Tech Support Guy banner
Status
Not open for further replies.

How Do You Know If Your Download Really Has a Virus?

3K views 26 replies 11 participants last post by  antech 
#1 ·
#3 ·
It would be easier to download to desktop and right click and have your own virus, malware program check file.
I have Malwarebytes or Kaspersky or both checking downloaded files first, before installing anything from anywhere.
I am not sure if I like the reference, it sure shows a lot of languages on top. How trustworthy is that link? Have you tried them Tom? Who is behind it? (yes, I am paranoid about unknown places)
Also if one is on dialup, that would take forever to check files downloaded, resent, check what they say, etc.
 
#7 ·
The Virus Total Uploader sure makes it is

Mutli-Engine Virus Scanners
http://virusscan.jotti.org/en
http://www.virustotal.com/
http://virscan.org/
http://www.viruschief.com
http://scanner.virus.org/

Single-English Virus Scanners
http://www.kaspersky.com/scanforvirus
http://onlinescan.avast.com/
http://www.gietl.com/test-clamav/
http://www.fortiguard.com/antivirus/virus_scanner.html
http://www.eset.com/online-scanner

And I bet there are others.

Note that on the Mutli-Engine Virus Scanners you should look at the date on the defs because the sites are great but one site may be update faster then another.
 
#10 ·
Norton and Kaspersky offer some excellent virus download protections
What antech said is spot-on and is what very good AVs do! They are "stop at the gate" protective! Since i first ran a WOT test on the site initially provided in this thread, there was no need for the KAS. to intervene! Right-clicking on a file,folder or site seems to become as regular as the left clicks! Ahem, i don't about Norton!:rolleyes:
 
#12 ·
In fact, if I were writing malware, all of these sites would be great places to test my code. Since the idea is obvious, I can't see how anyone could doubt that this is probably S.O.P. for many crooks. Here's a blog about Google's research on the subject.

A couple of notable findings from the Google report:

"Google’s automated system scanned each potentially malicious page in real time using a number of licensed anti-virus engines, and all of the files were rescanned again at the end of the study. Beginning in June 2009, Google charted a massive increase in the number of unique fake anti-virus installer programs, a spike that Google security experts posit was a bid to overwhelm the ability of legitimate anti-virus programs to detect the programs. Indeed, the company discovered that during that time frame, the number of unique installer programs increased from an average of 300 to 1,462 per day, causing the detection rate to plummet to below 20 percent." and

"In addition, Google determined that the average lifetime of sites that redirect users to Web pages that try to install scareware decreased over time, with the median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010."

And this quote from Niels Provos, principal software engineer for Google’s infrastructure group: “It turns out that the closer you get to now, the commercial anti-virus programs were doing a much worse job at detecting pages that were hosting fake anti-virus payloads.”
 
#13 ·
In fact, if I were writing malware, all of these sites would be great places to test my code. Since the idea is obvious, I can't see how anyone could doubt that this is probably S.O.P. for many crooks. Here's a blog about Google's research on the subject.

A couple of notable findings from the Google report:

"Google’s automated system scanned each potentially malicious page in real time using a number of licensed anti-virus engines, and all of the files were rescanned again at the end of the study. Beginning in June 2009, Google charted a massive increase in the number of unique fake anti-virus installer programs, a spike that Google security experts posit was a bid to overwhelm the ability of legitimate anti-virus programs to detect the programs. Indeed, the company discovered that during that time frame, the number of unique installer programs increased from an average of 300 to 1,462 per day, causing the detection rate to plummet to below 20 percent." and

"In addition, Google determined that the average lifetime of sites that redirect users to Web pages that try to install scareware decreased over time, with the median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010."

And this quote from Niels Provos, principal software engineer for Google’s infrastructure group: “It turns out that the closer you get to now, the commercial anti-virus programs were doing a much worse job at detecting pages that were hosting fake anti-virus payloads.”
An intresting story!
Thanks for sharing the info
 
#14 ·
Dear Snagglegaster,
It is an uphill task to prevent and prove that one's PC is virus-free indeed!

