How to Scan Suspicious Files using Online Scanners
Information
Sometimes files downloaded from the internet or copied from external USB storage may contain malicious content that your usual anti-malware defenses fail to detect. If you ever suspect this to be the case, you can upload these files to sites that are able scan these files more thoroughly.
The advantage of using this technique is that the files are scanned using several different engines (anti-malware products) thereby providing a greater probability of detecting malicious content.
I realise there are a plethora of online scanners available, and every person has their favorite that they swear by. However, the goal of this tutorial is to provide access to the fastest and most reputable sites with the highest number of scanning engines available. As such, this tutorial covers only these sites:
OPSWAT Metascan
VirusTotal
Jotti
Virscan
I have used the EICAR test file to illustrate the scanner report files generated by these sites.
Generally, all these sites work the same way :
1. You access the site,
2. You upload the file (you cannot load more than a single file at a time)
3. The file is scanned and a report is generated
Each site employs a different number of scanning engines, and most have several that are common to each other. Some sites provide access to lesser know engines, and most provide access to the more well known engines (e.g. ESET, Symantec, Microsoft, Kaspersky, F-Secure and Avast to name a few).
Sometimes, one or two scanning engines will flag a file as malicious, whilst the others won't. This may be a false positive, but the onus is on you to make that decision. Generally speaking, those files flagged with the more well known scanning engines should be treated with caution and assumed to be malicious.
There is a limitation on the size of file you can upload, and this varies between 20MB and 50MB depending on the site. Most sites will provide a copy of the uploaded file to the anti-malware providers, even if its not malicious, so take care when uploading files. If in doubt, read the sites privacy policy. OPSWAT Metascan
Online scanners are not a substitute for traditional anti-malware defenses. Ensure you always have a reputable anti-malware product installed and updated on your computer.
System Manufacturer/Model Number Hewlett packard/p6512uk OS Microsoft Windows 7 Home Premium 64-bit 7600 CPU IIx4 amd athelon 635 processor Motherboard FOXCONN 2AA9 Memory 2x2gb Graphics Card ati radeon HD 5450 Sound Card (1) Realtek High Definition Audio (2) AMD High Definition Monitor(s) Displays samsung lcd tv 32" Screen Resolution 1360x 768
Keyboard wireless hp Mouse wireless Hp,optical PSU ? Cooling air! Hard Drives (1) WDC WD10 01FAES-60Z2A0 SATA Disk Device (2) Maxtor OneTouch USB Device (3) ST310003 33AS USB Device (4) WD My Book 1111 USB Device Internet Speed 1.10mb/s Antivirus MSE Browser Firefox
Computer type PC/Desktop System Manufacturer/Model Number Golden Mk. I.3 OS Windows 7 Ultimate SP1 (x64) CPU Intel i7 860 @ 2.80 GHz Motherboard Gigabyte P55A-UD3R Rev.1. Award BIOS F13 Memory 16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24) Graphics Card EVGA NVidia GTX 560 1024MB Sound Card Realtek Integrated Monitor(s) Displays Dual Samsung SyncMaster 2494HS Screen Resolution 1920*1080 and 1920*1080
Keyboard Logitech G110 Mouse Logitech MX518 PSU Thermaltake ToughPower QFan 750W Case Thermaltake Element S VK60001W2Z Cooling Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans Hard Drives 1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
3*Samsung F1 SpinPoint 1TB in RAID5;
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0 Internet Speed Not fast enough!!! Antivirus MSE and Malwarebytes Pro Browser Chrome Version 25 Other Info Laptop: ASUS X54C, Intel Core i3-2330M @ 2.0Ghz, 4GB RAM, Intel HD on-board graphics, Windows 7 Professional SP1 (x64), LinuxMint 14 (x64), PepperMint 3 (x86)
I do find it a bit alarming though, given that the EICAR test file is something that any AV should be able to pick up (and which indeed is an industry standard test), that not all were able to detect it. ByteHero being one such example.
System Manufacturer/Model Number Dwarf Dwf/11/2012 OS Windows 7 Ultimate x64 Service Pack 1 CPU Intel Core-i5-3570K 4-core @ 3.4GHz (Ivy Bridge) (OC 4.2GHz) Motherboard ASRock Z77 Extreme4-M Memory 4 x 4GB DDR3-1600 Corsair Vengeance CMZ8GX3M2A1600C9B (16GB) Graphics Card 2 x AMD Radeon HD7770 1GB CrossFired (OC 1100MHz/1250MHz) Sound Card Realtek High Definition on board solution (ALC 898) Monitor(s) Displays ViewSonic VA1912w Widescreen (VGA) Screen Resolution 1440x900
Keyboard Microsoft Comfort Curve Keyboard 3000 (USB) Mouse Microsoft Comfort Mouse 3000 for Business (USB) PSU XFX Pro Series 850W Semi-Modular Case Gigabyte IF233 Cooling 1 x 120mm Front Inlet 1 x 120mm Rear Exhaust Hard Drives OCZ Agility 3 SSD 120GB SATA III x2 (RAID 0)
Samsung HD501LJ 500GB SATA II x2
Hitachi HDS721010CLA332 1TB SATA II
Iomega 1.5TB Ext USB 2.0
WD 2.0TB Ext USB 3.0 Internet Speed NetGear DG834Gv3 ADSL Modem/Router (Ethernet) ~4.0 Mb/s (O2) Antivirus Avast! 7.0.1474 Browser IE 9 Other Info Optical Drive: HL-DT-ST BD-RE BH10LS30 SATA Bluray
Lexmark S305 Printer/Scanner/Copier (USB)
CTF-430 Tablet & Pen
WEI Score: 7.7/7.9/7.4/7.4/7.9
Asus Eee PC 1011PX Netbook (Windows 7 x86 Starter)
Yes, it is a bit worrying - the image doesn't show all the culprits, but they are ByteHero, StopZilla and Systweak. Certainly products to steer clear of, at least for the time being.
