False Malware Positive? Or Not? How Do You Decide?

imageYou’ve run your primary anti-malware application, and up pops a notice advising you that you have an infection. But since you’re an aware computer user, you launch both your secondary malware scanners in sequence and – surprise! According to your secondary scanners you are not infected.

But, you’re aware that anti-malware programs that rely on a definition database to identify malware files, can often be behind the curve in recognizing the newest threats.

So, decision time. Do you then trust your primary anti-malware application and attempt removal, or instead, do you trust the results produced by your secondary scanners, and leave well enough alone?

In reality, you’re not really limited to just these two choices. There is another option open to you.

If you’re worried about a specific file, here’s an interesting twist on free Online scanners– you can have any specific computer file (files are restricted to a maximum of 10 megabytes), scanned for nasties by thirty five plus diverse online scanners, all in one go, through VirusTotal.

To take advantage of this service, simply upload a file, that you’re uncertain of, to Virus Total, or as an alternative submit your suspicious file to Virus Total by email. What could be simpler?


The following graphics indicate just how efficient this free service is.

Received Files/Infected Files (Last 24 Hours) May 28, 2010:

This image shows the number of files that have been detected as infected (red) among the total number of files received within the last 24 hours (clean ones marked in blue).

Received Files / Infected Files (Last 24 Hours)

Top 10 Infected Files (Last 24 Hours), May 28, 2010:

This image shows the list of the most-uploaded infected files received within the last 24 hours.

Top 10 of Infected Files

Quick facts:

Free, independent service

Use of multiple antivirus engines

Real-time automatic updates of virus signatures

Detailed results from each antivirus engine

Real time global statistics

Keep in mind, this service is not a substitute for an appropriate local defense system, including a firewall (either software or hardware), and a sound and effective anti-malware application.

Upload your suspicious file/s to: Virus Total

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under Anti-Malware Tools, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Malware Reports, Online Malware Scanners, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

15 responses to “False Malware Positive? Or Not? How Do You Decide?

  1. I use Virus Total and it works really well, I also think HiJack This is very useful.

    • Bill Mullins

      Hey Mark,

      HiJack is an absolute necessity – wouldn’t be without it.

      Have a terrific holiday weekend.



  2. Mal

    Hey Bill,

    A good reminder to never rely on just one program.


    • Bill Mullins

      Hey Mal,

      Using one application only, can lead to one acting on misinformation, for sure.



  3. Georg Lechner

    …and what if the file in question contains confidential information? For all the tea in China I would not distribute it unencrypted and via Internet to 35+ unknown parties.



    • Bill Mullins

      Hi George,

      I agree – but the intent of the article was not to suggest abandoning common sense.



  4. Liam O' Moulain


    Great article as usual.

    BTW, I re-looked and couldn’t see where you suggested sending confidential files in the clear.


  5. Bill,
    Good article on Virus Total and I agree it’s a great tool. A secondary benefit of sorts is that you get to see how many of the mainstream AV vendors test negative when a virus is present. It will really surprise you.

    • Bill Mullins

      Hey Paul,

      Yes, I agree “you get to see how many of the mainstream AV vendors test negative when a virus is present”. As you say, the results can be surprising.

      Thanks for dropping by.



  6. Adrian

    The program AnVir Task Manager free edition has a feature that allows you to scan running processes directly through VirusTotal in it’s interface. I regularly use this function to check my new installations.

  7. Ranjan

    Hi Bill,
    Nice reminder about online scanners… So bad HJT isn’t fully compatible with se7en x64..
    Btw, heard about the new phising concept- Tabnagging…?
    However, the new version of NoScript is resistant to this attack. One more reason as why to have latest versions of programs… 😛

    • Bill Mullins

      Hey Ranjan,

      Yes, HJT needs to get up to speed with a x64 edition.

      I covered the so called “tabnapping” issue a few days ago – another tempest in a teapot, in my view.


  8. Pingback: » False Malware Positive? Or Not? How Do You Decide? « Bill Mullins … RWPS