Virus Acquisition

[Randem]

This may seem like a strange request but it is valid. I am teaching students
to remove viruses and want to be able to consistantly infect a test computer
with the same viruses each time to teach and monitor proper virus removal.
How would one go about willing infecting their own system for educational
purposes. In this way the results can actually be tested for each student.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
How Banks STEAL Your Money
www.financialtrainingservices.org/bankreviews.htm
Disk Read Error Press Ctl+Alt+Del to Restart
http://www.randem.com/discus/messages/9402/9406.html?1236319938

 

[LVTravel]

This may seem like a strange request but it is valid. I am teaching
students to remove viruses and want to be able to consistantly infect a
test computer with the same viruses each time to teach and monitor proper
virus removal. How would one go about willing infecting their own system
for educational purposes. In this way the results can actually be tested
for each student.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
How Banks STEAL Your Money
www.financialtrainingservices.org/bankreviews.htm
Disk Read Error Press Ctl+Alt+Del to Restart
http://www.randem.com/discus/messages/9402/9406.html?1236319938

Create an uninfected image of the computer for restoring to the uninfected
state.

Find whatever virus or other malware you want to infect the computer with.
Store the infected file or web link on a thumb drive or CD. When needed
for the infection simply run the trigger for the virus or other malware.

Been doing this in classroom settings for many years (at least since 1995)
to show how well different malware cleaning programs work on different virus
or other malware. Up until recently I had 6 different images with different
protection programs (Norton, McAfee, AVG, AVAST, Nod32, Trend Micro)
installed and one image without any. Worked well. Only issue I had was
keeping the programs up to date with their latest malware updates so I did
the updates once a week and had the programs set to not update automatically
(to prevent interruption when started in class.) Could restore from a USB
drive quickly (about 5 minutes) because of the size of the image.

 

[Randem]

The image part I know, the other part is where to locate said viruses not by
mistake.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
How Banks STEAL Your Money
www.financialtrainingservices.org/bankreviews.htm
Disk Read Error Press Ctl+Alt+Del to Restart
http://www.randem.com/discus/messages/9402/9406.html?1236319938

 

[Jeff Barnett]

This may seem like a strange request but it is valid. I am teaching students
to remove viruses and want to be able to consistantly infect a test computer
with the same viruses each time to teach and monitor proper virus removal.
How would one go about willing infecting their own system for educational
purposes. In this way the results can actually be tested for each student.

There is a test virus that all AV packages recognize. It is called
EICAR. It is a weird text string that is used to test software virus
definitions. You might want to use that instead of an actual virus since
it can do no harm. To get a copy go to http://www.symatec.com and search
on "test virus file". Follow the results and you will find .txt, .zip,
and .com versions of EICAR that you can use for testing.

-- Jeff Barnett

 

[1PW]

There is a test virus that all AV packages recognize. It is called
EICAR. It is a weird text string that is used to test software virus
definitions. You might want to use that instead of an actual virus since
it can do no harm. To get a copy go to http://www.symatec.com and search
on "test virus file". Follow the results and you will find .txt, .zip,
and .com versions of EICAR that you can use for testing.

-- Jeff Barnett

I concur with Jeff. That test file can also be had from EICAR itself:

<http://www.eicar.org/anti_virus_test_file.htm>

Of course the file is completely benign, yet universally recognized.

Pete

 

[Twayne]

The image part I know, the other part is where to locate said viruses
not by mistake.

Interesting concept. I've never heard of any such repository though.
Even if I did I wouldn't put it here for obvious reasons.
IMO, if you are going to teach about troubleshooting them, you should
know about the mechanisms anyway, so I'd advise learning some of the ins
and outs of viruses and start creating your own mini-viruses. It makes
no sense to me to be throwing something at a bunch of neophytes that
may/likely will trash so many multiple areas it'd be hard to even know
where to start. In some cases it's not just a case of cleaning; you also
have to replace the system files it borked.
Actually, even without knowing anything about viruses, it would be
easy to bork any one thing in the OS to send them after. YOu could get
lists of what to bork by looking at virus AV maker's manual removal
solutions.

HTH,

Twayne