Finding a second opinion: Using free Web-based AV scanning resources

It happens to me two or three times each week: Friends, colleagues or random people from the Internet send me e-mail describing strange system behavior, wondering if they are infected with a virus or worm despite the fact that their AV tool doesn't report any suspicious files. Sometimes, the woeful request even includes a file attachment such as a wayward .exe, .dll, .pif, .scr, or some other concoction that the potential victim thinks might be the malware itself.

Users can receive these suspect files in a variety of ways: via shifty-looking e-mail or from their browser suddenly downloading a file. Sometimes programs mysteriously appear in the file system, possibly placed there through over-permissive file sharing mechanisms or a vulnerability exploited by a worm. Ultimately, these e-mail requests almost always end with one of two questions: "So, is my system infected?" or "So, is this file really malicious?"

Luckily, there are a variety of free resources on the Internet you can use to scan your entire system for infection or to analyze an individual file to see if it is malicious. These services augment your existing antivirus tools, but do not replace them. If your own antivirus tool gives your system or a file a clean bill of health, you can turn to these services to get a second opinion, just as you might check with another doctor if your own health were on the line. And, best of all, these free scanning mechanisms do not require you to install any software in advance.

Several antivirus companies offer free Web-based services you can use to scan your entire system for infection. Since they scan an entire machine for viruses and worms, I refer to these tools as "system scanners" to differentiate them from the "file scanners" which I'll discuss later. With a system scanner, simply surf to the site, click on a button typically labeled "scan now", and watch as your system is scanned. Here is a list of my three favorite Web-based system scanners for W

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information (all fields required):

First Name:
Last Name:
Country: Select... Afghanistan Aland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory British Virgin Islands Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, Democratic Republic of Cook Islands Costa Rica Cote D'Ivoire Croatia Cuba Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia, The Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, North Korea, South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Man, Isle of Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine Panama Panama Canal Zone Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russia Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia and Montenegro Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu U.S. Minor Outlying Islands Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands Wallis and Futuna Islands Western Sahara Yemen Zambia Zimbabwe
Email Address:

Do you manage, evaluate, recommend, implement, support or purchase security products, software or services?
YesNo

Please estimate the yearly security budget for your entire organization including all security products and services.
Please select... Over $10 Million $5 Million-$10 Million $1 Million-$4.9 Million $500,000-$999,999 $100,000-$499,999 $50,000-$99,999 $25,000-$49,999 $10,000-$24,999 Less than $10,000 None

What is your role in purchasing IT related products and services? (Check all that apply)
Technical decision maker
Financial decision maker
Recommend/Specify
Evaluate products
Implement Products/Services
Determine Needs
Create Security Strategy
None

By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

Most of these system scanners are implemented via ActiveX controls the Web site sends to your browser. Therefore, depending on your browser configuration, you may need to permit a single ActiveX control to run on your system. Given that a major antivirus vendor runs each of these sites, allowing such access is likely quite reasonable in most organizations. Furthermore, by pushing the ActiveX control to your browser, where the scanning occurs, none of these services involves sending any of your files across the Internet for inspection. All scanning is done locally. Remember that none of these system-scanning services is a replacement for a solid antivirus tool installed locally. They give you a good second opinion, but require you to manually surf to their Web sites to initiate a scan.

But what if you only need to check an individual file? That's where free Web-based file scanners come in handy. For each of these services, you can submit a single file or an archive containing a group of files. The service then runs one or more antivirus tools against the file and sends you the results. All scanning takes place at the services' machines, so no new software at all runs on your system, not even an ActiveX control. Here is a list of some of my favorite Web-based file scanners:

Keep in mind that these file-scanning services merely attempt to see if the file you submit matches any of their respective signatures. Your file might get a clean bill of health in these scans, but could still be very malicious. It's possible that you've received custom-created malicious code for which no signature has been created. Therefore, use the results of a file scanner as a single data point in your decision about whether the suspect file is really malicious. However, even given this limitation, these free services are immensely helpful in identifying infected systems and malicious code.

About the author
Ed Skoudis, CISSP, is cofounder of Intelguardians Network Intelligence, a security consulting firm, and author of Malware: Fighting Malicious Code (Prentice Hall, 2003).

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Threat Monitor,   Application and Platform Security,   Enterprise Vulnerability Management,   Vulnerability Risk Assessment,   Malware, Viruses, Trojans and Spyware,   Information Security Threats,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Threat Monitor How to defend against rogue DHCP server malware When BIOS updates become malware attacks Mac OS memory flaws pose challenges for enterprise endpoint protection Cybercrime and threat management How to find and stop automated SQL injection attacks Short-lived Web malware: Fading fad or future trend? Security book chapter: The Truth About Identity Theft How to use (almost) free tools to find sensitive data How to block adult websites from enterprise users by logging content Are Windows Vista security features up to par? Vulnerability Risk Assessment Are Web application penetration tests still important? McAfee to acquire Solidcore Systems for whitelisting The Pipe Dream of No More Free Bugs Vulnerability test methods for application security assessments Free HP SWFScan tool detects Adobe Flash flaws PCI QSA assurance program penalizes assessors Information security book excerpts and reviews New York drafts language demanding secure code Security experts identify 25 dangerous coding errors Microsoft Windows XML flaw exploits test desktop antimalware Vulnerability Risk Assessment Research Malware, Viruses, Trojans and Spyware ISP shutdown latest cat-and-mouse game with hackers How to get rid of malware, botnets on a hospital IT network How can search results lead to malware? How to prevent mobile phone spying Should a national cybersecurity strategy include offensive botnets? How to defend against rogue DHCP server malware New Trojan stealing FTP credentials, attacking FTP websites Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths When BIOS updates become malware attacks Antispyware buying guide for Indian enterprises RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary gray hat  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.