Tag Archives: malware files

August 19, 2011 · 10:14 am

OPSWAT’s Metascan Online – A VirusTotal Alternative

imageI’m right and you’re wrong.

No, I’m right and you’re wrong!

You’re listening to a couple of sports fans arguing over who’s the best tennis player maybe? Could be – but, if you’re analyzing a downloaded file with more than one antimalware application (and you should), you could be witnessing a more serious difference of opinion.

You’ve primary anti-malware application is advising you that the application you just downloaded contains malware. But, since you’re an aware computer user, you’ve launched your secondary malware scanner and – surprise – there’s a difference of opinion – no malware.

So, you’re now dealing with the big question – are you dealing with a false positive thrown up by the primary malware scanner, or is it more likely that the secondary scanner is misbehaving?

You could just flip a coin, or go with your best guess – but, you didn’t become a super user by flipping coins, or guessing, when it comes to your system’s security. No, you’re better than that, so you upload the questionable file to VirusTotal, where it will be scanned for nasties by thirty five plus diverse online scanners.

image

VirusTotal result – a clean file. Elapsed time on this scan – under a minute.

image

As an alternative to VirusTotal, or in addition to (maybe not a bad idea), you can run the file through a new service now being offered by OPSWAT, the company behind the highly recommended AppRemover.

OPSWAT’s Metascan Online, is similar in many respects to VirusTotal – as the following screen shots indicate.

Browse your Hard Drive for the file to be uploaded (for this test I’ve selected a different executable – 15 MB as opposed to 3 MB).

image

image

Detailed results are shown in the  following screen capture. As you can see – the file has been processed through 19 AVs and has come up clean. Elapsed time on this scan – just over a minute.

image

This new service was launched just a few days ago, so you may experience a glitch or two. In testing, over several days (in both Windows and Ubuntu Linux), I must admit I bumped my head a time or two,  but after speaking with the company, the minor server issues I encountered were resolved quickly.

Responsiveness to customer issues is the hallmark of a client centered organization, and OPSWAT certainly meets that test.

Fast facts:

Use of multiple antivirus engines

Real-time automatic updates of virus signatures

Detailed results from each antivirus engine

Real time global statistics available

image

image

Keep in mind, an online scanning service is not a substitute for an appropriate local defense system, including a firewall (either software or hardware), and a sound and effective anti-malware application.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Anti-Malware Tools, Cloud Computing Applications, Don't Get Hacked, Freeware, Malware Protection, Online Malware Scanners, OPSWAT, Recommended Web Sites, Windows Tips and Tools

Tagged as , , , , , , , , , , , , ,

December 30, 2010 · 10:35 am

Two Free VirusTotal Apps Can Help You Catch Malware Preemptively

imageYou’ve run your primary anti-malware application, and up pops a notice advising you that you have an infection. But since you’re an aware computer user, you launch both your secondary malware scanners in sequence and – surprise! According to your secondary scanners you are not infected.

But, you’re aware that anti-malware programs that rely on a definition database to identify malware files, can often be behind the curve in recognizing the newest threats.

So, decision time. Do you then trust your primary anti-malware application and attempt removal, or instead, do you trust the results produced by your secondary scanners, and leave well enough alone?

In reality, you’re not limited to just these two choices. There is another option open to you.

If you’re worried about a specific file, here’s an interesting twist on free Online scanners – you can have any computer file (files are restricted to a maximum of 20 megabytes), scanned for nasties by thirty five plus diverse online scanners; all in one go, through VirusTotal.

