Check your Virus Scanner !


Don't believe what people are telling and don't trust what magazines are writing about the "best" virus scanner !!
Test it on your own !
With the content of the file "Infected Files.zip" (inside AntiVirusChecker.zip) you can check the quality of your virus scanner.

ATTENTION:
It is very important that you add additional action-based protection. A signature-based Virusscanner is unsecure!!
Read my detailed article about botnets and how to protect yourself!


Follow these steps and read the instructions to the end before you start !!

  1. Create a new folder on your harddisk. (for example C:\Virus )
  2. Unpack the content of the file "Infected Files.zip" into the new folder.
  3. Configure your virus scanner to delete infected files.

  4. Now have a look into the new folder.
  5. If there are any infected files unchanged in the folder, your computer is NOT fully protected !
    Only the file "bszip.dll" should remain.
    Note: Some files may have been repaired (e.g. Macroviruses removed from Word documents) so you should compare your folder with the origional files in the ZIP file! But the filesize may be the same! So you must binary compare the files or at least compare the file date. The best for this test is to tell your scanner not to repair but delete infected files.
  6. Some virus scanners (e.g. F-Secure) come into trouble if you copy many infected files very rapidly to disk. If you copy the files one by one they detect them in AutoProtect mode but if you copy multiple files at once they detect only some of them !!
  7. F-Secure is not able to delete an infection inside another file (e.g. attachment in email) and even if you tell it to delete the whole file (email) it tells you that this is not possible!
  8. Additionally there are some other criteria to choose a virus scanner. E.g. Norton consumes much diskspace, makes your PC extremely slow and once installed you cannot turn it off anymore and the PC will not shutdown anymore!
  9. Trendmicro Office Scan has a very bad habit: sometimes it scans the complete harddisk when the computer boots (before the logon screen appears). This may take up to 5 minutes in which you cannot use your computer!! You don't even get a message whats going on!
  10. Some of the Scanners may also give false alarms!
  11. Some scanners offer additional protection mechanisms. E.g. Kasperky's "Proactive protection" detects if a program tries to inject a DLL into other processes.

The password of the ZIP file is "this file contains malicious content".

NEVER rely on your virus scanner !
If the virus / worm is very new, it will not be detected.

Additionally you should install DiamondCS ProcessGuard, which also protects against very new parasites on your PC which are unknown up to now.

  1. It prohibits that a worm can kill the running processes of your securtity software
  2. that a keylogger can set a global hook to spy you
  3. that a worm can manipulate the memory of another process and inject itself in this way into another program
  4. that a driver (Rootkit) is installed

Note: The names of worms / viruses which are displayed by the virus scanner may differ.
(Example: The Trojan.Anserin also has the names W32.Agent.SJG and Torpig-K, depending on the scanner)
The only important thing is THAT the infection is detected !

