pic
news
CORPORATE:
Connect with Mihu
CONTACT Mihu:
phone848-6297-0051
848-6297-0050

Is It Really a Virus? Get a Second Opinion

Where to go to double-check a virus warning.

Even if your antivirus application says that a file your kid just downloaded is okay, you may still feel leery. Or maybe your antivirus program wants to delete or quarantine a file on your PC, but you're pretty sure that the file's harmless. What do you do?

I head to two free online services for a broader analysis. The first, Virustotal (http://virustotal.com/), has been around for some time. It uses 32 different antivirus engines from a range of companies, including Symantec, McAfee, and Kaspersky, to scan any file you upload.

Click on the 'browse' button at the top of the page to find the file on your PC. Then, sometimes after a short delay, you'll see what each engine thought of the file you uploaded--in the form of a bluish 'no virus found' or a red message with either a generic warning like "suspicious Trojan/Worm" or the name of specific malware like "Warezov."

Sometimes there will be a range of responses. Some engines might think everything is hunky-dory, while others might insist that your file is dangerous--which is a great example of why you'd want a second opinion in the first place.

Most of the time you can go with the consensus view, particularly when only a few engines give generic warnings. Those vague warnings typically come from heuristic technology, which tries to identify unknown malware without full signatures. The technology is useful, but it can raise false alarms.

For even more-exhaustive in-depth analysis, go to Threat Expert (http://www.pctools.com/threat-expert/). Click 'Submit Sample', and you'll be prompted to upload a file (up to 5MB). Threat Expert analyzes your submission and e-mails you a report. You'll see results from numerous antivirus engines, but the report will also list other details, including whether the sample tries to delete any of your files or directories, change the hosts file, or create Registry keys. Also, you can see what the tested file tried to download from other places when it ran.