I have seen more than my fair share of malware infected PCs. Fortunately it’s not due to infecting my own computers but working on client computers. After seeing enough of them, you know some trends that virus families tend to share. For example, an executable file in the user’s profile folder or a jibberish name in the AppData folder with an executable or dll file in it that is started at logon through the Registry… those are usually suspect and related to the malware infection. They might not always be malicious files though, so it would be nice to be able to check the file to know for sure. You can typically right-click on the file and run a scan on the file with your antivirus (You do have an antivirus installed, right?) but this is the same antivirus that let the file in in the first place.
You can get more than a second opinion on the file through the website VirusTotal. Just visit the website and upload the suspicious file (up to 64 MB in size) and submit it. After the file uploads the server, it will hash the file and search its database to see if it has seen the file before. If a recent scan has been run on it, you can jump directly to the report, saving you and the site time from running a scan again.
If VirusTotal has not seen the file before or you elect to run an updated scan on a previous report, the site will check the file against 46 different antivirus programs. The report will tell you if any antivirus programs detected the file as bad and using which antivirus definition. Instead of relying on just one antivirus, you can use the site to check the file against the majority of other security software packages out there.
Even if a file is not suspicious but you just want to double-check it before you run the file, VirusTotal works great. The site is also good if you suspect your AV is throwing a false positive for a file. I should also mention that it is a free service. In addition to scanning files, you can scan URLs using the VirusTotal URL Scanner. It utilizes 33 different URL scanners to check if a website is suspicious or has a bad reputation.
I have had a few instances when VirusTotal would not work or didn’t like the file I was trying to upload or perhaps the installed malware was blocking the upload from even completing correctly. Scary! At those times, I have searched around for other multi-AV scanners and found a few alternatives which confirmed that indeed the file was a known bad guy. Some others you might try out include: VirSCAN and Jotti.
“Two heads are better than one!” The same can be said about antivirus engines.