Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Total credibility


  • Please log in to reply
13 replies to this topic

#1 bluenite38

bluenite38

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 16 July 2013 - 12:49 AM

Sorry for the maybe stupid question:

how can "trust" online at Virus Total scanner? Detects Trojan in a file in 27cases of 47...? Among them ESET NOD32. It is already fairly large percentage probability. However, the same antivirus on my PC with the current database does not detect anything. I then tried other scanners in pc (AVG, Avast, IObit), also with no positive response. How can it understand? VT works differently? btw I think VT as one of the best services on the net, so I'm interested.
Does anyone have a similar experience?
Peter

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:55 AM

Posted 16 July 2013 - 01:37 AM

Hello -

VirusTotal is a website that provides free checking of files for viruses. It uses over 40 different antivirus products and scan engines to check for viruses that the user's own antivirus solution may have missed, or to verify against any false positives.
Anti-virus software vendors can receive copies of files that were flagged by other scans but passed by their own engine, to help improve their software and, by extension, VirusTotal's own capability. Users can also scan suspect URLs and search through the VirusTotal dataset.

 

To shorten that reply, VirusTotal provides no results of its own. The results are given by Independent Antivirus and Antimalware companies only.

Did you post a File or a URL to have processed by the website ?

Can I please ask how many Antivirus / Antimalware programs you have installed ?

 

Thank You -



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:55 PM

Posted 16 July 2013 - 09:01 AM

VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners...VirusTotal...a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect...Very often antivirus solutions and URL scanners will produce false positives...VirusTotal simply acts as an information aggregator and cannot and will not be held responsible for these false positives. VirusTotal will not whitelist any files or URLs and will not remove any detections resulting from the normal operation of the products it makes use off. False positives should be dealt with the developer/company that offers the product generating the erroneous detection.....

About VirusTotal
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:55 PM

Posted 16 July 2013 - 09:21 AM

I forgot to mention that if an anti-virus vendor that you use is also on the VIrusTotal list and the scan results appear to show discrepancies with your own scan results, these could be the result of different database defintions. One may be more current than the other.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 PM

Posted 16 July 2013 - 03:35 PM

Can you post the link to result for the file you submitted to VirusTotal?

 

VirusTotal works with command-line versions of the AV programs it uses. A command-line version is different from the version that is installed on your PC.

And each vendor can decide how to configure their engine on VirusTotal, and that config can be different from your config.

For example, a vendor could decide to enable heuristic on VT, while by default, they do not enable it on their home version you use.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 PM

Posted 16 July 2013 - 03:37 PM

Forgot to add: 5 years ago, I interviewed Julio Canto from VirusTotal:

http://blog.didierstevens.com/2008/04/21/only-x-out-of-32-antivirus-products-detect-this/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:55 PM

Posted 16 July 2013 - 06:03 PM

Great interview Didier.

Learned some details I was not familiar with.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 bluenite38

bluenite38
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 17 July 2013 - 11:06 AM

Can you post the link to result for the file you submitted to VirusTotal?

well Didier, thank you very much for your willingness, but I don't know if it is appropriate to bother with things like that... it is one keygen of a program that I want to try the full version before buying it. Normally do not let crack programs in my machine, this is an exception. Nothing happens, delete it. The problem was only in comparison to the online version of antivirus scanners vs. what I've got on the PC - it didn't caught a threat (ESET NOD32). That's why I thought it was weird. Perhaps it will also set the sensitivity, heuristics, etc.

thx Peter



#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 PM

Posted 17 July 2013 - 02:36 PM

Great interview Didier.

Learned some details I was not familiar with.

 

Cool quietman7. But keep in mind that the interview is 5 years old, some things might have changed, especially now that Google owns VT.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 PM

Posted 17 July 2013 - 02:37 PM

 

Can you post the link to result for the file you submitted to VirusTotal?

well Didier, thank you very much for your willingness, but I don't know if it is appropriate to bother with things like that... it is one keygen of a program that I want to try the full version before buying it. Normally do not let crack programs in my machine, this is an exception. Nothing happens, delete it. The problem was only in comparison to the online version of antivirus scanners vs. what I've got on the PC - it didn't caught a threat (ESET NOD32). That's why I thought it was weird. Perhaps it will also set the sensitivity, heuristics, etc.

thx Peter

 

 

Well, then there is no doubt, most keygens are trojaned with malware :-)


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:55 PM

Posted 17 July 2013 - 02:40 PM

The practice of using torrents, cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.
 

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

TrendMicro Warning


...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV


...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study


...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware


...a staggering 59% of the key generators and crack tools downloaded from P2P networks represent a security liability since they contain malicious and unwanted code. "25% of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious software or potentially unwanted software. A significant number of these Web sites attempted to install malicious or unwanted code...In addition to the peer-to-peer networks, 11% of the key generators and crack tools downloaded from Web sites were also plagued by malicious and unwanted software.

Microsoft Reveals the Risks of Using Pirated XP and Office
Whatever You Do, Do Not Download Windows 7 Via Torrent Sites

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:55 AM

Posted 17 July 2013 - 05:22 PM

The problem was only in comparison to the online version of antivirus scanners vs. what I've got on the PC

Can I please ask what Avtivirus and Antimalware program(s) that you do have installed ?

 

Thank You -



#13 bluenite38

bluenite38
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 18 July 2013 - 11:43 AM

 

The problem was only in comparison to the online version of antivirus scanners vs. what I've got on the PC

Can I please ask what Avtivirus and Antimalware program(s) that you do have installed ?

 

Thank You -

 

as I told before - eset nod32 v6

and offline antimalware malwarebytes v1.75



#14 slgrieb

slgrieb

  • Members
  • 270 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas Panhandle
  • Local time:03:55 PM

Posted 18 July 2013 - 10:47 PM

I don't think you can do better than NOD32. That's what I run and usually sell. Kaspersky is a close second, but I don't think the protection is really any better, and I don't like the performance hit. All the same, upgrading from the free version of MBAM to MBAM Pro is one of the best security investments you can make.

Edited by slgrieb, 18 July 2013 - 10:50 PM.

Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is... 
WIFFLEBALL!

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users