Pages:
Author

Topic: [Guide] Virustotal scan guideline to detect viruses, trojans, malwares, worms - page 2. (Read 1148 times)

legendary
Activity: 2730
Merit: 7065
Unfortunately Virustotal can only help you with already known threats and viruses by comparing the code to known threats. If you are unlucky and download a file that contains a fresh code with a virus then Virustotal will not be able to help you since it is the first time they see the code. The results can come back as clean while in fact you get infected and if you do a 2nd scan in a few days you see that some antivirus engines are already registering the file as a threat.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
Glad to see your post.
I highly appreciated your help with list of sites for checking viruses and other types of threats.
I already added them into the OP.
full member
Activity: 924
Merit: 221
Uploading the downloaded files to check if it is clean or not could also help detect virus but it also cannot detect other kinds of viruses even if you did have a anti-virus software. Some files are detected as malware even if you really know that the file is not a malware or a virus.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
tranthidung, this is very good advice for every user which for some reason does not have any AV/AntiMalware protection. Some people often complain that the price of such sotware is quite expensive, and I agree that 50-60$ for one year subscriptions is maybe too much, especially if we consider that one hardware wallet (Nano S) has approximately such a price. But there is some free AV solutions, maybe not so good as pay version - but in any case better then nothing.

The weak side of this kind of protection is that user is usually first visit some site, and then is checking that URL, which in some cases may be a little too late to prevent infection. However, it should be kept in mind that this is a free service, and that users do not have to rely completely on the results.

I found some pages similar to this one :

hero member
Activity: 1834
Merit: 759
Can this online tools scan the inside of rar files that protected with a password? Google drive doesn't accept such files and it keeps rejecting.

If you compressed them yourself, then probably. This is in their site:

My network/system blocks malware uploads, can I upload encrypted compressed files in order to avoid this restriction?

Indeed, you may place the file that you wish to scan inside an encrypted ZIP file, VirusTotal will automatically extract the inner file and get it scanned for you, asking you whether you wish to render the report for such inner file. In order to be able to inspect the ZIP file its password must be one of the following: infected, password, test, 1234, virustotal, virus, compressed.

Otherwise, you may have to extract them yourself first, which I wouldn't recommend.
hero member
Activity: 1358
Merit: 509
Can this online tools scan the inside of rar files that protected with a password? Google drive doesn't accept such files and it keeps rejecting.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
< ... >
Appreciated your contribution.
This is why I mentioned two steps in order there
It should be better if you do both steps in order:
1) Checking URLs.
If the results from URLs-checking are good, clean, no threat detected, you should continue with the second step.
If If the results from URLs-checking show threats detected, you should stop immediately. There is no reason to continue with the second step or downloading/ installing files from the URLs.
2) Checking files after the URLs-checking results shown no threat detected.

Of course, you can ignore the first step, and jump directly into the second step. It's personal approach, but I would like to do both two steps in order.

There is no reason to download files from ugly sites, so if the first step found threats on sites, we should stop immediately and don't download any file from those sites.
legendary
Activity: 2044
Merit: 1030
I'm looking for free spin.
Checking a file directly from URL always results in "clean" results every time I tried.
However, after downloading the same file and using the "File" tab, some heuristics (especially, aggressive ones) may show positive results.

Thus, using the "URL" tab to download links directly may not be reliable, only for detecting if the website has bad/malicious scripts.

Agree with this I tried scanning some website or direct download url with .zip or .rar extension is always result clean this is not working to check a file online.

The best is that you need to download the file first and extract the file and upload it to virus total before you scan it. In this way you can scan the whole file if it's infected or not.

So the method 2 is fine but the first method is not working it only scan the whole page. It is only used for scanning your own website if your website is infected.
legendary
Activity: 3472
Merit: 10611
Checking a file directly from URL always results in "clean" results every time I tried.
However, after downloading the same file and using the "File" tab, some heuristics (especially, aggressive ones) may show positive results.

Thus, using the "URL" tab to download links directly may not be reliable, only for detecting if the website has bad/malicious scripts.

it actually is 100% reliable but you have to understand what the result it gives you means. when you check the following: www.somewebsitelink.com/somefile.exe the site does NOT download the .exe, instead it checks that URL that you just gave it and sees if the webpage hosting this file has any viruses.

in fact this is one of the weaknesses of Virustotal in my opinion, it has no option to download and check files on its own. you have to download them yourself on your computer then upload that file to their servers and then have it checked!
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
By the way, sometimes we get to see false positive and negatives from virustotal.
Results from virustotal should not be taken as final.