To take advantage of this service, simply upload a file that you’re uncertain of to Virus Total, or as an alternative, submit your suspicious file to Virus Total by email. What could be simpler?

image

File submissions (Last 7 days)

This graph shows the number of files received at VirusTotal over the last 7 days. The image illustrates how many of these were new at VirusTotal, and the submissions which were detected by at least one antivirus. Click on any graphic to expand to original size.

image

Top 10 file submissions (Yesterday – December 29, 2010)

This table shows the most submitted files yesterday to VirusTotal, the last detection rate, and the number of times they were submitted is specified.

image

Quick facts:

Free, independent service

Use of multiple antivirus engines

Real-time automatic updates of virus signatures

Detailed results from each antivirus engine

Real time global statistics

Keep in mind, this service is not a substitute for an appropriate local defense system, including a firewall (either software or hardware), and a sound and effective anti-malware application.

Upload your suspicious file/s to: Virus Total

VTzilla:

 

VirusTotal recently released a Firefox only extension – VTzilla. VTzilla has been designed to scan URLs, links, and files (potential downloads) for malware, by employing the installed toolbar, or alternatively, the right click context menu.

Using the toolbar, I’ve plugged in my own site address as an example.

image

VirusTotal’s report indicates my site is a safe site, and does not contain malware.

image

Next, I visited Download.com and set up a download. Before saving the file however, using the right click context menu again, I had VirusTotal perform a scan.

image

The result indicates a clean site.

image

A couple of caveats:

Regular VirusTotal users are aware that file size is restricted to 20 MB or less, and this restriction unfortunately, is still in effect for this new service.

VTzilla is available only as a direct download from the developer’s site at the moment. It should be available from Firefox’s add-on repository, in due course.

Overall, I think this extension has some value. But, it is not a panacea. More and more, if a site is imbedded with malware, just visiting the site can trigger a driveby download. Porn surfers particularly, need to take note of this.

System requirements: Firefox 1.5 – 3+

Download at: the developer’s site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under Anti-Malware Tools, Browser add-ons, cybercrime, Don't Get Hacked, downloads, Firefox Add-ons, Freeware, Internet Safety Tools, Malware Protection, Safe Surfing, Software, Windows Tips and Tools

Tagged as , , , , , , , , , , ,

May 28, 2010 · 11:11 am

False Malware Positive? Or Not? How Do You Decide?

imageYou’ve run your primary anti-malware application, and up pops a notice advising you that you have an infection. But since you’re an aware computer user, you launch both your secondary malware scanners in sequence and – surprise! According to your secondary scanners you are not infected.

But, you’re aware that anti-malware programs that rely on a definition database to identify malware files, can often be behind the curve in recognizing the newest threats.

So, decision time. Do you then trust your primary anti-malware application and attempt removal, or instead, do you trust the results produced by your secondary scanners, and leave well enough alone?

In reality, you’re not really limited to just these two choices. There is another option open to you.

If you’re worried about a specific file, here’s an interesting twist on free Online scanners– you can have any specific computer file (files are restricted to a maximum of 10 megabytes), scanned for nasties by thirty five plus diverse online scanners, all in one go, through VirusTotal.

To take advantage of this service, simply upload a file, that you’re uncertain of, to Virus Total, or as an alternative submit your suspicious file to Virus Total by email. What could be simpler?

image

The following graphics indicate just how efficient this free service is.

Received Files/Infected Files (Last 24 Hours) May 28, 2010:

This image shows the number of files that have been detected as infected (red) among the total number of files received within the last 24 hours (clean ones marked in blue).

Received Files / Infected Files (Last 24 Hours)

Top 10 Infected Files (Last 24 Hours), May 28, 2010:

This image shows the list of the most-uploaded infected files received within the last 24 hours.

Top 10 of Infected Files

Quick facts:

Free, independent service

Use of multiple antivirus engines

Real-time automatic updates of virus signatures

Detailed results from each antivirus engine

Real time global statistics

Keep in mind, this service is not a substitute for an appropriate local defense system, including a firewall (either software or hardware), and a sound and effective anti-malware application.

Upload your suspicious file/s to: Virus Total

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

15 Comments

Filed under Anti-Malware Tools, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Malware Reports, Online Malware Scanners, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Tagged as , , , , , , , , , , ,