File name in ZIP file
Infection
Norton 2006
Bitdefender
8
Kaspersky 6
AntiVir 7
Avast 4
Trendmicro
OfficeScan 8
Norman Virus Control 5.8
Sophos 4
F-Secure
2006
Price:  
40 $
Freeware
30 €
Freeware
Freeware
? (expensive)
55 $
60 €
40 €
A0007284.exe Trojan.Flush.A
detected
detected
detected
detected
detected
detected
detected
detected
detected
alicia.scr W32.Bugbear
detected
detected
detected
detected
detected
detected
detected
detected
detected
AntiTrojan.exe Sober.Mail.2
FAIL
FAIL
FAIL
detected
FAIL
FAIL
FAIL
FAIL
FAIL
ants3set.exe W32.Anset.Worm
detected
detected
detected
detected
detected
detected
detected
detected
detected
BadtransB Email.eml W32.Badtrans.B
detected
detected
detected
detected
detected
detected
detected
detected
detected
Beagle.A.exe W32.Beagle.A
detected
detected
detected
detected
detected
detected
detected
detected
detected
BlackBox-1.jar Trojan.ByteVerify
detected
detected
detected
detected
detected
detected
detected
FAIL
FAIL
BlackBox-2.jar Trojan.ByteVerify
detected
detected
detected
detected
detected
detected
FAIL
FAIL
FAIL
bndmod.exe Adware.Livechat
detected
detected
detected
detected
detected
FAIL
detected
detected
FAIL
bszip.dll no infection
no alarm
no alarm
no alarm
no alarm
no alarm
no alarm
no alarm
no alarm
false alarm
cd_htm.dll Adware.Cydoor
detected
detected
------------ not tested ------------
Counters-1.jar Downloader.Trojan
detected
detected
detected
detected
detected
detected
FAIL
FAIL
FAIL
Counters-2.jar Trojan.ByteVerify
detected
detected
detected
detected
detected
detected
detected
FAIL
FAIL
Counters-3.jar Trojan.ByteVerify
detected
detected
detected
detected
detected
detected
FAIL
FAIL
FAIL
Counters-4.jar Trojan.ByteVerify
detected
detected
detected
detected
detected
detected
FAIL
FAIL
FAIL
cszjj.exe Trojan Horse
detected
detected
detected
detected
detected
FAIL
detected
detected
detected
CV_deu.doc.pif W32-Sircam.Worm
detected
detected
detected
detected
detected
detected
detected
detected
detected
details.pif W32.Sobig.F
detected
detected
detected
detected
detected
detected
detected
detected
detected
DMSETUP.EXE IRC Trojan
detected
detected
detected
detected
detected
FAIL
detected
detected
detected
doc_data-text.txt.pif W32.Sober.K
detected
detected
detected
detected
detected
detected
detected
detected
detected
dreiue.exe W32.Beagle.B
detected
detected
detected
detected
detected
detected
detected
detected
detected
foto.html W32.Beagle.AQ
detected
detected
detected
detected
detected
detected
detected
detected
detected
foto1.exe W32.Beagle.AQ
detected
detected
detected
detected
detected
detected
detected
detected
detected
fpreg4u2.rtf.pif Torvel.B
detected
detected
detected
detected
detected
detected
detected
detected
detected
Funny.scr W32.Sober
detected
detected
detected
detected
detected
detected
detected
detected
detected
Fw U realy Want this !.eml W32.Yaha.F
detected
detected
detected
detected
detected
detected
detected
detected
detected
Geburt.xls.com W32.Sircam.Worm
detected
detected
detected
detected
detected
detected
detected
detected
detected
Kunden Deutsche Bank!.eml Html.Bankfraud.E
FAIL (1.)
detected
detected
detected
FAIL (1.)
FAIL (1.)
FAIL (1.)
FAIL (1.)
detected
hlmicro.exe Adware.Winprotect
detected
detected
detected
FAIL
detected
FAIL
detected
detected
detected
hwiper.exe Trojan.Qhosts
detected
detected
detected
detected
detected
FAIL
detected
detected
detected
IBM00001.exe Trojan.Anserin
detected
detected
detected
detected
detected
FAIL
detected
detected
detected
Information.vbs W32.Beagle.W
detected
detected
detected
detected
detected
FAIL
detected
detected
detected
instruction.pif W32.Mydoom.M
detected
detected
detected
detected
detected
detected
detected
detected
detected
INV43.exe W32.Galil.C
detected
detected
detected
detected
detected
detected
detected
detected
detected
kdll.dll Trojan.Horse
detected
detected
detected
detected
detected
detected
detected
detected
detected
KERNEL32.EXE W32.Badtrans.B
detected
detected
detected
detected
detected
detected
detected
detected
detected
Love-Letter-for-you.vbs VBS.Loveletter.A
detected
detected
detected
detected
detected
detected
detected
detected
detected
Melissa.dot W97M.Melissa.gen
detected
detected
detected
detected
detected
detected
detected
detected
detected
Melissa.vbs Marco.src
detected
detected
detected
detected
FAIL
detected
FAIL
FAIL
detected
message.scr W32.Netsky.P
detected
detected
detected
detected
detected
detected
detected
detected
detected
