Bitcoin Forum
February 16, 2020, 07:17:34 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: [Guide] Virustotal scan guideline to detect viruses, trojans, malwares, worms  (Read 953 times)
bob123
Legendary
*
Offline Offline

Activity: 1134
Merit: 1653



View Profile WWW
May 03, 2019, 06:55:46 AM
Merited by DdmrDdmr (1)
 #21

Unfortunately Virustotal can only help you with already known threats and viruses by comparing the code to known threats. If you are unlucky and download a file that contains a fresh code with a virus then Virustotal will not be able to help you since it is the first time they see the code. The results can come back as clean while in fact you get infected and if you do a 2nd scan in a few days you see that some antivirus engines are already registering the file as a threat.

This is why I wrote those recommendations.
Notes:
- Please remember that this one is a free online service, it should be used only as substitution of professional antivirus or internet security softwares for someone who don't have those softwares on their devices (lack of money, or anything else).
- You all should protect yourself better by spending money to own antivirus or internet security softwares on your devices.
- It is very cost-effective investment for your assets.

Virustotal, and other online virus scanning sites, should only be used for people who don't have money to buy professional softwares.
For someone, who already own professional softwares, they obviously can use those sites as supplementary stuffs to make pre-scan before downloading files and scan again by their softwares.


Your recommendations do not mentioned what Pmalek said.. in any word.

Virustotal and any other AV software can only recognize malware by 2 approaches:
  • Heuristics
  • Behavior analysis

Regarding Heuristics:
If the malware is either 1) new or 2) modified so that these AV's don't have it in their database yet -> No Heuristic to match the malware with.

Regarding Behavior analysis:
If the malware does not run malicious code when being analyzed (can be done with multiple techniques, e.g. checking whether being run in a sandbox) -> Not triggering the behavior analysis.


Now, if we combine these two statements, it becomes clear that it is quite easy to create malware which is completely undetected from AV's (at least until enough people have been infected with it and AV's have manually reviewed and sigged the malware as such).


Using AV's (whether paid ones on your computer, or online services like virustotal) does only protect you against 1) known and very wide-spread malware and 2) malware created by script-kiddies or any other non-commercial cyber criminals.

1581880654
Hero Member
*
Offline Offline

Posts: 1581880654

View Profile Personal Message (Offline)

Ignore
1581880654
Reply with quote  #2

1581880654
Report to moderator
1581880654
Hero Member
*
Offline Offline

Posts: 1581880654

View Profile Personal Message (Offline)

Ignore
1581880654
Reply with quote  #2

1581880654
Report to moderator
1581880654
Hero Member
*
Offline Offline

Posts: 1581880654

View Profile Personal Message (Offline)

Ignore
1581880654
Reply with quote  #2

1581880654
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1581880654
Hero Member
*
Offline Offline

Posts: 1581880654

View Profile Personal Message (Offline)

Ignore
1581880654
Reply with quote  #2

1581880654
Report to moderator
tranthidung
Hero Member
*****
Offline Offline

Activity: 728
Merit: 1235


Manager? See my profile page, please


View Profile WWW
May 10, 2019, 09:02:30 AM
Last edit: May 10, 2019, 09:18:47 AM by tranthidung
 #22

< ... >
Thanks, I updated the OP. I knew that having healthy behaviour and habits on Internet is the best way to protect our devices and assets. You are right that any kind of Antivirus softwares or internet security softwares only help us from well-known threats. In reality, hackers always innovate new threats, so maintaining healthy habits / behaviours is key.
- Having and maintaining healthy habits and behaviours on Internet space are the best way to protect your devices and your assets.
Because antivirus softwares or internet security softwares only help us from well-known threats. @Pmalek mentioned about it there:[/color]
Unfortunately Virustotal can only help you with already known threats and viruses by comparing the code to known threats. If you are unlucky and download a file that contains a fresh code with a virus then Virustotal will not be able to help you since it is the first time they see the code. The results can come back as clean while in fact you get infected and if you do a 2nd scan in a few days you see that some antivirus engines are already registering the file as a threat.
bob123's suggestion (click on quote link to see full post):
Using AV's (whether paid ones on your computer, or online services like virustotal) does only protect you against 1) known and very wide-spread malware and 2) malware created by script-kiddies or any other non-commercial cyber criminals.


