• Welcome to ForumKorner!
    Join today and become a part of the community.

How to do a quick file analysis

Spork

User is banned.
Reputation
0
Have you ever downloaded a suspicious file? One you didn't know whether you could trust to run without getting yourself infected? Well no need to worry about that anymore! This small, easy, step-by-step guide will show you how to keep your computer secure before executing the possible infected file.

Simple Virus Scans
The first step to making sure a file is clean would be to scan it with a trusted scanning website. For example, VirusTotal. VirusTotal is a website that can show you what some AV's have to say about the certain file, such as what detections they have found. Now, just because a file has a detection doesn't mean it is a virus. Such as if you scan a file and it has "WS.Reputation", that doesn't mean it's a virus. The definition of that detection is the file hasn't been too popular with the certain AV, which in this case, is Norton. Once Norton's sees a file over 100 times, then the detection will go away and it will show up with either clean, or another detection was made.
It's important to check and make sure what the detection brought to you by a certain AV company means. Sometimes it could be a fatal virus, or other times it could be a complete harmless detection which can't state whether or not it is safe to execute or not safe. There are also false positives you may run into.
False positives often occur when an AV classifies a safe file as a virus. This can be caused when there is an error in the signature database the AV software uses. Similar problems can occur with other antimalware software.


Online File Sandbox
A file sandbox is a program that executed a suspicious file away in an isolated location from the rest of your hard drive's memory.

sandboxie_welcome.jpg


Of course you can always run a small sandboxie analysis with some online service that provides this feature. A good one I use would probably be Anubis. Here is an example of a log that was created by Anubis : http://anubis.iseclab.org/index.php...1e86503eeb875cc94a588af6ccf3e1eff&format=html

As you can see, it gives you a nice, in-depth analysis on what the files does and how it operates on the computer once executed.

Others
Another big issue that occurs with some people is that they aren't sure what a detection means. And of course, they don't bother Googling it up, so I made it easy for you.You can always Google it, but there's also a Virus Encyclopedia. I stumbled upon this website awhile ago and decided to share it with you. I have no idea what detections and virus signatures they have in there, but it'll be useful sometimes.

Found an infected file?
If you find an infected file, there are a lot of ways you can help out other people and prevent it from spreading.You can run multiple scans on it with sites that submit their detections and logs to antivirus companies for them to do more research on the detection and help prevent it. There are plenty of sites that do this, and almost all of them except for NoVirusThanks submit their logs to the antivirus companies for further research. You can also submit samples of a collected malware file you have to sites such as MalwareCity where they would happily take care of that off your hands.
 
Top