One Scan May Not Be Enough

Ask questions and give answers about computers, mobile devices, game boxes, PC security and all manner of geeky stuff.
Post Reply
User avatar
yogi
Posts: 4359
Joined: 14 Feb 2015, 15:49

One Scan May Not Be Enough

Post by yogi » 09 Oct 2015, 18:31

Yogi wrote:This topic probably belongs in the Computer Forum, but we all download software and blindly trust it is clean. Hopefully my story will get more visibility in this forum, and perhaps save some of you from a lot of buggy trouble.
When programs are downloaded from a website they frequently are in a compressed format, or commonly known as zipped. Zipping software (compressing it) saves space and makes the download time quicker. In many instances the zipped programs can be un-zipped easily and run without installing them on your computer. These type of programs are referred to as being protable.

While I don't have an antivirus program installed and running on my computer, I do on occasion use something called Virus Total Uploader. This program will scan any file you tell it to. The beauty of it is that it uses upwards of 50 popular antivirus programs to do the scan. Thus the results is from 50 sources in the hope that if one misses something, the others will catch it.

Today I found a program called Virus Total Scanner which downloads in the zipped format. Given that this was my first time to evaluate the program, I decided to run a virus check before I installed it. I used Virus Total Uploader and the zipped file appeared to be clean. Feeling confident, I proceeded to unzip it so that I could actually use it. However, I decided to see if it was still clean after being unzipped. To my surprise about twenty of the virus checks found malicious software in this program that was clean just a few minutes prior.

There are several lessons to be learned here, but the most important one is to be certain to do a thorough virus check on any program that you download. Some operating systems (Windows 10, for example) will do this virus check automatically, but they only use one set of virus definitions, not the 50 sets used by Virus Total Uploader. The second lesson is that a second virus scan should be run after the compressed (zipped) files have been un-zipped. In my case the viruses did not show up until the program was ready to be installed. Most virus checkers would not have found anything in the compressed version, but during the un-zipping a web site was contacted and viruses were downloaded. Fortunately I didn't install the virus laden software, but it is a very scary situation when fifty antivirus scans cannot find anything at the initial scan.

If you are interested, this is the program without viruses, Virus Total Uploader:
https://www.virustotal.com/en/documenta ... lications/

This is the program that suddenly acquires a virus payload after it is unzipped, Virus Total Scanner:
http://securityxploded.com/virus-total-scanner.php

User avatar
pilvikki
Posts: 4437
Joined: 16 Feb 2015, 15:35

Re: One Scan May Not Be Enough

Post by pilvikki » 09 Oct 2015, 18:53

a most humble thank you!

i'll run that by loki to see what it thinks and then keep it handy.

i'd have never thought to run an antivirus after dezipping....

:balloons: (these are round flowers)

User avatar
Icey
Posts: 10161
Joined: 18 Feb 2015, 18:13

Re: One Scan May Not Be Enough

Post by Icey » 09 Oct 2015, 19:55

Thank you, interesting.

How do you unzip files though? I've seen them and didn't know what to do with them.

User avatar
pilvikki
Posts: 4437
Joined: 16 Feb 2015, 15:35

Re: One Scan May Not Be Enough

Post by pilvikki » 10 Oct 2015, 07:14

firmly grasp the tab and pull...

ok, ok, i'm going :tiptoe:

User avatar
pilvikki
Posts: 4437
Joined: 16 Feb 2015, 15:35

Re: One Scan May Not Be Enough

Post by pilvikki » 10 Oct 2015, 07:15

actually, you have an unzipping utility on your computer. try a search.

or just ask yogi.

:mrgreen:

User avatar
yogi
Posts: 4359
Joined: 14 Feb 2015, 15:49

Re: One Scan May Not Be Enough

Post by yogi » 10 Oct 2015, 08:48

There are programs you can get to un-zip files, but as Pilvikki points out it is also built into Windows. My example here is from Windows 10 but the same thing will happen in any version of Windows.


RIGHT CLICK and drag any .zip file to an empty spot on the desktop.

Image
You will then see a menu with an option to "Extract..."

CLICK EXTRACT...

Image
Then you will be given the option where to save those extracted files.
Use the suggested location or browse to a place of your own


CLICK [EXTRACT]

...and you are done. A new folder with your extracted files will be created.

You may now scan the entire folder of extracted files, or any single file in that folder.

User avatar
Icey
Posts: 10161
Joined: 18 Feb 2015, 18:13

Re: One Scan May Not Be Enough

Post by Icey » 10 Oct 2015, 14:39

Ooh, thank you!

LOL, Vikki. Well .... near ....

Post Reply