Day: February 20, 2006

Security

Pulling viruses out of the AVG vault

I was over at the Internet Storm Center and saw a simple how-to on retrieving viruses from the AVG vault for sending in to malware testers.

From the article:

Steps to export viruses from the AVG vault for analysis.

  1. Create a directory to store the files in.
  2. Open avg.
  3. Select the virus vault.
  4. Click on the virus you wish to restore.
  5. Choose restore, that will prompt you for the directory to restore the virus into.
  6. Select the directory created in step 1
  7. avg will alert again if its in active monitoring mode. choose continue.
  8. Turn off avg resident shield protection if you plan to package the viruses up for submittal for malware analysis.
  9. Select the AVG resident shield and unselect “turn on avg resident shield protection”, Click apply.
    Remember to turn resident shield back on as soon as your [sic] done with the virus.

There are further instructions in the article, including how to package a virus for sending for analysis. If you want to test this on your own machine so you know how to do it use the eicar test file (literally the following 68 characters: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* saved as a .com file) which will show up as a virus without actually doing or attempting to do any damage to your system.