virustotal I don't know if you saw that in my article about the GiPo@FileUtilities, some readers noted that Symantec Endpoint triggered an alarm when they installed the tool. AVG Anti-Virus, the AV software I use at the moment, had no complaints though. Thus I was uncertain if this was just a false-positive. Most anti-virus tools use heuristics to detect viruses for which there are no signatures yet available. Many viruses share specific characteristics which can be detected with rules-of-thumb.

Latest posts by Michael Pietroforte (see all)

One reader uploaded GiPo@FileUtilities to Virustotal to clarify things. I must admit I didn't know about this useful free service, so perhaps you don't know about it either. Virustotal uses 38 different malware scan engines to analyze the files you send them. There are many well-known brands among these such as Trend Micro, Symantec, F-Secure, or Sophos.

Virustotal only requires a few seconds to analyze a suspicious file. It then presents a list of the outputs of each scan engine. I was somewhat surprised that 50% of the antivirus tools identified a Trojan inside the GiPo@FileUtilities installation file. They don't all detect the same Trojan, although at least they use different names. It is possible that a virus tool kit was used to compile the setup file.

On the other hand, the GiPo@FileUtilities perform file system manipulations that are typical for malware. Hence, I was still not convinced that this was not a false positive. In the same article Petr mentioned that the antivirus software vendor EST identified it as a false positive, even though Virustotal reports that their scan engine NOD32 also classified GiPo@FileUtilities as suspicious.

This just reaffirms my view that heuristics in antivirus software are quite unreliable. Therefore, I recommend using the Virustotal service if your AV software detected a virus in your network using its heuristics algorithms. However, this case demonstrates that even if several different scan engines claim to have detected a virus, you can't be really sure. If you are uncertain if your network really has been infected, you should send the suspicious files to your antivirus software vendor.

Subscribe to 4sysops newsletter!

Virustotal ^

5 Comments
  1. Amandi 13 years ago

    Hi!

    On the Network is much more web service like Virustotal, e.g. virusscan.jotti.org or virscan.org.

    P.s. Best regards from Poland. Your's site is very helpful for me (and I suppose not only for me...). 🙂

  2. Amandi, thanks for the tips and greetings to Poland. 🙂

  3. Renjith 13 years ago

    We were regularly using this site while we troubleshoot the virus related issues. This was very helpfull when the antivirus were not detecting it even after scanning it we were able to find a fake files. Sometimes there are fake files for svchost.exe

  4. William 13 years ago

    better yet, if your file is rather large and would take a long time to upload, you can do a md5 of it then search against the md5 hash in virustotal. Chances are someone else has uploaded the same file before.

  5. William, thanks. This is indeed useful.

    Renjith, yeah svchost.exe makes it is often difficult to find the real culprit.

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account