• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 289
  • Last Modified:

how can i get antivirus detection(s)

hello guys,
i'm trying to figure out a way to get an application to be detected by most (if not all) anti viruses.
normally i would use the EICAR test file BUT i cant use it in this because its too small...
i tried using it as a string in an .exe witch i found out doesnt work because..
[quote]The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters.[/quote]
and its also .com not .exe
So, does anyone know a way to get AV detections (without harmful code)?
(i was thinking, a downloader that doesn't download anything surprisingly that wasn't very detected...)

0
electrodude102
Asked:
electrodude102
  • 3
  • 3
1 Solution
 
delphibrCommented:
Hello!

Have your heard about W32/Induc-A virus? Have a look in this link: http://isc.sans.org/diary.html?storyid=7009

I was infected sometime ago, and looking for the sysconst.dcu contaminated file to send to you...

You can use http://www.virustotal.com to test your "contaminated" file...

Wait for my return.

DelphiBR
0
 
delphibrCommented:
Hello again,

This link shows the code of the "virus", for you to change the file sysconst.pas (inside "Source\Rtl\Sys"):

http://www.viruslist.com/en/weblog?weblogid=208187826

Use www.virustotal.com for check.

I hope this help you!

DelphiBR
0
 
electrodude102Author Commented:
hmm that is a great idea,
however if you run that code it will 'infect' you (if they have Delphi...) even though its harmless i don't really want to go around spreading a worm.

if no one else answers(better) ill accept yours.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
delphibrCommented:
Well, you can "change" that code in order to not infect other files...

Another idea is to use some "keyboard hook" code found on internet. Most of then are detected by antivirus... have a look:

http://www.google.com.br/search?source=igrlz=&q=delphi+keyboard+hook

DelphiBR
0
 
electrodude102Author Commented:
'that' isn't the whole induc.a code, its actually about 110~ lines long (i found it if you want me to post it)
i [i]could[/i] use it i'm just looking for something smaller, and would have to edit less, first.
0
 
electrodude102Author Commented:
wasn't exactly what i was looking for but its usable.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now