Methodology used in testing antivirus solutions for the treatment of active infections.

The test was conducted on a specially prepared workstation running under VMware GSX Server. A “clean” virtual machine running under Microsoft Windows XP Service Pack 2 was cloned for each malicious program. All Microsoft Windows patches available at the time of testing were installed. 

The following antivirus programs were tested:

1. Avast! Professional Edition 4.7
2. AVG Anti-Virus PE 7.5
3. Avira AntiVir CE 7.0
4. AVZ 4.21
5. BitDefender Antivirus 10
6. Dr. Web Anti-Virus 4.33
7. Eset NOD32 Antivirus 2.7
8. F-Secure Anti-Virus 2007
9. Kaspersky Anti-Virus 6.0
10. McAfee VirusScan 2007
11. Panda Antivirus 2007
12. Sophos Anti-Virus 6.0
13. Symantec Norton AntiVirus 2007
14. Trend Micro PC-Cillin 2007
15. VBA32 Antivirus 3.11

The default settings recommended by the relevant vendors were used during the installation of the antivirus solutions on infected computers. All actions recommended by the vendors (such as rebooting the system, installing updates, etc.) were performed.

If the malicious code was not automatically detected by the antivirus solution, an on-demand scan of the folder (or folders) where the malicious program’s files were located was initiated.

Testing steps:

1. The virtual machine was infected with a malicious program (activation of the malicious program).
2. Verification that the virus was successfully installed and active was carried out.
3. The infected system was rebooted multiple times.
4.  An attempt was made to install the antivirus solution and to disinfect the system.
5. If disinfection was successful, analysis of any remaining traces of the infection was carried out.

A dedicated clean virtual machine was used for each selected malicious program sample (step 1). After attempting to install an antivirus program and perform the disinfection, the virtual machine was restored to its initial state after step 3.