There are times when you desperately want to download a file but at the same time worry if the file is actually a virus especially when the files are hosted in an unpopular or untrusted website. You may think that the antivirus installed on your computer should be able to block the program if the file is malicious but you’re wrong. Although an antivirus program contains millions of signatures in their virus definition, but it can miss new viruses which are undetected when they are being released to the wild. Even an old detected virus can be easily encrypted to make it fully undetected by any antivirus.
The solution to this problem is not to install more antivirus on your computer which would definitely make your computer crawl and unstable, but you can scan it on multiple antivirus engines at VirusTotal by simply uploading the file and wait for the detection report being generated in real time. Scanning a suspicious file with over 40 different antivirus will greatly increase the detection rate. VirusTotal is one of the longest standing website that has come a long way in providing a free service to analyze files and even websites using multi-engine antivirus. They are the best in the industry which is why Google acquired VirusTotal on September 2012.
Scanning a file in VirusTotal is really simple. All you need to do is open up your web browser, go to VirusTotal’s website, select the file that you want to upload for scanning and the report will be generated nearly instantly if there are no scan queue in front of you. You can only select one file at a time for scanning and the maximum supported file size is 32MB.
If the file has been scanned before, you can either view the last analysis or request for a reanalysis because it is possible that the old virus signature cannot detect the file while the current one can. Take note of scan date because if it is old, you will definitely need to rescan again using the latest definition.
If you’re feeling still unsure because of getting a mixed results from VirusTotal, then refer to the comments and votes where some experienced or trusted users who got in touch with the file before may post further details such as where the file came from and what it does. The additional information tab contains information generated by advanced tools/services such as ssdeep, TrID, ExifTool, Sigcheck, EXE structure information, Symantec Reputation, ClamAV PUA Engine, first and last seen date at VirusTotal.
If you felt that VirusTotal is a very useful service and may use it frequently, there are other easier methods to check files at VirusTotal without going through the steps of opening your browser, visit VirusTotal, browse the files to upload and wait for the report. First of all you can send for scanning using your email by attaching the file and send it to email@example.com with the subject SCAN. The scan report will be emailed to you once it is ready.
There is an official desktop program called VirusTotal Uploader that simplifies the uploading process of files from your computer to VirusTotal. The uploader program allows you to easily send files for scanning by right click, select Send To > VirusTotal or directly from the program itself which can browse for the file or select the running process although some protected process cannot be uploaded.
There are free extensions and plugins such as VTzilla for Firefox, VTexplorer for Internet Explorer, VTchromizer for Chrome and VirusTotal Extension for Opera that you can scan URL and files directly from your web browser without downloading the files to your computer and then reuploading to VirusTotal.
Please be advised that even if all antivirus engine reports that the file you uploaded if clean, it does not guarantee that it is safe because there are crypter tools being sold in underground forums to make a detected file fully undetected. You definitely need a second layer of protection such as Zemana AntiLogger and KeyScrambler to keep you safe from files that seems to be harmless but they are in fact harmful.