You do a routine scan and it finds a file and your scanner offers to quarantine it. You know that file has been there for a year and it seems likely that this is a false positive, but of course you can't be sure. You need some second opinions. In short, you want to submit the file to the Jotti multiple online scanner at:
and to the similar one at Virustotal:
Now, how do you go about this? If you let your scanner quarantine the file, and then submit the quarantined file, the online scanners won't recognise it as infected even if it was, because of the encoding that goes on in the quarantine process. So the only way to upload the file is to instruct your scanner to ignore the detection (while your heart pounds a little faster), and then upload the file from its original location.
But there's an additional complication, which I've experienced myself using AVG. When I tried to upload the suspect file, the AVG resident shield kicked in and blocked the upload - so the only way to accomplish the upload was to deactivate the resident shield! And it did, after all turn out to be a false positive - but of course I couldn't be sure of that at the crucial decision-making stage, so this was all quite tricky stuff.
What do others do, in this situation? What procedure do you use to submit a suspected file (which has generated an alert) to the online scanners?
Edited by Alan D, 09 August 2007 - 03:17 AM.