How to check if suspect files do really contain a virus

OK, so you have scanned your PC with Avast anti-virus and it is reporting that a particular file contains a virus. In 99% of cases, if Avast reports virus infection – it probably is. However, some reports can be what is known as “false positive” i.e. a report of a virus because the contents of a file look suspiciously like a known virus. This quite often happens if you are using Adaware/Spyare scanning programmes which unzip compacted files into a temporary directory in order to scan the files. At the point of unzipping – sometimes Avast (or any other anti-virus tool) can get confused. I have seen this happen a number of times when the anti-virus has checked of the cool tools from Nir Sofer over at http://www.nirsoft.net/ – particularly if you happen to have downloaded one of his password recovery utilities.

So, if you have  a report of a virus in a particular file which you suspect might just be a mistaken report, go to VirusTotal where you can submit the file in question. VirusTotal will scan it with about 30 (yes, 30) different virus scanning products and send you back the results.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s