A perfect example that sometimes produces false positives is Electrum wallet app and other wallets
- https://bitcointalksearch.org/topic/m.48917707
- https://bitcointalksearch.org/topic/virustotal-detect-2472156
So it would be a point worth noting
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
Checking a file directly from URL always results in "clean" results every time I tried.
However, after downloading the same file and using the "File" tab, some heuristics (especially, aggressive ones) may show positive results.

Thus, using the "URL" tab to download links directly may not be reliable, only for detecting if the website has bad/malicious scripts.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
GUIDELINE TO USE VIRUSTOTAL.COM TO SECURE YOUR ASSETS FOR FREE


Notes:
- Please remember that this one is a free online service, it should be used only as substitution of professional antivirus or internet security softwares for someone who don't have those softwares on their devices (lack of money, or anything else).
- You all should protect yourself better by spending money to own antivirus or internet security softwares on your devices.
- It is very cost-effective investment for your assets.
- If anyone has intention to translate the topic into your local language, please feel free to do this. I always want to spread helpful things out, especially from my original contributions. Please make sure that you make high quality translation, not shit one from Google Translator.
- Having and maintaining healthy habits and behaviours on Internet space are the best way to protect your devices and your assets.
Because antivirus softwares or internet security softwares only help us from well-known threats. @Pmalek mentioned about it there:

Unfortunately Virustotal can only help you with already known threats and viruses by comparing the code to known threats. If you are unlucky and download a file that contains a fresh code with a virus then Virustotal will not be able to help you since it is the first time they see the code. The results can come back as clean while in fact you get infected and if you do a 2nd scan in a few days you see that some antivirus engines are already registering the file as a threat.
bob123's suggestion (click on quote link to see full post):
Using AV's (whether paid ones on your computer, or online services like virustotal) does only protect you against 1) known and very wide-spread malware and 2) malware created by script-kiddies or any other non-commercial cyber criminals.


Translations:


Objectives:

(1) Using the online platform to detect viruses, trojans, worms, malwares before downloading and installing unknown sources;
(2) Securing your computers and all kind of assets, including digital assets, for free.



History
Virustotal.com is the online free service that has a long history.
The platform started in late of 2011, you can visit its blogsite for more information.
Years from its beginning, the virustotal.com has been widely used by lots of people, mainly because it is totally free to use, and its power to detect potential threats.
It is more helpful for crypto enthusiasts who usually work online and have to download, install new wallets from new crypto projects.
Please remember that you all should check the security and potential threats inside unknown sources before doing anything else (downloading, installing, etc.)


Steps to use virustotal.com

(1) Visiting the site
The site is available there: https://www.virustotal.com/en/

(2)Checking potential threats
There are two strategies you can use to check potential threats
As you can see in the below attached image, you can check threats via files or URLs.
I will take GINcoin wallet and URL of its wallet as a case study here

2.1. Checking URLs
First, make sure that you already choose the URL tab, before doing the next step
Second, copying and pasting the URLs that you want to check potential threats, like the below image
Lastly, clicking on the scan button, wait a little bit to get resutls.
Results:
Detection ratio is 0/69.
No threat found, and the URL is safe.

2.2. Checking FILEs
After downloading GINcoin wallet from GINcoin's website (official source from the project), before installing the wallet, let's check it with virustotal.com.
First, make sure that you choose the FILE tab before doing the second step.
Second, clicking on the choose button, then add the link to directory where you download and store it.
Lastly, clicking on the scan button, waiting for a while to get results
In the meantime, you will see the following interface
Results:
When the scanning process finished, you will see results like the below image
For GINcoin wallet, detection ratio is 0/69, it means no threat (only for well-known threats, thanks @Velkro) found, and the wallet is safely to install on your devices.

Both of the ways show that GINcoin wallet for windows is safe to download, and install.


It should be better if you do both steps in order:
1) Checking URLs.
If the results from URLs-checking are good, clean, no threat detected, you should continue with the second step.
If If the results from URLs-checking show threats detected, you should stop immediately. There is no reason to continue with the second step or downloading/ installing files from the URLs.
2) Checking files after the URLs-checking results shown no threat detected.

Of course, you can ignore the first step, and jump directly into the second step. It's personal approach, but I would like to do both two steps in order.

3) You should create your free account to have additional functions (for free).

4) You can also download files from Github (published by young age accounts and new born projects), and scan all files before actually think of using them to install on your devices (if they are safely). Please remember to be cautious with newborn projects, and Github published by young-aged accounts (and you don't have proofs of their past projects).
Additionally, there are tips to check Github account's reliabilty first (such as account age, activity, past reputation) before thinking of downloading sources from Github.
https://bitcointalksearch.org/topic/m.50883346


There are some other similar sites


Reference
For more details, guides, and discussion, please get them there
(1) Virustotal.com's documentation
(2) Virustotal.com's community
(3) Just because It’s on GitHub. It doesn’t mean it’s safe>
Pages:
Jump to: