Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

anyone knows about ThreatExpert.com ?


  • Please log in to reply
15 replies to this topic

#1 seraphin

seraphin

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 30 December 2014 - 11:45 PM

I came across the Symantec forum that discussed two websites, Virustotal.com and ThreatExpert.com, which scan uploaded files for viruses. Virustotal.com was discussed on Bleepingcomputer and several people "confirmed" it's legit. But I could not find any discussion about ThreatExpert.com. Could any expert on this forum help verify the site?

I wanted to submit a file to ThreatExpert.com for scan but my file was ~ 8 Mb, which is bigger than the 5 Mb limit. (file seems clean from Virustotal.com scan) ThreatExpert says users can also download an submission applet to submit a sample. Not sure if this would allow a 8 Mb file to be scanned but also, no idea what the applet would do to my computer. Any suggestion? Great many thanks



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,937 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 31 December 2014 - 12:26 AM

After a fairly lengthy perusal of their site, I would hazard a reasonably educated guess that they are legitimate.

 

Note that the submission applet is designed to work on Operating System:Windows® Vista™ 32/64-bit, XP and 2000., and still has a 5MB limit

 

Given that malware etc files are usually quite small......why is your file 8 MB ??

 

Can you split it, and submit two files..?


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:07 AM

Posted 31 December 2014 - 09:56 AM

ThreatExpert.com is a legitimate malware analysis site which has been around for years.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:07 AM

Posted 31 December 2014 - 10:06 AM

BTW...there are other alternatives which can deal with larger file sizes...Comprehensive list of Online Malware Scanners with maximum file size limit
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rp88

rp88

  • Members
  • 3,014 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:07 AM

Posted 02 January 2015 - 11:05 AM

"Given that malware etc files are usually quite small......why is your file 8 MB ??"
Plenty of exe files used to install legitimate programs are in the megabytes, some of them in the hundreds of megabytes. Malware authors trying to hide files in some sort of bundling with another program, or just trying to make it hardder for people to scan them will sometimes make big files with a lot more in them than is needed for the actual instructions they follow.


I have heard of threatexpert but i can't remember much about them. I think i might have once or twice used a feature on it to get a look at the reputations of web pages before i visited them.

Edited by rp88, 02 January 2015 - 11:05 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:07 AM

Posted 02 January 2015 - 03:24 PM

ThreatExpert has the following Tools:

Free Online File Scanner...If you have a suspicious file, please submit it online by using the form below. Once the file is submitted, ThreatExpert will scan it and report back its findings.

Online Side-Effect Scanner...If you are observing some characteristics (side-effects), such as suspicious filenames, registry keys, CLSIDs, URLs please use the form below to submit them to ThreatExpert. Once submitted, ThreatExpert will check if it is aware of any threats that are known to be associated with those side-effects.

Submission Applet...a stand-alone tool that provides you with an quick easy way to submit your samples to ThreatExpert. The submission applet produces reports identical to the alternative online submission but instead of requiring you to upload the sample through a browser, you can upload samples using a Windows application.

Memory Scanner (TEMS)...a prototype product that provides a "post-mortem" diagnostic to detect a range of high-profile threats that may be active in different regions of a computer’s memory. This tool is designed to assist in answering a common question asked by many customers whose systems have been infected by a threat: "Is my system still infected?"


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 09 January 2015 - 09:57 AM

BTW...there are other alternatives which can deal with larger file sizes...Comprehensive list of Online Malware Scanners with maximum file size limit


Is there any updated list of these or is this one the most up to date you know? There's the new hybrid-analysis.com, by Payload Security that have been online for around 2-3 weeks now. The popular malwr.com and also VirusTotal raised the maximum size file to 128Mbs I think. Maybe I should create an updated one.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:07 AM

Posted 09 January 2015 - 10:27 AM

It's probably the most up to date listing provided in one place other than my personal notes.

Most online Malware Scanners have a maximum file size limit. If the file requiring analysis is too large, you can use MetaScan which allows up to 140 MB or download and use herdProtect Anti-Malware Scanner
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 13 January 2015 - 08:15 AM

It's probably the most up to date listing provided in one place other than my personal notes.

Most online Malware Scanners have a maximum file size limit. If the file requiring analysis is too large, you can use MetaScan which allows up to 140 MB or download and use herdProtect Anti-Malware Scanner


I forgot to ask you in regard to your last reply, what is your opinion of herdProtect? I understand that it can be efficient here to obtain the analysis of many Antivirus companies on a single file, but as an Antimalware that someone would use in real situation, when his system is infected, do you think that herdProtect is efficient? My worry is that there can be many false positive and if you have a slow connection speed, a scan can be really lenghty.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:07 AM

Posted 13 January 2015 - 09:50 AM

It utilizes 68 anti-malware scanners so there is always a chance for a FP. Last I checked Virustotal utilizes 52 scanners and Jotti utilizes 23. All scanners can report FP's which is why you should always check additional resources for second opinions.

Speed will be much quicker than using an online scan to check an entire drive vs a single file.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 13 January 2015 - 09:55 AM

It utilizes 68 anti-malware scanners so there is always a chance for a FP. Last I checked Virustotal utilizes 52 scanners and Jotti utilizes 23. All scanners can report FP's which is why you should always check additional resources for second opinions.

Speed will be much quicker than using an online scan to check an entire drive vs a single file.


That makes sense. I'm just a bit hesitant of using it seriously, since it's been in beta for over a year now and due to the concept it's using, there can be flaws in it. I plan on waiting until an official, stable release before using it. However, I could install it on a test VM I have (where I do simple malware analysis) and use it to upload the files I have to check. Yup, I'm doing that tonight, thank you for your input! :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:07 AM

Posted 13 January 2015 - 10:01 AM

I don't normally recommend betas but this is only a scanning engine so I see no harm using it as long as you follow up with getting another opinion.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 13 January 2015 - 10:03 AM

I don't normally recommend betas but this is only a scanning engine so I see no harm using it as long as you follow up with getting another opinion.


Yes I'll only be using it to get scan results from the various Antivirus vendor on file(s), not to actually proceed to a clean-up of a system. Not until it gets out of beta and has been tested by trusted experts of the community (such as you).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:07 AM

Posted 13 January 2015 - 10:49 AM

The first version of herdProtect is a simple one-off scanner (scan and remove malware).

Thus far, I cannot find any specific info in regards to how removal will work.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 13 January 2015 - 10:57 AM

The first version of herdProtect is a simple one-off scanner (scan and remove malware).

Thus far, I cannot find any specific info in regards to how removal will work.


I'll test it tonight in a VM and I can let you know if needed. It looks like it works like ESET Online Scanner. Automated scan and quarantine of detected threat in a quarantine folder.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users