Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Screening" a file for viruses?


  • Please log in to reply
7 replies to this topic

#1 Lishy

Lishy

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 18 March 2012 - 05:11 AM

Hey. Is there a way to screen files I download for viruses, before I actually finish downloading them? .Rar and .Zip files included?

I was thinking of using Linux to download and scan files before putting them on my windows folders, but what exactly are my options here to screen files before downloading them?

Awhile ago, I had a really weird trojan which didn't really have any effects or anything, but in my temp folder there was a copy of the rar with what SAS picked up as a trojan (While MBAM and Avast never picked up anything.) and SAS couldn't remove it until I manually put it into the recycle bin and deleted it (And SAS didn't pick it up again in Complete scans after deleting it)

It was really weird and hard to describe, and might as well been a false alarm since I didn't notice any effects on my computer (But it didn't pick up the trojan in the directory of the files of the rar itself???)

However, for future reference, I would like to screen files before I download them, particularly with SAS.

Anyways, what advice do you have?

Edited by Lishy, 18 March 2012 - 05:12 AM.


BC AdBot (Login to Remove)

 


#2 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 18 March 2012 - 06:20 AM

If you use Firefox, then all downloads are automatically scanned during download. See: Firefox Advanced Security

#3 Lishy

Lishy
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  

Posted 18 March 2012 - 07:53 AM

Well I used Firefox before when I got the trojan (that is, whether or not the trojan back then was a false alarm by SAS since I had no popups or anything..)

So *shrug*

Any other methods?

#4 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 18 March 2012 - 09:59 AM

It could be a false positive. You might want to submit it to SAS. A while back SAS detected the same trojan repeatedly on my system. It seemed fishy to me. After submitting it to SAS, they admitted a false positive due to an error on their end. Then they fixed the problem. SAS wants to know about this sort of thing.

#5 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 18 March 2012 - 10:00 AM

Well I used Firefox before when I got the trojan (that is, whether or not the trojan back then was a false alarm by SAS since I had no popups or anything..)

So *shrug*

Any other methods?

I'll just clarify that for you. Firefox uses the AV you have installed to scan files. On the occasion that you picked up a trojan, the AV may not have had a DAT installed which could detect it.

You could install a Firefox add-on called Dr. Web Linkchecker which you can use to scan links before you visit them.

Otherwise, all you can do is to keep in touch with the latest security issues so that you can take preventative action. This is a very good site for that kind of info: http://www.h-online.com/

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 PM

Posted 18 March 2012 - 10:29 AM

Take a look at VirusTotal's Firefox plugin https://www.virustotal.com/documentation/browser-extensions/

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 18 March 2012 - 11:00 AM

If you're going to use the scanner Didier Stevens suggested and you have Firefox configured to automatically open PDF files, you'll need to change the settings in Tools | Options | Applications to "Always Ask" so that they can be submitted to VirusTotal first.

#8 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything

Posted 18 March 2012 - 11:17 AM

Take a look at VirusTotal's Firefox plugin https://www.virustotal.com/documentation/browser-extensions/


Thank you, Didier. This is precisely what I've been looking for. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users