Sometimes Antivirus scanner reports that a program is infected with a Virus or Trojan, even when the program is not really infected with any malicious code. This kind of problem is known as “False Positive” or “False Alert”, and it’s quite a common problem nowadays. As far as I know, when a tool or software got wrongly flagged as a threat, it is a long and tiring process for the author of the tool to get the virus makers to “fix” the false positive problem.
If you downloaded a tool from the Internet and your antivirus tells you that it is a virus, you can double confirm it by scanning the file with multiple antivirus program. However, installing multiple antivirus in your computer is not advisable as it can cause problems such as slowdown, conflicts, unbootable Windows and etc. What you can do is to scan the file online by uploading it to NoVirusThanks, a free multi-engine antivirus file scanner that supports a total of 23 antivirus. If you’ve heard about VirusTotal, Jotti Malware Scanner, VirScan, Virus.org or VirusChief, then NoVirusThanks would be an alternative to those multi-engine online file scanners.
NoVirusThanks.org is a site that was born in 26/6/2008 with the intent to offer to users free services that will help them to prevent a computer virus infection and to identify possible viruses in their computer. One of their main free service is to allow you to scan suspicious files for possible presence of virus, worms, trojans and any other kind of malware using several Anti-Virus engines.
NoVirusThanks file scanning with multiple antivirus engines is totally free and independent service. The virus definition signatures are automatically updated every 6 hours. It supports detailed results from each antivirus engine and also advanced details of file analyzed. At the result page, it has BBCode support where you can copy it to forums.
NoVirusThanks currently supports the following antivirus engines:
a-squared Avira AntiVir AVG Avast! BitDefender ClamAV Comodo Dr.Web Ewido F-PROT 6 G DATA IkarusT3 Kaspersky McAfee NOD32 Norman QuickHeal Panda Solo Antivirus Sophos TrendMicro VBA32 VirusBuster
NoVirusThanks also has an uploader software (NVTUploader.exe) that allows you to directly send files from your system, using Graphical Interface, using the Windows “Send To” context menu, or drag and drop to its Online Malware Scanner. It also has support for commandline. (example: C:\NVTUploader.exe c:\sample.exe). NoVirusThanks uploader tool can only upload a maximum file of 4MB but the website supports up to 20MB.
NoVirusThanks has an option for the uploader to select “Do not distribute the sample” from advanced options. VirusTotal used to have this feature but was removed because the antivirus developers said that it is only used by malware developers to avoid detection by AV engines. Another special feature that other multi-engine online file scanner doesn’t have is “Binder Detector“. A “Binder” is a program that generally is used to bind (join) 2 files together, example: one is the virus and the other one is the real program, when the joined file will be executed, generally is executed also the virus (hidden) together with the real program, so you will be infected without knowing it. Binder Detector is a program developed by NoVirusThanks that is able to detect if a file is joined/binded with a possible malware.
Do that note that NoVirusThanks.org is not a substitute for any antivirus software installed in a PC, as it only scans individual files on demand. These results DO NOT guarantee the harmlessness of a file. One of the best method to detect whether a file is a malware or not is by analyzing it in a online virtual sandbox ThreatExpert.
Related posts:
Kasperky 2010 itself detects the NVTUploader.exe as a trojan: HEUR:Trojan.Win32.Generic
LOL!
my pen drive have a file named funny scandalUTS.AVI.EXE file in hide forms & is not deleted
Thanxxxxx Raymond!
The ‘Binder Detector’ of the site detected two piratebay torrentsz setup.exe!!!
You saved me!Thx!
hi !! raymond…
my pendrive containing a folder namly “data penting.exe”
each time i delete it..it copied itself..
i tried to delete it using “bitdefender total security 2008″ …but in vain..
is it a virus/spyware??
how 2 remove it??
thanks
Hey mohan, I’ve posted about USB Firewall 6 months ago on this blog. Check it out.
raymond.cc/blog/archives/2008/04/24/protect-windows-from-usb-autoruninf-virus-with-usb-firewall/
HI Raymond,
Thanx for this post! When i think about security, i wish to say that, in most cases, if we plug-in a Pendrive, if there is any virus inside, it’ll automatically spread to all drives. There is a tiny tool (<than 2MB) called USB firewall which protects automatic action of the Viruses. You can identify it later by using your AV tools.For more details, plz visit
net-studio.org
Hey Raymond, is this useful?
It looks pretty good as usual with your finds Raymond.
I like the idea of \’Do not distribute the sample\’ so I can disable it. I want the sample to be distributed to the anti virus companies in the hope that they will all get better at detection and in the very optimistic hope they will work more closely even if merely to the extent of calling each virus/malware etc the same thing. I.e. you upload a file which you know will probably generate false positives just in case to say Virus total and get six positives each with different names and none of which you can find a decent description of as well as some clean results. So you are no further forward.
I do not buy into the idea that \’only\’ malware developers were using it, for a start their would be no behavioural analysis, that would best be done on a virtual machines and cannot be done online. Secondly most AV companies offer Demos and/or Online scan\’s anyway. – It sound more like the AV companies are too concerned about protecting their trade secrets and work together as little as possible. I find this really idiotic as most non IT literate people (who form the majority) do not buy AV software based on rational reasons. At work we use AVG (reason unknown – cheap probably), my girlfriend uses Panda because it came with her laptop and she renewed the licence as it had not found any viruses ;) and a friend who is an IT professional bought Norton for his own machine because he \’had heard of it\’. I use Kaspersky because I researched it and believe it to be the best (for me), Esset Nod 32 came a close second.
p.s. Obviously do not distribute this sample is sensible if the file is confidential, otherwise the more the AV companies get the better.
hi raymond plz help me to repair my HDD bad sector plzzzzzzzzzzzzzzzzzzzz
hi raymond…. help… me…
my system caught with spyware… just 2 hours before…
well from on that i try to remove the spyware…
i installed norton internet security 2007… with subscription….. coz i dont have the original one… can u help me from where i can get a good norton antivirus and internet security software and original keygen….. and updates… for free… plzzzz help me
hi! Ray,
This is useful information. But i have tested a very small file. But, it is taking so many time to finish the scan.
Anyway thanks for the nice share.
Good luck!.
thanks raymond,what eactly does this file do.it came from an unknown publisher.
hey raymond, how does this fare when compared to virustotal?
Though it may not provide us the real protection, it can be a good useful tool.
@Lenovo: Then you’ll have to configure your antivirus to exclude scanning of the particular file.
@venkat: That’s why I mentioned the following sentence at the end of the article “Do that note that NoVirusThanks.org is not a substitute for any antivirus software installed in a PC”
@john: Searching in Google about xshim.exe reveals that it is a SWF Studio file. If you suspect that it is a threat, you can analyze the file at ThreatExpert.
Very useful tool – thanks..!
Hi raymond,have you heard of this file named xshim.exe my security stopped it running on my comp.i googled it and no one seems to know what it is.any ideas?
Thanks!!!
These online scanners useful to find the infection only and we have to regret the fact that they can not delete the infected files or viruses.
Thanks, useful info
I guess their server is down tried to go for the uploader failed visit the site failed……
I’ll try after some time…..
Nice work Ray thx i need one Binder thing to scan, my game exe’s are detected by Avast!
Thanx raymond!!! but if like i have a program installed in my PC and my antivirus tries to remove it although its NOT a virus still my antivirus says its a torjon and i m not able to run that program….