Computer type PC/Desktop System Manufacturer/Model Number Golden Mk. I.3 OS Windows 7 Ultimate SP1 (x64) CPU Intel i7 860 @ 2.80 GHz Motherboard Gigabyte P55A-UD3R Rev.1. Award BIOS F13 Memory 16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24) Graphics Card EVGA NVidia GTX 560 1024MB Sound Card Realtek Integrated Monitor(s) Displays Dual Samsung SyncMaster 2494HS Screen Resolution 1920*1080 and 1920*1080
Keyboard Logitech G110 Mouse Logitech MX518 PSU Thermaltake ToughPower QFan 750W Case Thermaltake Element S VK60001W2Z Cooling Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans Hard Drives 1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
3*Samsung F1 SpinPoint 1TB in RAID5;
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0 Internet Speed Not fast enough!!! Antivirus MSE and Malwarebytes Pro Browser Chrome Version 25 Other Info Laptop: ASUS X54C, Intel Core i3-2330M @ 2.0Ghz, 4GB RAM, Intel HD on-board graphics, Windows 7 Professional SP1 (x64), LinuxMint 14 (x64), PepperMint 3 (x86)
Computer type PC/Desktop System Manufacturer/Model Number Golden Mk. I.3 OS Windows 7 Ultimate SP1 (x64) CPU Intel i7 860 @ 2.80 GHz Motherboard Gigabyte P55A-UD3R Rev.1. Award BIOS F13 Memory 16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24) Graphics Card EVGA NVidia GTX 560 1024MB Sound Card Realtek Integrated Monitor(s) Displays Dual Samsung SyncMaster 2494HS Screen Resolution 1920*1080 and 1920*1080
Keyboard Logitech G110 Mouse Logitech MX518 PSU Thermaltake ToughPower QFan 750W Case Thermaltake Element S VK60001W2Z Cooling Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans Hard Drives 1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
3*Samsung F1 SpinPoint 1TB in RAID5;
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0 Internet Speed Not fast enough!!! Antivirus MSE and Malwarebytes Pro Browser Chrome Version 25 Other Info Laptop: ASUS X54C, Intel Core i3-2330M @ 2.0Ghz, 4GB RAM, Intel HD on-board graphics, Windows 7 Professional SP1 (x64), LinuxMint 14 (x64), PepperMint 3 (x86)
Computer type PC/Desktop System Manufacturer/Model Number Home made Desktop OS Windows 7 Home Premium 64 bit. SP-1 CPU Intel i7-960-3.2 @ 4.25 Motherboard ASUS P6X58D-E Memory KINGSTON KHX2000C9, Hyper X,12 GIGS Graphics Card MSI/Nvidia/460GTX-Cyclone 1GD5/OC Monitor(s) Displays DYNEX 40 IN. Screen Resolution 1920-1080 or 1280-720 HDMI
Keyboard M/S 3000 v 2.0 wireless Mouse M/S 5000 wireless PSU Corsair AX-850 Plus Gold Case Corsair 600T (Black) + side panel with 2 140 mm Noctua fans Cooling Corsair H50/2 Noctua NF-P12 (120 mm) Push/Pull- Hard Drives INTEL SSD 120GB-SER 510
Seagate 1TB SATA 600 7200 rpm Hard Drive Internet Speed 3.0 mb Antivirus Microsoft Security Eesentials Browser I.E. 10 default/Firefox Other Info LG BluRay-Read/Write
Sound system
KLipsch-THX
Asus Router RTN-12
2 Noctua 140 added on top of 600t case
Malwarebytes Anti Malware Professional
Windows 7 Firewall
Computer type PC/Desktop System Manufacturer/Model Number Golden Mk. I.3 OS Windows 7 Ultimate SP1 (x64) CPU Intel i7 860 @ 2.80 GHz Motherboard Gigabyte P55A-UD3R Rev.1. Award BIOS F13 Memory 16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24) Graphics Card EVGA NVidia GTX 560 1024MB Sound Card Realtek Integrated Monitor(s) Displays Dual Samsung SyncMaster 2494HS Screen Resolution 1920*1080 and 1920*1080
Keyboard Logitech G110 Mouse Logitech MX518 PSU Thermaltake ToughPower QFan 750W Case Thermaltake Element S VK60001W2Z Cooling Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans Hard Drives 1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
3*Samsung F1 SpinPoint 1TB in RAID5;
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0 Internet Speed Not fast enough!!! Antivirus MSE and Malwarebytes Pro Browser Chrome Version 25 Other Info Laptop: ASUS X54C, Intel Core i3-2330M @ 2.0Ghz, 4GB RAM, Intel HD on-board graphics, Windows 7 Professional SP1 (x64), LinuxMint 14 (x64), PepperMint 3 (x86)
Computer type PC/Desktop System Manufacturer/Model Number Hewlett-Packard/G62-107SA Notebook OS Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1 CPU Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz Motherboard Hewlett-Packard 1425 Memory 8 GB DDR3 Graphics Card Intel(R) HD Graphics Sound Card Realtek High Definition Audio Monitor(s) Displays Builtin Screen Resolution 1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Mouse Microsoft Bluetooth Notebook Mouse 5000 Hard Drives 250 GB SATA Hard Disk Drive 7200 rpm
2TB Seagate GoFlex USB 2 Drive
1TB Iomega Prestige USB 2 Drive
1.5TB Iomega Prestige USB 2 Drive (Samsung)
1TB Iomega NAS. Internet Speed 60 Mbs download 3 Mbs upload Antivirus Norton 360 Browser Chrome
Information
Warning
