- slide 1 of 3
Online Virus Scan Using VirusTotal
VirusTotal is a free online virus, malware and URL scanner. The service is provided by Hispasec Sistemas, an independent IT security laboratory. Online scanning of virus or malware by VirusTotal is not an antivirus replacement or protection but to report or submit suspicious or positive malware samples. Computer users who have suspicious samples that are not detected by installed antivirus programs can submit the files using VirusTotal website or VirusTotal Uploader as long as the file size does not exceed 20MB. If you are using a proxy connection or you want to use a secure connection, VirusTotal lets you send the files for analysis with SSL protocol. Submitted files are scanned using multiple antivirus scanner engine by antivirus or anti-malware vendors. The samples are sent to the participating antivirus company for further analysis. If the sample is not known or a variant, it will be added to protect their customers.
- slide 2 of 3
VirusTotal Website & VirusTotal Uploader
To scan files using VirusTotal online virus scan, you can use the following method:
- VirusTotal website - By visiting the website using any browser, you will be able to submit files to scan. The file is scanned against the detection database of several antivirus vendors and the result is presented in the browser. If the hash value is found in the VirusTotal (VT) database, you will see the available scan result. If you'd rather see a new scan result, e.g. to find out if other antivirus has added detection after it was submitted a day or two ago, you have the option to re-scan your submission.
- VirusTotal Uploader - This is the small application that you will install in your computer. If you are using Vista or Windows 7, you have the option to install the application with elevated permission: After the install, you can right-click on any file to submit for online scan using VT. You can also open the VirusTotal Uploader to start using the advanced feature of the application: The application uses little hard-disk space, which means it's worth adding it in your computer!
Similar to VirusTotal online scan website, the VirusTotal Uploader can detect if the files you submitted using the application have been already scanned by their service: By re-uploading the sample, it will be scanned again. The running processes is displayed by VirusTotal is good because it refreshes the list of running processes in no time. In the screenshot below, a FakeAV downloader that I received in a malware spam message this week is automatically detected by VirusTotal Uploader as new running processes, right after I execute:
Note that the said malware sample file_13671.exe will immediately shut-down itself to launch the Security Tool virus and you'll notice in the next image that VirusTotal Uploader has detected the new malware processes 986934.exe, and dropped by file_13671.exe.
- slide 3 of 3
VirusTotal Email Interface and VTzilla Firefox Plugin
Other methods to use VirusTotal virus, malware and URL scanner:
- VirusTotal email interface - If you rather email a file to scan, simply send an email to email@example.com. Type SCAN in the subject field of the message or SCAN+XML as the subject to receive an XML attachment with the results. Note that you can only send up to a 20MB file.
- VTzilla Firefox Plugin - Firefox users can now scan the URL of the site you are viewing, or scan a link. Just download the installer of VTzilla add-on for Firefox. The scanner will check the status of the website against the database of Opera, Firefox, Google SafeBrowsing, Microsoft SmartScreen, PhishTank and TRUSTe. The above is a sample of a clean site - calendarofupdates.com while below is a rogue website but not detected as a malicious site or website that is hosting a rogue program, Internet Security 2010.
If you want to search VirusTotal service for file, URL or comments by VTCommunity users, simply enter it in the add-ons box of VTzilla.
Image Credits: VirusTotal Logo (http://www.virustotal.com), screenshot taken by Donna Buenaventura