10 virus symptoms

  1. Programs take longer to load. Memory-intensive operations take a lot of time to start.
  2. A change in dates against the filenames in the directory. When the virus modifies a file the operating system changes the date stamp.
  3. The floppy disk or hard disk is suddenly accessed without logical reason.
  4. Increased use of disk space and growth in file size-the virus attaches itself to many files.
  5. Abnormal write-protect errors. The virus trying to write to a protected disk.
  6. Strange characters appear in the directory listing of filenames.
  7. Strange messages like "Type Happy Birthday Joshi" (Joshi Virus) or "Driver Memory Error" (kak.worm) appear on the screen and in documents.
  8. Strange graphic displays such as falling letters or a bouncing ball appear on screen.
  9. Programs may hang the computer or not work at all.
  10. Junk characters overwrite text in document or data fileshttp://www.boloji.com/computing/security/016.htm
 
#16 ·
This is exactly the problem when we have to decide whether to go for a free AV software or a real SmartyPants like ESET,KIS,etc! The"stop at the gate" however it is rated is a plus in the paid versions. In the AV Comparatives Study, last done in Nov' 2009 there was no mention of AVIRA (free) because it submitted it's premium version and scored very high points. Comodo did not even submit OR it was rejected, because the AV C, folks have set the bar quite high!

As far as i am concerned, KIS 2009 and KIS 2010 have done a commendable job both via AV function, Firewall function(needs a few tweaks for personalization) . Snagglegaster made a point that malicious software may be uploaded via seemingly high-value utility downloads. I would make a (coarse!) and a common sense point to buy a boxed version of what you want(if available). KIs ,i have always bought the 3-licensed boxed version .When KIs suspects a incoming infection, it springs to action, all red and simply blocks, no permission nothing! That's pro-active for you! But opinions differ! Truth is truth!
 
#17 ·
Add BSOD's to the list ,Perfume.
Dear antech,
That's the silver bullet that tells you, that your PC is finis! Now that the days of BSOD seems passe', as Win.7 is slowly but surely making forays and the Blue is replaced by Black (so soon!)!

Have you read the front page article by Mumbodog about "Gophers"? Worth a read.
 
#19 ·
But still some user report BSOD's in 7 Perfume!
Causes are some trojans and spyware
Dear antech,
You don't understand! That's exactly what worries me! There were so many Test Releases and parties, yes you read right, parties to intro' and promo' the Win 7! Win 7 kits were given free to the select few! Windows did make tremendous efforts to plug the holes and as some one said" all the greatest tecchies are not with Windows". To poke fun is easy, but let us ackn. the efforts put in by the MS guys. It's like perform or perish! Still, when crashes occur, the first thing to eliminate is the human factor and then look again carefully under the hood! Wasn't a security pack leaked out?
 
#21 ·
Dear tomdkat,
I have re-read your link and what i said as a response to that question of yours! Avira's Database must have been larger and more up-to date than AVG. I can't see any hidden reason except that.
I had the occasion to choose a free AV when my KIS2010 shipment was in transit. I chose AVIRA Antivir(free) without a blink of the eye! Avast(free) is real top-notch. IMO, AVG is travelling south. Recently i had the luxury of sending a seemingly "virus" to VirusTotal, and only one of the AVs reported positive. So,what do you do, especially if its a registry item! I took a once-in- a- lifetime chance and used Ccleaner's registry cleaner(please don't do it-i was lucky to get away)to mop up things and after reboot all was well! Freaky things ,these occurances!:rolleyes::rolleyes:
PS: Machines are alive!
 
#23 ·
Dear antech,
How frequently do you defrag your drives? what software do you choose to use? When i was an infant here, i started off with, Auslogics, migratred to Piriform's Defraggler, then switched to JK defrag. Do you know what,i won a Win.Utilities Pro and the defrag function in it is so good, it was amazing! For old times sake ,i keep and update Defraggler and i will show you a snap of the C Drive defrag pic. I have mentioned all this because a defrag tool is missing in your signature list!:)

PS:See the snaps below! Defraggler is the next to best!
 

Attachments

#26 ·
Avira's Database must have been larger and more up-to date than AVG. I can't see any hidden reason except that.
I don't know if AntiVir's database is larger than AVG's and if it is, how much larger it is. The thing is, the size of AntiVir's database isn't as much of a factor as much as the contents of that database. Based on comments in my other thread, here are some things to take into consideration:
  • AVG 8.5, NOD32, Avast!. and Kaspersky did NOT detect any kind of infection. (One of The screenshots show the product and database versions)
  • About half or so of the anti-virus apps testing the file I uploaded detected something while the other half didn't
  • AntiVir is known for having a high false positive detection rate
  • Both the VirusTotal and Jotti scanning services are NOT designed to be definitive with their results.
So, based on the reputations of NOD32, Avast!, and Kaspersky I'm inclined to think AntiVir detected a false positive, especially since the AVG techs were able to analyze a specific file for signs of infection.

However, factoring the other points I mentioned above and in my other thread, I'm not really sure what to think. :) LOL Byteman did a great job of addressing my question/concern in my other thread. :)

I raise my past experience in this thread since it directly challenges whether or not we can really "know" if a given file is infected but can certainly trust that it is if the tool(s) of choice we trust indicate that it is.

Peace...
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top