By the way, I updated this one:
Additionally, there are tips to check Github account's reliabilty first (such as account age, activity, past reputation) before thinking of downloading sources from Github.
https://bitcointalk.org/index.php?topic=5139034.msg50883346#msg50883346


Reference
< ... >
(3) Just because It’s on GitHub. It doesn’t mean it’s safe>




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
  WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Baby Dragon
Sr. Member
****
Offline Offline

Activity: 854
Merit: 267


LuckyB.it is Back!


View Profile
May 15, 2019, 02:02:28 AM
 #23

Translated to Filipino language: https://bitcointalk.org/index.php?topic=5142997

I will keep supporting this topic Smiley

                         ▄▄▄▄▄▄
             ▄▄█████▄▄███████████▄▄
     ▄▄    ▄████▀▀█████▀▀▀  ▄███████▄
  ▄█████  ████    ███▀     ███▀▀▀████▌
 ▐██▀    ████    ▐██▀  ▄  ▐███    ███▌
 ▐██▄   █████  ▄▄███  ███ ███▌   ▄███
  ▀█████████████████▄███ ▐█████████▀
    ▀▀▀▀████▀▀  ▀▀████▀  ██████████
       ▐███▌            ▐███    ▀███▄
       ████             ███▌     ████
    ▄▄█████       ▄██▄ ▐███     ▄███▀
 ▄███████████▄▄▄█████▀ █████▄▄▄████▀
█████▀▀▀▀██████████▀ ▐███████████▀
▀▀          ▀▀▀▀▀     ▀▀▀▀  ▀▀▀













██████████████████
████████████████████████
████████████████████████████
███████████████████████▀▀    ███
████████████████████▀▀   ▄▄██  ███
██████████████████▀▀   ▄▄██████  █████
██
████████████▀▀   ▄▄██████████  █████
███
████████▀▀   ▄▄██████████████  ██████
██
█████▀▀   ▄▄██████████████████  ██████
██
██▀   ▄▄██████████████████████  ██████
██
██
▄▄██████████████████████████  ██████
██
██
████████████████████████████  ██████
███
██
███████████████████████████  ██████
██
███
█████████████████████████  █████
████
██
█████████████████████████  █████
███
██
████████████████████████████
███
████
██████████████████████████
████
█████
███████████████████
██████
██████████████████
██████████████████












● Great Prizes
● Trophies
● The Original Plinko
● Great Community
● Chat Lotto
● Low House Edge
Velkro
Legendary
*
Offline Offline

Activity: 2072
Merit: 1011


<3 Vanity Addresses :)


View Profile
May 15, 2019, 02:27:25 AM
 #24

By the way, sometimes we get to see false positive and negatives from virustotal.
Results from virustotal should not be taken as final.

All it takes here is experience. You will see in time which is false positive and which are not with close to 100% certainty.
Great guide overall, virustotal helped through the years thousands of people to not get infected.

tranthidung
Hero Member
*****
Offline Offline

Activity: 728
Merit: 1235


Manager? See my profile page, please


View Profile WWW
May 15, 2019, 08:13:56 AM
 #25

Translated to Filipino language: https://bitcointalk.org/index.php?topic=5142997

I will keep supporting this topic Smiley

I thank you for doing this, it looks good, but I will wait to see confirmations from your locals, merit sources for instance, because I don't know your language and it does not make sense to check the translation's quality by using Google. As a promised, when quality of this translation confirmed, I will add it into OP, and give you my small award. Please wait.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
  WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
TryNinja
Legendary
*
Offline Offline

Activity: 1288
Merit: 1823



View Profile
June 15, 2019, 05:31:21 PM
Last edit: June 15, 2019, 06:53:04 PM by TryNinja
Merited by ETFbitcoin (1)
 #26

I like using https://any.run/ to check for files. It gives you more understanding on what the file does than VirusTotal.

It basically deploys a temporary VM so you can run the file and see what it is doing (which files is creating, what HTTP requests it is doing, etc...). You can actually grab a lot of information from it.

VirusTotal is cool too, but it is more about checking for heuristics instead of trully analysing the software.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1918
Merit: 2202

Use SegWit and enjoy lower fees.


View Profile WWW
June 15, 2019, 06:50:07 PM
 #27

I like using https://any.run/ to check for files. It gives you more understanding on what the file does than VirusTotal.

It basically deploys a temporary VM so you can run the file and see what it is doing (which files is creating, what HTTP requests it is doing, etc...). You can actually grab a lot of information from it.

VirusTotal is cool too, but it is more about checking for heuristics instead of trully analysins the software.

First time heard this website, while it has very interesting features, it requires human intervention & regular users wouldn't understand most of information shown. For regular user/beginner, VirusTotal is still best option.

Also, i doubt it can detect fake wallet because it's behavior extremely similar with real wallet, except create and broadcast transaction which steal user funds unless we know real wallet behavior.

MagicByt3
Sr. Member
****
Offline Offline

Activity: 448
Merit: 287


Buy BTC


View Profile
June 15, 2019, 08:32:42 PM
 #28

Great topic I would like to throw into the ring:

https://www.hybrid-analysis.com/

It is a very advanced tool for running programs in VM state and it logs everything the software is doing and gives a nice report back.
I highly recommend the use of this in conjunction with virus total and your own security screening software if you use such.


Custom Bitcointalk .999 Silver Bars
[Limited Edition Auction Ends 18th Feb 2020]
https://bitcointalk.org/index.php?topic=5225031.0
tranthidung
Hero Member
*****
Offline Offline

Activity: 728
Merit: 1235


Manager? See my profile page, please


View Profile WWW
June 27, 2019, 09:55:28 AM
 #29

Appreciated given sites from @TryNinja and MagicByt3. I will look at them further. I might or might not add them into OP.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
  WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Velkro
Legendary
*
Offline Offline

Activity: 2072
Merit: 1011


<3 Vanity Addresses :)


View Profile
December 01, 2019, 09:55:26 PM
 #30

For xxxx wallet, detection ratio is 0/69, it means no threat found, and the wallet is safely to install on your devices.
I wish it would be so simple. Its very good indication but you can't be 100% sure file is safe.
Especially when wallets from new coins are created by programmers that are capable to hide their malicious functions from virusdetectors. Why?
Because viruses detect mostly already known and reported threats. If its new, they won't detect it unless it contains very common malicious code (copied for example from existing viruses/trojans).

Be safe.

tranthidung
Hero Member
*****
Offline Offline

Activity: 728
Merit: 1235


Manager? See my profile page, please


View Profile WWW
December 02, 2019, 01:03:09 AM
 #31

For xxxx wallet, detection ratio is 0/69, it means no threat found, and the wallet is safely to install on your devices.
I wish it would be so simple. Its very good indication but you can't be 100% sure file is safe.
Especially when wallets from new coins are created by programmers that are capable to hide their malicious functions from virusdetectors. Why?
Because viruses detect mostly already known and reported threats. If its new, they won't detect it unless it contains very common malicious code (copied for example from existing viruses/trojans).

Be safe.
Generally, I mentioned that is only for well-known threats, not newborn ones. Anyway, your reminder makes sense and I know readers will likely forget what you read in my note section, so I added 'well-known' in the phrase you pointed out too.
Thanks.
Because antivirus softwares or internet security softwares only help us from well-known threats.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
  WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
tranthidung
Hero Member
*****
Offline Offline

Activity: 728
Merit: 1235


Manager? See my profile page, please


View Profile WWW
January 12, 2020, 05:56:57 AM
 #32

Bump !




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
  WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!