Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Always use VirusTotal on everyfile. Never trust nobody on the Internet. NEVER


  • Please log in to reply
5 replies to this topic

#1 BurnToast

BurnToast

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 12 August 2016 - 10:18 AM

On this link:
http://www.bleepingcomputer.com/forums/t/586389/computer-infected-with-rootkit/
 
The guy says he use "GMER"
 
But this program is already not clean.
dmyq3bdm_exe_Virus_Total_3_l_54.png
 
So before to use any kind of program, even from big company like IBM, Microsoft, Apple, etc.
ALWAYS SCAN ALL file with VirusTotal.
Well at least the .exe and .com. If not too much files scan too .dll.
 
Was the tip of the day!
:bounce:

Edited by Queen-Evie, 12 August 2016 - 10:33 AM.
moved from Malware Removal Logs to General Security. Not a request for malware removal help.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:24 PM

Posted 12 August 2016 - 10:32 AM

Hi BurnToast :)

GMER is a legitimate Anti-Rootkit tool used by a lot of Malware Removal Experts online. These detections on VirusTotal are most likely what we call "false positive", which occurs when a security company wrongly flag a clean file as malicious. It happens a lot with custom made tools that are used for malware removal, like GMER, RogueKiller, AdwCleaner, JRT, etc. So while your tip is good, there's a lot of situations in which you don't need to scan a file on VirusTotal. Let's say I download the official iTunes setup .exe from Apple, scan it on VirusTotal and it comeback with 1-2 detections, my first thought would be that these are false positives.

Also, the 3 detections above are from "not-so-popular" Antivirus programs, so I wouldn't pay much attention to them :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 12 August 2016 - 01:14 PM

Never trust nobody on the Internet.

It's definitely important to keep one's wits about themself online.

 

 

 

Always use VirusTotal on everyfile

 

 

before to use any kind of program, even from big company like IBM, Microsoft, Apple, etc. ALWAYS SCAN ALL file with VirusTotal.

-REF:http://www.bleepingcomputer.com/forums/t/623201/always-use-virustotal-on-everyfile-never-trust-nobody-on-the-internet-never/#entry4061930

 

VirusTotal is a useful resource for lookups of existing submissions (just search by checksum), but only because of the great volume of presumibly illegal submissions. VirusTotal isn't a replacement for a locally installed antimalware tool, as many of the files you will want to check can't be uploaded without violating VirusTotal's terms of service, and potentially the license of the file you're checking.
 

 

You retain all ownership rights in any submission you may make and you confirm that you are the original owner of any content you submit or that you have the necessary rights and permissions to authorise us to use your content. In particular, you promise that you have obtained the permission of all of the people featured or referred to in the Content (and if they are under 18 their parents or guardians as well) to our use of the Content on the Services. You agree to give us evidence of all such rights and permissions if so requested by us.

When you upload or otherwise submit content, you give VirusTotal (and those we work with) a worldwide, royalty free, irrevocable and transferable licence to use, edit, host, store, reproduce, modify, create derivative works, communicate, publish, publicly perform, publicly display and distribute such content.

-REF[Y2016M8D12]:https://virustotal.com/en/about/terms-of-service/

Basically, VirusTotal wants authors to submit their work, which doesn't happen much because many authors aren't willing to give VirusTotal "and those [VirusTotal works] with" an "irrevocable and transferable licence to use [...] , modify, create derivative works, [...] and distribute" their works. I suspect the reasons that VirusTotal is as popular as it is are that many people either don't read the terms of service, or have no qualm with breaching them.

 

EDIT: To be clear this isn't a shot at your tip. I agree it's important to scan all downloads. I'm justing pointing out that in my opinion VirusTotal isn't the best option to use.


Edited by hollowface, 12 August 2016 - 02:41 PM.


#4 rp88

rp88

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling

Posted 12 August 2016 - 03:49 PM

I wouldn't go so far as to use virustotal on every file I download, but I do use it on every exe file I download, and any other type of executable or somewhat executable file. Not that a file is always dangerous if detected by it, virustotal can have false positives, and as it checks so many databases it often does.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 horsefilms

horsefilms

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mankato, Minnesota
  • Local time:10:24 PM

Posted 15 August 2016 - 06:51 PM

It's never a bad idea. If you have any questions as to the safety of file, throw everything you have at it.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:24 PM

Posted 18 August 2016 - 07:19 PM


Bleeping Computer's hosted programs for download are trustworthy, safe and malware-free. However depending on the product some anti-virus software and other security scanners may flag certain programs as a threat for a variety of reasons when that is not the case. In these instances the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use against malware are written by experts/Security Colleagues at various security forums like Bleeping Computer, TechSupport, GeeksToGo, Emsisoft and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools (or their embedded files) are falsely detected by various anti-virus programs from time to time. This in turn sometimes results in an inaccurate site rating/warning of potentially dangerous software when that is not the case.

The problem is really with the anti-virus vendors who keep targeting these programs for various reasons and NOT with the tools themselves.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users