Many times we receive an email containing some attachments which look suspicious. You might have come across some unknown files in your USB pen drive. Such files gets created automatically when transfer data to/from your USB drive at public places colleges, cyber cafes, etc.
Having a good and updated antivirus program running on your PC is nice but its not wise to play with suspicious files, particularly when your system have important data. In such situations you can use an online service – VirusTotal.
About VirusTotal
Virustotal is a free and independent service that analyzes suspicious files and try to detect viruses, worms, trojans, and all kinds of malware detected by other antivirus engines. They use multiple antivirus engines (36 at the time of writing this post) to scan submitted files.
Four Ways To Use VirusTotal
#1. Online Uploader
This is what you will see on their homepage. A simple file upload form. Good options to use with suspicious files on your hard-drive or USB.
Just select a file and hit upload. Your file will be sent to their server for analysis.
If submitted file is large you will see upload progress bar as well.
Once file is uploaded, you will be redirected to analysis report page for that file. Here is an example report page.
Scanning and reporting happens instantly in most cases! Reason will be explained shortly. 😉
#2. Email Files As Attachment
You can use send files as email attachment to their email address: [email protected]. Write word “SCAN” (without quotes) in email subject line and keep body part of your email blank.
This is good option to use with email attachments you receive online. Just forward your email to [email protected]. Do not forget to edit subject line to “SCAN” and remove body-part completely. It will be foolish to download suspicious files to your PC and then upload again them to VirusTotal using way #1.
Only limitation of this way is you can not send files larger than 20MB.
#3. VirusTotal Uploader Tool (for windows only)
This is small utility, just 80KB in size, available for windows only.
After installing this, you can directly submit any file to VirusTotal using context-menu as shown below.
#4. Hash Search (Geeks way!)
I mentioned above that in most cases, scanning and reporting happens instantly. This is because file you are submitting might be submitted already in past by someone else.
VirusTotal computes checksum values for each submitted file using MD5, SHA-1, SHA-256 and SHA-512 functions. These checksum values are unique for each file. So when you submit a file, VirusTotal first compute checksum for it. For common files, these hash values will likely match with another hash values from database. In that case, you will be redirected to results page directly.
Now if you have large file, you can save your time by computing hash locally using MD5 or openssl command on Linux/Mac. For Windows there must be some software to compute MD5/SHA hash values. Just google it.
Snytax: $ MD5 <filename>
Once you get hash value, copy it, just go to this page, paste it there and hit search!
If you do not find any result, then that only means, file you are having is never submitted for analysis in past. In this case, just try any of above method.
Links: VirusTotal | VirusTotal Uploader | Hash Search
6 Comments
hey dude, ur website is really good and am a regular reader, but since past 4-5 months plz do something about your hosting coz sometimes its down or it doesnt load properly…since past 2 days m getting this view – http://i44.tinypic.com/309kbpx.jpg
@Pratik
Looking at pic, it seems CSS is not loaded.
Please try clearing cache or using another browser. If problem persist, please let me know.
We moved to new hosting server. Uptime is better now. I acknowledge that we need to improve further and I am trying hard to make site faster as well as accessible as much time as possible.
Thanks for your feedback buddy.
@Alok
Which part did you find slow? If you know how to compute MD5 hash, its faster than using antivirus on your machine for large files speciall zip archives and ISOs.
very slow process.
@ Pratik.
I have started visiting devilsworkshop.org from quite sometime and have not faced any problem.
If you are using slow speed internet then sometimes css files do not load.
You can also check the hash from the context menu using VT Hash Check from http://www.boredomsoft.org/index.php?page=VT+Hash+Check
awesome article, thanks