Not all malware / virus scanners are the same—that’s for sure. Each will pick up on different viruses and malware depending on a whole host of factors. So how can you be sure that your anti-virus program has given you an accurate analysis of the suspicious file you’ve just scanned and determined to be “clean”?
Here’s an example of what I mean.
I use NOD32 on my laptop. The latest definitions are installed.
Today I scanned a file I knew was infected with malware. NOD32 said it was clean. I though, “Hmmm… that’s odd”.
I took the file to an online scanner that runs it through 15 different scan systems. It came up as infected on 7 of them, and clean on the remaining 8.
The moral of the story? Each scanner is only as good as the definitions being feed into it, and different scanners are updated with new definitions at different times and rates. Therefore, if you have a file that you know may be infected (such as any executable you download from the internet from anything other than the most reputable websites) don’t rely on your malware scanner if it says “File clean”.
The best site I know of for online scanning of individual files is located at http://virusscan.jotti.org/
My results were as follows:
Online malware scan
File: earth_keygen.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database) MD5 9c7bfe25c63ddb4a2bdc61c5b8175263 Packers detected:Scanner results
AntiVir Found Trojan/Drop.Microjoin.BX
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Dropper.Generic.FTB
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.Mezzia
F-Prot Antivirus Found nothing
Fortinet Found W32/Agent.APH!tr
Kaspersky Anti-Virus Found Trojan-Dropper.Win32.Microjoin.bx
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found Trojan.DR.Microjoin.BI
VBA32 Found Trojan-Dropper.Win32.Microjoin.bx
0 Responses to “Online Malware / Virus Scan”