0

I'm trying to make a program that gets detected by almost all antiviruses, but the program shouldn't do anything to the computer. I am attempting to get a trogan/rat/worm false positive, but if I put rats I made into the system, it doesn't alert the AV. I know they detect on a list and not on the fly, can I change the programs fingerprint to one that is commonly used as a virus?

How do I make anti-viruses detect a false positive?

Dubstep
  • 137
  • 1
  • 10
  • 1
    Make it very explicit to users that this **will** happen. A virus scanner may kick in as soon as a user even downloads the program. And in a corporate environment, this likely triggers an investigation by the IT department. – MSalters Oct 16 '20 at 15:00

2 Answers2

1

Eicar is the standard file for testing Anti-Virus programs are working: https://www.eicar.org/?page_id=3950

Douglas Leeder
  • 52,368
  • 9
  • 94
  • 137
  • Very interesting, I learned something new today. However, would it be sufficient to _include_ this file (which is raw ASCII text) in your program source code? I'm not sure if using a side file is an acceptable answer for OP. – Pac0 Oct 16 '20 at 14:44
  • This is useful, though it isn't detected by Malwarebytes, is there a similar text that is detected with malwarebytes? – Dubstep Oct 16 '20 at 14:46
  • @Dubstep Malwarebytes is not per se an "antivirus". Quote: "Malwarebytes Anti-Malware is not meant to be a replacement for antivirus software." from https://confluence.cc.lehigh.edu/display/LKB/MalwareBytes+FAQ – Pac0 Oct 16 '20 at 14:49
  • @Pac0: The eicar site defines that the AV software should detect any file between 68 and 128 bytes, _starting_ with those 68 specific bytes. It's fairly obviously not Python code, since it starts with `X5O!P`. But if you just name it `eicar.py` and ship it with your Python program, it should be detected. – MSalters Oct 16 '20 at 14:59
  • After some testing, I realize this gets detected as a eicar file. I'm trying to get a false positive that if looked into by a human, they would not be able to disprove that it's a malicious virus. – Dubstep Oct 16 '20 at 15:19
0

So I tried to make an PUP(Potentially Unwanted Program) and was successful too. It was flagged by windows defender What I did was make a python script which will automatically run in background, download a Video, and then it changes the program's Directory too..

Artificial Intellegence
  • 81
  • 8
  • 1
    As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Sep 27 '21 at 23:07