dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



This FAQ is organized into 5 sections:

A. When to use this FAQ.
B. List of free web based anti-virus (AV) scanners.
C. List of free web based multi-engine single file analyzers.
D. Free sandbox analysis tools.
E. List of virus encyclopedias.



A. When to use this FAQ:

If you have an infected or hijacked computer, the full step-by-step instructions for thoroughly cleaning it are here. Following them will bring you back here:
/faq/8428

An anti-virus (AV) package includes an anti-virus scanner (or on-demand scanner) and anti-virus monitor (or real time monitor). This combination works to prevent infections, as well as detecting and curing them.

These web based scanners here do not prevent infections, but they are very useful for second opinions when you are faced with unknown new malware.

If you want something that prevents virus infections, you will need to install an antivirus package. If you want to scan for existing infections, skip to part B.

If you are considering installing an antivirus product:

* Check the VB100% test results at Virus Bulletin. You have to register to look at old test results, but registration is free and they do not spam you. Check the "VB100% Award" "by vendor". Personally I would only consider AVs that have passed six or more VB100% tests in the past 24 months.
www.virusbtn.com

* Check with your ISP. Many ISPs are now offering good quality security suites to home customers for free. The intent is that the cost to the ISP for the security suite will be offset by increased customer satisfaction and decreased support costs, so ISPs try to select effective easy-to-use products. These suites often include an AV, anti-spyware, pop-up blocker and firewall components. You control which components are activated.

* Check out these links (but remember many of us are stuck using an AV we did not freely choose):
/faq/3437
/faq/7728
/faq/3128




B. List of free web based anti-virus scanners:

These free AV scanners detect existing infections and identify and remove the virus (malware) involved.

»www.eset.eu/online-scanner (eset Nod32)
»housecall.trendmicro.com/
»www.pandasoftware.com/products/a···scan.htm
»www.kaspersky.com/virusscanner
»us.mcafee.com/root/mfs/default.asp
»support.f-secure.com/enu/home/ols.shtml
»www3.ca.com/threatinfo/virusinfo/scan.aspx (eTrust)

Your AV and AT vendors cannot reliably protect you from new malware until they receive a copy of it. So click here to submit the suspect file to the anti-virus product makers. Alternatively, submit the file using VirusTotal or Jotti using the links in Part C below.




C. List of free web based multi-engine single file analysers:

These tools are very useful once you have narrowed the problem down to a few files, to confirm what the problem is, and to get the names different AV vendors give it, so you can look it up in different virus encyclopedias.

You pick the file(s) to upload, and the tool runs it through multiple scanners, and tells you what they think it is.

»www.virustotal.com/ (Hispasec lab's multi-engine single file scan and submission service)
»virusscan.jotti.org/ (Jotti's multi-engine single file scan)

(Before deleting malware files, be sure to submit copies of suspect files under any of these circumstances:
- Got onto your system undetected by an up-to-date AV monitor.
- Are not consistently detected by some AV scans.
- Are acting differently from what was described in the AV company's write up.
- The scanner says are generically or heuristically detected (have no specific signature).
- Are heuristically detected, because heuristic methods are prone to false alarms.
- That you have continuing doubts about.
Your AV and AT vendors cannot reliably protect you from new malware until they receive a copy of it. So click here to submit the suspect file to the anti-virus product makers.)


Return to: I think my computer is infected or hijacked: Step 2





D. Free "sandbox" analysis tools:

This tool is useful if Virustotal or Jotti didn't find anything, but you are still suspicious about a file. You pick a file to upload and the tool watches it run on a test (sandbox) system. Then the tool sends a report on what it saw.

»research.sunbelt-software.com/Submit.aspx (Sunbelt Sandbox)
»www.threatexpert.com/submit.aspx (Threat Expert)
»sandbox.norman.no/live_4.html (Norman AV's SandBox analysis tool)

Interpreting the report requires some expertise, so post the sandbox results in the BBR Security Cleanup Forum.

If the sandbox analysis does find something the other tools missed, it will be something very new. You'll have submit the suspect file(s to the AV vendors, and wait for advise on how to disinfect your computer. Click here to submit the suspect file to the anti-virus product makers.

I suggest turning the infected computer off and waiting 3 to 4 hours. Then either check your email for replies from the AV makers, or submit the file to the multi-engine file analysers (in section C above) again.

When you finally have a virus name from an AV maker, consult their virus encyclopedia (in section E below) for cleaning instructions.




E. List of virus encyclopedias:

Because vendors sometimes give the same name to different versions of a virus, the encyclopedia for the AV product that made the detection should be checked first.

The CME list can help in translating one AV vendor's virus name to another AV vendor's virus name:
Common Malware Enumeration List
(The CME list is fairly new and I wouldn't consider it 100% accurate yet.)

Always read the entire description of the virus because often there are one or two manual steps required to remove the virus, beyond running the AV scanner or auxiliary virus removal tool:

»www.avast.com/eng/windows_viruses.html
»www3.ca.com/securityadvisor/viru···ult.aspx (eTrust)
»www.f-prot.com/virusinfo/
»www.f-secure.com/virus-info/
»www.grisoft.com/virbase/virbase.···type=web (AVG)
»www.viruslist.com/eng/viruslist.html (Kaspersky)
»us.mcafee.com/virusInfo/default.asp
»www.mwti.net/virus_info/virus_info.asp (MWAV)
»securityresponse.symantec.com/av···odb.html (Norton)
»www.pandasoftware.com/virus_info/
»www.sophos.com/virusinfo/
»www.trendmicro.com/vinfo/virusencyclo/ (Housecall)

(Before deleting malware files, be sure to submit copies of suspect files under any of these circumstances:
- Got onto your system undetected by an up-to-date AV monitor.
- Are not consistently detected by some AV scans.
- Are acting differently from what was described in the AV company's write up.
- The scanner says are generically or heuristically detected (have no specific signature).
- Are heuristically detected, because heuristic methods are prone to false alarms.
- That you have continuing doubts about.
Your AV and AT vendors cannot reliably protect you from new malware until they receive a copy of it. So click here to submit the suspect file to the anti-virus product makers.)


Return to: I think my computer is infected or hijacked: Step 8


Anti-virus vendor virus removal tools
All BBR Security FAQs
The BBR Security Forum


Recent changes:
2008-07-30 (by CalamityJane): Added eset (Nod32) free online AV scanner and two more Sandbox sites.
2006-05-05 Removed RAV encyclopedia since it is apparently no longer being maintained. Thanks AmySheehan.
2006-02-02 Temporarily removed www.mwti.net/products/mwav/mwav.asp for excessive false positives.
2006-01-16 Added some advise on buying anti-virus products.
2005-11-26 Added link to CME list.
2005-09-18 Removed RAV (bought by MS).
Added Kaspersky.
2005-08-19 Added link to Virus Bulletin.
2005-03-05 Re-formatted to make the sections clearer.

Feedback received on this FAQ entry:
  • This is a GREAT resource, from a source that i trust! However, it doesn't appear to have been updated since 2008. I can tell you that A LOT HAS CHANGED in those five years! Viruses have become a whole new breed of nasty. I know it's a hige undertaking, but it would be great if someone could update this. In particular, I don't find a Virus Encyclopedia entry for MalwreBytes (maybe they don't have one?) Thanks, George

    2013-07-15 14:41:41 (geebee2K See Profile)

  • Online Anti-Malware (File) Scanners: http://www.selectrealsecurity.com/online-file-scan

    2011-10-21 16:31:36



Expand got feedback?

by keith2468 See Profile edited by CalamityJane See Profile
last modified: 2008-07-30 12:17:26