MoreInfo.pif W32.Beagle.J
detected
detected
detected
detected
detected
detected
detected
detected
detected
MS-Q4932364791.exe W32.Sober.D
detected
detected
detected
detected
detected
detected
detected
detected
detected
msgdog.dll Spyware.Manan
detected
detected
detected
FAIL
FAIL
FAIL
detected
FAIL
detected
msupdate.cmd Adware.Iefeats!dr
detected
detected
detected
detected
detected
detected
detected
detected
detected
MTX-Me_nude.AVI.pif W95.MTX.dr
detected
detected
detected
detected
detected
detected
detected
detected
detected
MTX_.EXE W95.MTX.dr
detected
detected
detected
detected
detected
detected
detected
detected
detected
Navidad.exe W32.Navidad
detected
detected
detected
detected
detected
detected
detected
detected
detected
patch.exe W32.Dumaru
detected
detected
detected
detected
detected
detected
detected
detected
detected
Pmessage-text.txt.pif W32.Sober.F
detected
detected
detected
detected
detected
detected
detected
detected
detected
q451417.exe W32.Swen.A
detected
detected
detected
detected
detected
detected
detected
detected
detected
Re here´s a nice Picture.eml Torvel.B
detected
detected
detected
detected
detected
detected
FAIL
detected
detected
Read It NOW!!!.hta Adware.Iefeats!dr
detected
detected
detected
detected
FAIL
detected
FAIL
detected
detected
readme.scr W32.Mydoom.A
detected
detected
detected
detected
detected
detected
detected
detected
detected
resume.mdb.scr W32.Yaha.F
detected
detected
detected
detected
detected
detected
detected
detected
detected
rundmc.exe IRC.Trojan
detected
detected
------------ not tested ------------
Setup.exe W32.Alcra.B
detected
detected
detected
detected
detected
detected
detected
detected
detected
Shell32.exe Trojan.Servuftp.A
FAIL
detected
------------ not tested ------------
Ska.dll Happy99.Worm
detected
detected
detected
detected
detected
detected
detected
detected
detected
Ska.exe Happy99.Worm
detected
detected
detected
detected
detected
detected
detected
detected
detected
Sonar 4 Keygen.exe W32.Fontra
detected
FAIL (2.)
FAIL (2.)
FAIL (2.)
FAIL (2.)
FAIL (2.)
FAIL (2.)
FAIL (2.)
FAIL (2.)
SVCHOST.EXE W32.Welchia.B
detected
detected
detected
detected
detected
detected
detected
detected
detected
SVGViewer.exe Trojan.Sefex
detected
detected
detected
detected
detected
detected
detected
detected
detected
system-su.6640.EML.scr W32.Sober.I
detected
detected
detected
detected
detected
detected
detected
detected
detected
Systray.exe Backdoor.Iroffer.A
FAIL
detected
------------ not tested ------------
TARGET.exe W32.Klez.H
detected
detected
detected
detected
detected
detected
detected
detected
detected
Taxes.exe Trojan.Tooso.L
detected
detected
detected
detected
detected
detected
detected
detected
detected
TUBEWARM.exe Trojan.Sefex
detected
detected
detected
detected
detected
detected
detected
detected
detected
Untitled1.pif W32.Sobig.A
detected
detected
detected
detected
detected
detected
detected
detected
detected
Vqx7223.exe W32.ElKern.4926
detected
detected
detected
detected
detected
detected
detected
detected
detected
W97.Marker.gen.doc W97M.Marker.gen
detected
detected
detected
detected
detected
detected
detected
detected
detected
web.exe Adware.MainSearch
detected
detected
detected
detected
detected
FAIL
detected
FAIL
FAIL
Windows XP For FREE!.eml Backdoor.Nibu.L
detected
detected
FAIL
detected
detected
detected
detected
detected
detected
Winkio.exe W32.Klez.H
detected
detected
detected
detected
detected
detected
detected
detected
detected
Winzipped-Text_Data.txt.pif W32.Sober.O
detected
detected
detected
detected
detected
detected
detected
detected
detected
Wsock32.dll W95.MTX
detected
detected
detected
detected
detected
detected
detected
detected
detected
Your_money.hta W32.Beagle.X
detected
detected
detected
detected
detected
detected
detected
detected
detected

Notes:

  1. Html.Bankfraud.E is not an infected file. But it is a malicious email, which asks you to enter your bank account data into a webpage which imitates the look of the origional page. (Phishing)
  2. These test results were valid at the day the ZIP file was created. (May 2006)
    W32.Fontra was 5 days old at this time and not yet detected by all scanners.
  3. To compare Virusscanners you can also upload an infected file to Virustotal which will scan it with 37 virus scanners!


Download ZIP file with infected archives on my download page.


Zurück zur Startseite   (mit Inhaltsverzeichnis der Homepage)
Back to start page (with index of homepage content)