{"id":147,"date":"2006-02-20T11:00:00","date_gmt":"2006-02-20T20:00:00","guid":{"rendered":"http:\/\/www.evardsson.com\/blog\/2006\/02\/20\/pulling-viruses-out-of-the-avg-vault\/"},"modified":"2007-03-03T11:44:26","modified_gmt":"2007-03-03T20:44:26","slug":"pulling-viruses-out-of-the-avg-vault","status":"publish","type":"post","link":"https:\/\/www.evardsson.com\/blog\/2006\/02\/20\/pulling-viruses-out-of-the-avg-vault\/","title":{"rendered":"Pulling viruses out of the AVG vault"},"content":{"rendered":"<p>I  was over at the <a href=\"http:\/\/isc.sans.org\" title=\"Internet Storm Center\" target=\"_blank\">Internet Storm Center<\/a>  and saw a <a href=\"http:\/\/isc.sans.org\/diary.php?storyid=1137\" title=\"Getting viruses out of the AVG virus vault\" target=\"_blank\">simple how-to<\/a> on retrieving viruses from the <a href=\"http:\/\/free.grisoft.com\" title=\"AVG free Windows\/Linux Anti-Virus\" target=\"_blank\">AVG<\/a>  vault  for sending in to malware testers.<\/p>\n<p>From the article:<\/p>\n<blockquote><p><strong>Steps to export viruses from the AVG vault for analysis.<\/strong><\/p>\n<ol>\n<li>Create a directory to store the files in.<\/li>\n<li>Open avg.<\/li>\n<li>Select the virus vault.<\/li>\n<li>Click on the virus you wish to restore.<\/li>\n<li>Choose restore, that will prompt you for the directory to restore the virus into.<\/li>\n<li>Select the directory created in step 1<\/li>\n<li>avg will alert again if its in active monitoring mode. choose continue.<\/li>\n<li>Turn off avg resident shield protection if you plan to package the viruses up for submittal for malware analysis.<\/li>\n<li>Select the AVG resident shield and unselect &#8220;turn on avg resident shield protection&#8221;, Click apply.<br \/>\n<span style=\"font-weight: bold; font-style: italic\">Remember to turn resident shield back on as soon as your<\/span> [sic] <span style=\"font-weight: bold; font-style: italic\">done with the virus.<\/span><\/li>\n<\/ol>\n<\/blockquote>\n<p>There are further instructions in the article, including how to package a virus for sending for analysis. If you want to test this on your own machine so you know how to do it use the <a href=\"http:\/\/www.eicar.org\/anti_virus_test_file.htm\" title=\"eicar: Anti-Virus test file\" target=\"_blank\">eicar<\/a> test file  (literally the following 68 characters: <span style=\"background-color: #ffffcc\">X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*<\/span> saved as a .com file) which will show up as a virus without actually doing or attempting to do any damage to your system.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was over at the Internet Storm Center and saw a simple how-to on retrieving viruses from the AVG vault for sending in to malware testers. From the article: Steps to export viruses from the &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10],"tags":[147],"class_list":["post-147","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pxT7i-2n","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/posts\/147","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/comments?post=147"}],"version-history":[{"count":0,"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/posts\/147\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/media?parent=147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/categories?post=147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.evardsson.com\/blog\/wp-json\/wp\/v2\/tags?post=147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}