How To Check If A File Is A Virus....Without antivirus :O?!

[digerati]

ok im not really good at explaining things so... have fun understanding!

ok! so you have a exe and you just scanned it with your antivirus and its clean - but you dont trust it still.

heres some options!

beginner options:

scan with multiple antivirus programs! ---->
analyse it with a sandbox! ---->
run it in a virtual machine --->


slightly complicated options:

monitor it with a process monitor --->
(use filters to make it easier to read - like tcp filters and windows operation filters such as "createfile" or "deletefile")

monitor your registry changes ---->

look for rootkits and system changes ----> &



enjoy!

this should do enough for anything you guys should come past, but dont forget theres always more complicated viruses and more complicated ways to find them!

example: the file might have the ability to block each and everything ive posted in this thread. so when any of these things are used on it - nothing will happen....either that or it will circumvent and continue to own you (programs etc wont see that its bad but ohhhhh godddd). this includes the website scanners!

remember: pirated shit is a great source to be ####ed over. so download wisely!

[Grudge]

how will you manage files to be scanned well before downloading them.

is there any source where you can point the file in the internet for scanning.

[porkchops]

I can't help posting the obvious - run a non M$ operating system, like Ubuntu

Works for me, as .exe files (where most nasties hide) are not native to the OS!

[digerati]

I can't help posting the obvious - run a non M$ operating system, like Ubuntu

Works for me, as .exe files (where most nasties hide) are not native to the OS!

lol there are still viruses for nix silly.

and the rootkits are way more complex ^_^

how will you manage files to be scanned well before downloading them.

is there any source where you can point the file in the internet for scanning.

i think there are some sites that offer that

but i see no harm in downloading an executable - as long as you dont open it lol.

[Philquad]

get real
how do you ever install anything on windows without a exe?
virus scanners are a joke
they only detect anything "after you run malwarebytes"
more important thing is
how do you remove them?
a few small lessons on how to remove is much more effective than worrying about getting them
just imho
i fix about 10 pc's a week on average, most have some sort of crap on them that they dont even know
but then, if everyone kne0w th00at, id have no beer?

[Hakko]

I usually run any sus program or keygens through "sandboxie" first. Seems to work well enough for me

[Fernbay]

I recommend Virus Total for online exe file checking

About VirusTotal

VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.

Specs:

* Free, independent service
* Use of multiple antivirus engines
* Real-time automatic updates of virus signatures
* Detailed results from each antivirus engine
* Real time global statistics

PC World Best of the 2007 VirusTotal has been awarded by the American edition of PC World Magazine, one of the 100 best products of year 2007 in the Security Web Site category.

The 100 Best Products of 2007.

For more information or for sending your comments, please write to info@virustotal.com

Credits

VirusTotal is a service developed by Hispasec Sistemas, an independent IT Security laboratory, that uses several command line versions of antivirus engines, updated regularly with official signature files published by their respective developers.

This is a list of the companies that participate in VirusTotal with their antivirus engines.

* AhnLab (V3)
* Antiy Labs (Antiy-AVL)
* Aladdin (eSafe)
* ALWIL (Avast! Antivirus)
* Authentium (Command Antivirus)
* AVG Technologies (AVG)
* Avira (AntiVir)
* Cat Computer Services (Quick Heal)
* ClamAV (ClamAV)
* Comodo (Comodo)
* CA Inc. (Vet)
* Doctor Web, Ltd. (DrWeb)
* Emsi Software GmbH (a-squared)
* Eset Software (ESET NOD32)
* Fortinet (Fortinet)
* FRISK Software (F-Prot)
* F-Secure (F-Secure)
* G DATA Software (GData)
* Hacksoft (The Hacker)
* Hauri (ViRobot)
* Ikarus Software (Ikarus)
* INCA Internet (nProtect)
* K7 Computing (K7AntiVirus)
* Kaspersky Lab (AVP)
* McAfee (VirusScan)
* Microsoft (Malware Protection)
* Norman (Norman Antivirus)
* Panda Security (Panda Platinum)
* PC Tools (PCTools)
* Prevx (Prevx1)
* Rising Antivirus (Rising)
* Secure Computing (SecureWeb)
* BitDefender GmbH (BitDefender)
* Sophos (SAV)
* Sunbelt Software (Antivirus)
* Symantec (Norton Antivirus)
* VirusBlokAda (VBA32)
* Trend Micro (TrendMicro)
* VirusBuster (VirusBuster)

Tools

* PEiD (PEiD)
* pefile (pefile)
* TrID (Marco Pontello)
* PDFiD (Didier Stevens)

Translators:

* Polski: Pawel & Michael
* Cesky: Strongy!
* Deutsch: Moritz Konstantin Meurer
* Magyar: István Csizmazia
* 翻譯: LinHongJun
* Italiano: Mario Dedè
* Português: Daniel Henrique Tsuha
* Svenska: Charlie Krogars
* Français: Gérard Mélone
* Ελληνικά: Alexander Filos
* Nederlands: Croonen Martijn
* Türkçe: Uður BOZDAÐ
* Română: Căruntu Radu
* Русский: Konstantin Potemichev
* Dansk: Peter Ørsted
* Slovenšèina: Sašo Badovinac
* 日本語: Iso-G
* 한국어: JaeHyung Lee 웹둥지넷
* ihMdI: P`aSaaMt kamadar
* Suomi: Jari Rinta-Korkeamäki
* Arabic: بلال محمد عبدالكريم الزيتاوي
* Македонски: Joleh Woo
* Srpski: Rados Kovac

Warning:

VirusTotal is not substitute any antivirus software installed in a PC, as it only scans individual files on demand. It does not offer permanent protection for the user's system either.

Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file.

Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. You may become a victim of misleading advertising, if you buy such a product under those premises.

[digerati]

who doesn't know how to remove a virus/rootkit :S

lol be specific!

[roolette]

Thanks for the extra links. Have always used virustotal only. Nice to know there are other alternatives around.