When malware gets onto the system, one of the first things it may do is disable your antivirus scanner. It may also modify the HOSTS file to block access to antivirus update servers.
Testing Your Antivirus
An EICAR test file will help you determine whether your antivirus scanner has been disabled. EICAR is a non-viral string of code that most antivirus software have included in their signature definition files specifically for this purpose.
An EICAR test file can be easily created using any text editor, i.e. Notepad. To create an EICAR test file, copy and paste the following line into a blank Notepad file:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save the file as EICAR.COM. It is now ready for testing. In fact, if your active protection was working properly, the simple act of saving the file should have triggered an alert.
Checking the HOSTS File
On XP, Vista, and Windows 7, the HOSTS file is located in the C:\Windows\System32\drivers\etc folder. To read the contents of the HOSTS file, just double-click it and choose Notepad (or your favorite text editor) to view it.
If you discover the HOSTS file has been tampered with and need to make edits, see How to Edit the HOSTS File.