Raymond.CC Blog

Sometimes Antivirus scanner reports that a program is infected with a Virus or Trojan, even when the program is not really infected with any malicious code. This kind of problem is known as “False Positive” or “False Alert”, and it’s quite a common problem nowadays. As far as I know, when a tool or software got wrongly flagged as a threat, it is a long and tiring process for the author of the tool to get the virus makers to “fix” the false positive problem.

If you downloaded a tool from the Internet and your antivirus tells you that it is a virus, you can double confirm it by scanning the file with multiple antivirus program. However, installing multiple antivirus in your computer is not advisable as it can cause problems such as slowdown, conflicts, unbootable Windows and etc. What you can do is to scan the file online by uploading it to NoVirusThanks, a free multi-engine antivirus file scanner that supports a total of 23 antivirus. If you’ve heard about VirusTotal, Jotti Malware Scanner, VirScan, Virus.org or VirusChief, then NoVirusThanks would be an alternative to those multi-engine online file scanners.


NoVirusThanks.org is a site that was born in 26/6/2008 with the intent to offer to users free services that will help them to prevent a computer virus infection and to identify possible viruses in their computer. One of their main free service is to allow you to scan suspicious files for possible presence of virus, worms, trojans and any other kind of malware using several Anti-Virus engines.

NoVirusThanks file scanning with multiple antivirus engines is totally free and independent service. The virus definition signatures are automatically updated every 6 hours. It supports detailed results from each antivirus engine and also advanced details of file analyzed. At the result page, it has BBCode support where you can copy it to forums.

NoVirusThanks currently supports the following antivirus engines:

a-squared

Avira AntiVir

AVG

Avast!

BitDefender

ClamAV

Comodo

Dr.Web

Ewido

F-PROT 6

G DATA

IkarusT3

Kaspersky

McAfee

NOD32

Norman

QuickHeal

Panda

Solo Antivirus

Sophos

TrendMicro

VBA32

VirusBuster

NoVirusThanks also has an uploader software (NVTUploader.exe) that allows you to directly send files from your system, using Graphical Interface, using the Windows “Send To” context menu, or drag and drop to its Online Malware Scanner. It also has support for commandline. (example: C:\NVTUploader.exe c:\sample.exe). NoVirusThanks uploader tool can only upload a maximum file of 4MB but the website supports up to 20MB.

NoVirusThanks has an option for the uploader to select “Do not distribute the sample” from advanced options. VirusTotal used to have this feature but was removed because the antivirus developers said that it is only used by malware developers to avoid detection by AV engines. Another special feature that other multi-engine online file scanner doesn’t have is “Binder Detector“. A “Binder” is a program that generally is used to bind (join) 2 files together, example: one is the virus and the other one is the real program, when the joined file will be executed, generally is executed also the virus (hidden) together with the real program, so you will be infected without knowing it. Binder Detector is a program developed by NoVirusThanks that is able to detect if a file is joined/binded with a possible malware.

Do that note that NoVirusThanks.org is not a substitute for any antivirus software installed in a PC, as it only scans individual files on demand. These results DO NOT guarantee the harmlessness of a file. One of the best method to detect whether a file is a malware or not is by analyzing it in a online virtual sandbox ThreatExpert.

[ Visit NoVirusThanks ]