desktop, and F-secure doesn´t have “Add to quarantine” button. 😦

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: