Скачать вирустотал


VirusTotal — онлайн сервис для проверки на вирусы

Онлайн сервис VirusTotal предназначен для проверки файлов и ссылок на вирусы. Этот бесплатный сервис проверяет файлы, сайты, другие ссылки, используя службы (сканеры) антивирусных программ большого количества производителей. В данный момент сервис VirusTotal принадлежит корпорации Google.

Бесплатный онлайновый сервис VirusTotal.com поддерживает проверку более чем 50 антивирусными сканерами. Этот список производителей антивирусных программ, постоянно дополняется новыми сканерами.

После завершения проверки на вирусы, вы получите результат сканирования, выданный всеми доступными в сервисе антивирусами, а не от одного производителя, например, установленной на вашем компьютере антивирусной программы. Таким образом, вы можете получить более объективную картину, если у вас есть сомнения по поводу надежности какого-нибудь файла или ссылки.

Сканеры обнаруживают все виды вредоносных программ: вирусы, трояны, черви, malware и т. д., словом, все типы подобного опасного софта, которые могут быть обнаружены антивирусами.

Для чего может возникнуть необходимость для такой проверки файла, при помощи онлайн сервиса VirusTotal? Все время идет борьба между теми, кто пишет вирусы или другие вредоносные программы, и теми, кто защищает компьютеры пользователей от воздействия вирусов. Установленная на компьютере антивирусная программа не может с 100% гарантировать, что она сразу обнаружит зараженный код. Особенно это касается новых, только, что запущенных в сеть вирусов (в общем смысле этого слова).

После запуска нового вируса, проходит некоторое время, пока антивирусная программа не обнаружит эту новую угрозу. Те антивирусы, которые раньше обнаружат опасный объект, быстрее занесут данные о вредоносной программе в свои базы.  Поэтому, при одновременной проверке при помощи большого количества антивирусных сканеров, повышается вероятность нахождения вредоносного кода.

Также возможны ложные срабатывания у антивируса, который установлен на вашем компьютере. Если проверка показала, что только один антивирус обнаружил что-то опасное, а сам файл был создан достаточно давно, то в этом случае, высока вероятность того, что у установленного на вашем компьютере антивирусе было ложное срабатывание.

У проверяемого файла вычисляется хэш (контрольная сумма файла), который будет сравнен с хэшем такого же файла, если подобный файл ранее уже был проверен. Сервис проверяет значения хэша по MD5, SHA1, SHA256.

Подробнее о том, как узнать хэш файла, вы можете прочитать здесь, в статье посвященной программе HashTab. Сравнивая значения хэша файла, с контрольными суммами оригинального файла, вы можете узнать, был ли модифицирован данный файл или нет.

Онлайн сервис VirusTotal не является заменой, установленному на вашем компьютере антивирусу. Ваш антивирус должен находить и защищать компьютер от всех вредоносных и опасных данных. В том случае, если у вас есть сомнения по некоторым файлам или ссылкам, то при помощи VirusTotal вы можете произвести проверку этих подозрительных данных.

Результаты проверки могут отличаться даже при использовании решения одного и того же производителя. Вы получите информацию перед тем, как предпринять какие-либо действие.

Для проведения проверки необходимо будет перейти на сайт www.virustotal.com.

Проверка файлов на VirusTotal.com

После перехода по ссылке будет открыта главная страница сервиса VirusTotal.com.

Во вкладке «Файл» на сервис загружаются файлы для проверки антивирусными сканерами. Максимальный размер загружаемого файла ограничен размером в 128 МБ. При помощи кнопки «Выберите файл» необходимо будет выбрать файл на своем компьютере, а затем загрузить его на сервис VirusTotal.

После выбора файла нажмите на кнопку «Проверить!».

Некоторое время будет происходить загрузка файла на сервис. Это окно нельзя закрывать до окончания загрузки файла. Время выполнения этой операции будет зависеть от величины файла, скорости соединения, загруженности сети.

Должен заметить, что таким способом мне не удалось проверить ни один файл, несмотря на их маленькие размеры, потому что загрузка файла продолжалась бесконечно долгое время. Но не нужно расстраиваться, из этой ситуации есть выход.

Для быстрой проверки файлов необходимо будет использовать приложение VirusTotal Uploader, о котором вы можете прочитать ниже.

Проверка ссылок на VirusTotal.com

Для проверки адреса URL нужно будет вставить ссылку на сайт, конкретную веб-страницу, ссылку из почтового сообщения и т. п., в поле напротив кнопки «Ведите URL», а затем нажать на кнопку «Проверить!».

После завершения проверки сайта на вирусы (ссылки проверяются очень быстро), вы увидите результат, полученный от антивирусных сканеров. В пункте «URL» будет отображен адрес проверенной ссылки (сайта). В пункте «Показатель выявления» вы увидите результат проверки URL на вирусы. В данном случае: найдено — 0, количество сканеров — 52.

Также справа расположена форма, в которой отображаются баллы, полученные по результатам отзывов пользователей. На эти данные нужно ориентироваться в последнюю очередь, так как у пользователей, которые отправили личные отзывы, может быть разный уровень подготовки и знаний предмета.

Во вкладке «Анализ» можно посмотреть полученный результат по конкретным сканерам ссылок. При проверке могут не срабатывать отдельные сканеры, абсолютное большинство сканеров откликается нормально.

Если несколько сканеров находят, что-то подозрительное на веб-странице (сайте), то тогда есть повод для проявления большей осторожности. На самом сайте может и не быть ничего опасного, но с сайта может вести ссылка на представляющий угрозу ресурс.

У антивирусов бывают ложные срабатывания. Так однажды, установленный на моем компьютере антивирус обнаружил вредоносную ссылку на моем сайте. Я связался с тех.поддержкой и она сразу признала, что произошла ошибка. Правда, запись об опасной ссылке была убрана из баз не сразу, а через некоторое время.

Установка VirusTotal Uploader

Для проверки файлов удобнее использовать утилиту VirusTotal Uploader, которая предназначена для пользователей Windows.

скачать virustotal uploader

Программа VirusTotal Uploader быстро загружает файлы для проверки на онлайн сервис. Также с помощью этой утилиты можно проверять ссылки. Скачайте приложение VirusTotal Uploader на свой компьютер, а затем запустите исполняемый файл.

В первом окне мастера установки нажмите на кнопку «I Agree».

Во втором окне можете все оставить по умолчанию, а затем нажать на кнопку «Next».

В следующем окне нажмите на кнопку «Install».

После завершения установки утилиты VirusTotal Uploader нажмите на кнопку «Close».

Проверка на вирусы в VirusTotal Uploader

После запуска программы будет открыто окно «VirusTotal Uploader». Если перейти по ссылке «Click here to show all (requires admin)», то тогда откроется это окно программы запущенное от имени администратора.

В этом окне вы можете выбрать конкретный процесс (выделив его), для проверки исполняемого файла этого процесса.

После нажатия на кнопку «Upload process executable» будет вычислен хэш исполняемого файла, а затем он будет отправлен на проверку. После этого откроется страница онлайн сервиса VirusTotal com с результатом проверки. Возможно, что этот файл уже был проверен раньше, тогда вы об этом узнаете из даты анализа.

Для проверки файлов нужно использовать кнопку «Select file(s) and upload», которая находится в разделе «File(s)». После выбора файла, будет открыто окно сервиса, а после завершения антивирусной проверки вы узнаете ее результат. Для добавления файлов можно также использовать командную строку.

Проверку URL (ссылок) можно будет производить в разделе «URL». В поле «URL» необходимо будет вставить ссылку на веб-страницу (сайт), а затем нажать на кнопку «Get and Upload». После этого, ссылка будет проверена антивирусными сканерами на сервисе VirusTotal.

Для использования на мобильных устройствах под управлением операционной системы Android, вы можете скачать приложение VirusTotal for Android.

Файл на компьютере также можно проверить при помощи контекстного меню. После клика правой кнопкой мыши по нужному файлу, в контекстном меню необходимо будет выбрать пункт «Send to VirusTotal». Утилита проверит хэш файла и отправит результат проверки на сервис VirusTotal. Далее откроется окно сервиса с результатами сканирования на вирусы.

Расширение для браузеров

Онлайн сервис VirusTotal предлагает установить расширения для браузеров Mozilla Firefox, Google Chrome, Internet Explorer. Эти расширения подойдут также для других браузеров, созданных на основе Firefox и Chrome.

Для браузера Mozilla Firefox нужно будет установить расширение VTzilla. В браузер Google Chrome устанавливается расширение VTchromizer. Для браузера Internet Explorer — Vtexplorer.

После клика по значку расширения (на данном примере — расширение VTchromizer) откроется окно, в котором нужно будет произвести проверку сайта на вирусы, или ввести в поле значение хэша файла, адрес веб-страницы, электронной почты и т. д., для поиска результатов предыдущего сканирования.

Для проверки веб-страницы (сайта) следует кликнуть по ссылке «Scan current site». Далее будет произведена проверка этой ссылки, а затем вы увидите полученный результат сканирования на вирусы. По ссылке «Go to VirusTotal home» вы можете перейти на главную страницу онлайн сервиса.

Заключение

Онлайн сервис VirusTotal com осуществляет проверку подозрительных файлов и URL адресов (ссылок), проводимую большим количеством антивирусных сканеров. При использовании этого сервиса вы будете иметь дополнительную информацию о потенциально опасных данных, которые могут угрожать вашему компьютеру.

VirusTotal.com — онлайн сервис для проверки на вирусы (видео)

Прочитайте похожие статьи:

vellisa.ru

VTchromizer - VirusTotal

VTchromizer is a Google Chrome browser extension that simplifies the process of scanning Internet resources with VirusTotal. It allows you to scan links (including links to files) directly with VirusTotal's web application. It will scan the submitted URLs with URL analysis tools and the content downloaded from the scanned site with VirusTotal's antvirus solutions.

Unlike VTzilla, VTchromizer does not embed itself in the browser's download dialog, only in the context menu. Google Chrome still does not offer an API to modify the download dialog, having said this, you can still scan any file that you want to download by right-clicking on the link to the file and choosing the Scan with VirusTotal option.

Enough! I am sick and tired of reading, just let me install the extension, I will figure out alone how it works.

Contents

AudienceGetting startedWhat are we interested in?Scanning suspicious linksScanning downloads before storing themScanning the web site being displayedSearch for a file or url report, a particular comment or a VirusTotal Community user

Audience

This document is intended for any user that wants to learn how to use VirusTotal's browser extension for Google Chrome, VTchromizer. No technical background is required in order to understand the document.

Thus, the document is intended for Google Chrome users.

What are we interested in?

The main purpose of VTchromizer is to help the community in securing their systems. Having said this, if we can also collect interesting data to analyse and study, even better.

We are interested in malware, obviously, so if you come across any malicious file download link do not hesitate to scan it with VTchromizer. Additionally, thanks to VirusTotal's URL scan service we hope that users will be willing to send us phishing and any other fraud/ecrime related sites. Why? Because hopefully these sites will end up being processed by the URL analysis tools integrated in VirusTotal and will improve their efficiency, and thus end-user protection.

Getting started

The first thing you must do is to install the addon itself, you can do this by referring to the Chrome Web Store while visiting this site with Google Chrome:

Install VTchromizer

Scanning suspicious links

Imagine you have logged into your gmail account and you have received a suspicious email from your bank. The email is informing you about an unauthorized access to your account and is asking you to follow a link and provide your credentials to view the account access log.

Since you're savvy, you know that this mail is probably a phishing attempt. Even though you know that this is a scam, you are committed to help others, hence, you right click on the suspicious link and select the Scan with VirusTotal option from the context menu:

This will open a new tab in the same browser window, such tab will show the report for the requested URL scan. Note that the scanning process will also download the file/site of the target link, so do not forget to click on the View downloaded file analysis link.

Scan the web site being displayed

VTchromizer adds its own icon to Google Chrome's topbar, one of the options in the extension's popup is to scan with VirusTotal the web site being displayed in the active browser window. As before, a new tab will be opened with VirusTotal's report.

Search for a file or url report, a particular comment or a VirusTotal Community user

VTchromizer's topbar popup also contains a search box, this search box allows us to directly query VirusTotal's database for particular file/url reports, comment tags or VT Community users. When searching for file report, the box accepts MD5, SHA1 and SHA256 hashes.

www.virustotal.com

Вопросы и ответы - VirusTotal

Answers to common VirusTotal related questions can be found under the topics listed below. Should you have a question that is not present in this FAQ please do not hesitate to contact us with your inquiry. Before asking please make sure it has not been answered in this FAQ or in any of the pertinent VirusTotal documentation sites.

Navigate directly to questions about:

Antivirus file scansURL scansVirusTotal API Including new antivirus solutions and tools in VirusTotal VirusTotal statisticsShortcutsVirusTotal Community

Antivirus file scans

What kind of files will VirusTotal scan?

VirusTotal will scan, and detect, if appropriate, any type of binary content, be it a Windows executable, Android APKs, PDFs, images, javascript code, etc. Most of the antivirus companies involved in VirusTotal will have solutions for multiple platform, hence they usually produce detection signatures for any kind of malicious content.

I want to scan my entire system, where can I download VirusTotal?

VirusTotal just provides a second opinion on a given file or URL. It is by no means a full-fledged antivirus and we do not want it to be, therefore, VirusTotal is not available for download, it is just a web application.

Having said this, we have built a desktop application that eases the task of uploading files to our multiantivirus scanner, find out more about VirusTotal uploader or check other community alternatives such as PhrozenSoft's VirusTotal Uploader, though we are not responsible for the latter.

What is the maximum file size that can be submitted to VirusTotal?

128MB for the web and email interfaces, 32MB for the API interface by default. Having said this, should you have a strong and justified need to send big files through the API (even larger than 128MB) you can contact us in order to have access to the big files API call.

My network/system blocks malware uploads, can I upload encrypted compressed files in order to avoid this restriction?

Indeed, you may place the file that you wish to scan inside an encrypted ZIP file, VirusTotal will automatically extract the inner file and get it scanned for you, asking you whether you wish to render the report for such inner file. In order to be able to inspect the ZIP file its password must be one of the following: infected, password, test, 1234, virustotal, virus, compressed.

I have inadvertently uploaded a file with confidential or sensitive information to VirusTotal, can you please delete it?

We are very concerned about the privacy of our users and will do everything that is in our hands in order to ensure that privacy is preserved, please use our contact form to inform us about the issue.

I want to automate scans, what should I do?

VirusTotal provides an email interface and a public API for automating analysis tasks, you can find more information in the VirusTotal documentation site.

The antivirus result displays a green circle with a white tick mark, what does this mean?

VirusTotal makes use of the symbol to indicate that the given file was not detected in any way by the antivirus under consideration. We do not use the word "clean" or "innocuous" because antivirus solutions do not tell you whether a file is goodware, they just flag maliciousness.

The antivirus result displays a grey clock, what does this mean?

VirusTotal makes use of the symbol to indicate that the antivirus scanner under consideration timed out when analysing the submitted file. This does not necessarily mean that the antivirus has a problem with the file, as VirusTotal processes files in batches, it just means that at a particular point in time, under certain machine-load circumstances the antivirus did not produce a result for the file in a timely manner.

A given antivirus in VirusTotal detects a file and its equivalent commercial version does not

VirusTotal antivirus solutions sometimes are not exactly the same as the public commercial versions. Very often, antivirus companies parametrize their engines specifically for VirusTotal (stronger heuristics, cloud interaction, inclusion of beta signatures, etc.). Therefore, sometimes the antivirus solution in VirusTotal will not behave exactly the same as the equivalent public commercial version of the given product.

VirusTotal is detecting a legitimate software I have developed, please remove the detections

VirusTotal acts simply as an information aggregator, presenting antivirus results, file characterization tool outputs, URL scanning engine results, etc. VirusTotal is not responsible for false positives generated by any of the resources it uses, false positive issues should be addressed directly with the company or individual behind the product under consideration.

We can, however, help you in combatting false positives. VirusTotal has built an early warning system regarding false positives whereby developers can upload their software to a private store, such software gets scanned on a daily basis with the latest antivirus signatures. Whenever there is a change in the detections of any of your files, you are immediately notified in order to mitigate the false positive as soon as possible.

The version information of a given antivirus is not coherent with its latest commercial product, is it out of date?

No. Normally the version displayed in VirusTotal is decided by the company providing the antivirus solution, it does not always follow the same rules as its commercial product. To check if a given antivirus is up-to-date you should have a look at its last update field, this date reveals the last time that a new set of signatures was downloaded for the product.

Some engines have relatively old last update dates, please update the antivirus signature set

Each antivirus solution present in VirusTotal makes a signature update infrastructure available to VirusTotal. VirusTotal periodically polls this infrastructure (each 15 minutes) in order to see if there is anything new to download. Therefore, if the last update date for new file scans is old it is because the given antivirus vendor has not released any new signatures for VirusTotal.

URL scans

I asked for a URL scan but the file located at the given URL was not enqueued for antivirus scanning

The URL scanner will only enqueue for antivirus file scanning those files that are not text or similar formats (HTML, CSV, XML, etc.). Executables, images, music files, etc. will be always enqueued.

Another reason could be that the URL response content could not be retrieved at the time of analysis (due to some network error, because the response content is larger than 32MB in size, etc.).

Some URL scanner detects a given URL but its corresponding antivirus solution does not detect the downloaded file, or vice-versa

Very often URL scanners and antivirus engines are independent solutions even though they may belong to the same company, hence, detecting a given URL as malicious does not necessarily mean that the file located at such URL will also be detected, and vice-versa.

Moreover, sometimes the URL might be malicious (e.g. phishing site) but the downloaded file (HTML of the phishing site) may not necessarily be a theat for your computer. Other times, the downloaded file might indeed be flagged by the antivirus signatures but the corresponding URL scanner might still have no knowledge that a given URL is distributing such file.

I am experiencing a false positive, my site should not be detected.

VirusTotal simply aggregates the output of different antivirus vendors and URL scanners, it does not produce any verdicts of its own. As such, if you are experiencing a false positive issue, you should notify the problem to the company producing the erroneous detection, they are the only ones that can fix the issue. Please note that even if we were able to remove the flag, the users of such product would still be blocked from accessing your site.

VirusTotal API

Please give me an API key

You do not need to ask for a public API key, in order to get one you just have to register in VirusTotal Community (top right hand side of VirusTotal). Once registered, sign in into your account and you will find your public API in the corresponding menu item under your user name.

The 4 requests/minute limitation of the Public API is too low for me, how can I have access to a higher quota?

Special privileges can be considered for honeypots, honeyclients and other projects providing resources (samples or URLs) to VirusTotal.

VirusTotal also offers a private mass API. This API provides a higher request rate (that can be agreed with the VirusTotal team) and offers far more information and features than the public API. Find out more about the private API.

If any of these alternatives suits your purposes do not hesitate to contact us.

What is the difference between the public API and the private API?

First of all, the private API has an higher request rate. The service is designed as a volume stepped flat rate model.

Secondly, the private API gives you access to much more information than the public API, this information includes (but is not limited to):

  • All reports on a given sample or URL, not only the most recent one.
  • File and URL information provided by tools integrated in VirusTotal (PEinfo, PEiD, ExifTool, packers, sandbox links, sigcheck, etc.).
  • Behavioural execution information.
  • Metadata provided by VirusTotal: number of submissions, submissions vs. datetime, country of the sender of a given file, file names with which a sample has been submitted, first and last times a sample was seen, etc.
  • Goodware information: whether a given hash is goodware or not, products in which the file is found.
  • Property to sample queries: reverse searches such as "give me all samples that are detected with the following signature", "give me all samples that are detected by more than 10 engines", "give me all samples that contain a given PE section with the following hash", etc. these queries can be combined to build complex requests.
  • YARA notifications on the samples received at VirusTotal.

In addition to returning more information, the private mass API will allow you to download submitted samples for further research, along with the network traffic captures they generate upon execution and their detailed execution reports.

At the same time, the private mass API has a strict Service License Agreement (SLA) that guarantees availability and readiness of file and URL reports, making it suitable for integration in commercial services and products.

Other advanced queries specific to your needs can also be implemented. If you are interested in the private API do not hesitate to contact us.

I integrated the public API in free software, the default request rate is too low to attend all my users

The public API request can be fixed by the tuple (api key, IP address). Whenever this is done it is this tuple the one having the 4 requests/minute limitation and not the key on its own. This means that you can include a unique key in the software you have developed and each one of your users (provided they are not sharing their IP address) will experience a different 4 requests/minute limitation. Contact us in order to make your key a shared key, this is a free setting.

What do you consider an API request?

When considering API quotas, an API request is not equivalent to an HTTP request. This concept designates a single item lookup in the VirusTotal dataset. Therefore, if you were to make one single batch HTTP request asking for 10 hashes, that would count as 10 API requests. Analogous counting takes place for other items such as URLs, domains or IP addresses.

Including new antivirus solutions and tools in VirusTotal

I would like to include my antivirus product/URL analysis engine in VirusTotal, what should I do?

The process could not be easier, just contact us. We will tell you what we need.

In exchange for providing an antivirus solution you will receive all files submitted to VirusTotal that are not detected by your product and are detected by at least one other antivirus, along with their corresponding VirusTotal reports.

In exchange for allowing us to use a URL analysis engine you will receive the whole feed of URLs submitted to VirusTotal, along with their corresponding VirusTotal reports.

I requested the inclusion of my antivirus solution in VirusTotal some time ago and it has not been integrated yet

There is a relatively large waiting list for inclusion of antivirus solutions in VirusTotal, be patient. Integration of URL analysis engines is much quicker, so if you are still waiting do not hesitate to contact us.

VirusTotal statistics

Why do not you include statistics comparing antivirus performance?

At VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:

  • VirusTotal's antivirus engines are commandline versions, so depending on the product, they will not behave exactly the same as the desktop versions: for instance, desktop solutions may use techniques based on behavioural analysis and count with personal firewalls that may decrease entry points and mitigate propagation, etc.
  • In VirusTotal desktop-oriented solutions coexist with perimeter-oriented solutions; heuristics in this latter group may be more aggressive and paranoid, since the impact of false positives is less visible in the perimeter. It is simply not fair to compare both groups.
  • Some of the solutions included in VirusTotal are parametrized (in coherence with the developer company's desire) with a different heuristic/agressiveness level than the official end-user default configuration.

These are just three examples illustrating why using VirusTotal for antivirus testing is a bad idea, you can read more about VirusTotal and antivirus comparatives in our blog.

I want to suggest some other data correlation that would be very interesting to display

We want to continue improving the statistics section, so do not hesitate to send us your suggestions

Shortcuts

How can I link to the most recent report on a given file or URL?

There is a specific HTTP GET request to do this, feel free to use this link feature in your sites. The link is as follows:

https://www.virustotal.com/latest-scan/<resource>

Where resource is one of:

  • The MD5 of a given file that was scanned by VirusTotal.
  • The SHA1 of a given file that was scanned by VirusTotal.
  • The SHA256 of a given file that was scanned by VirusTotal.
  • A URL that was scanned by VirusTotal.

Note that this feature is subjected to the same 4 requests/minute limitation as the public API and search feature.

How can I increase my VirusTotal Community reputation?

There are two main ways of gaining reputation credits:

  • Become trusted: each time a VirusTotal Community member trusts you, you are automatically added 10% of his current reputation.
  • Produce high quality sample and URL comments: if you post interesting comments on samples and URLs other users may vote your comment as useful, whenever this happens you are added 3 reputation points. Moreover, your comments might be read by a VirusTotal team member and he might decide to boost your reputation.
Why should I vote a file or URL as harmless or malicious?

Whenever you vote a file or URL as harmless or malicious a mathematical function is applied to your reputation and the result of this function is added as reputation points to the file's maliciousness index. The overall file score may be used by other users as an additional indicator on the nature of the file in addition to the antivirus results. The number of votes in one sense or another also serve the same purpose.

www.virustotal.com

VirusTotal для Android - VirusTotal

VirusTotal for Android is an Android application that simplifies the process os scanning Android applications with your Android mobile device (phone, tablet, etc.). It allows to perform hash lookups for all applications on your device as well as upload any file that may be unknown to VirusTotal.

The scan output is available in the application itself and rechecking is as easy as clicking the corresponding menu option.

Please note that VirusTotal for Android does not provide real-time protection and, so, is no substitute for any antivirus product, just a second opinion regarding your apps.

Enough! I am sick and tired of reading, just let me install the application, I will figure out alone how it works.

Contents

AudienceGetting startedScan outputUploading unknown applications to VirusTotalRescanning applicationsThe application menu

Audience

This document is intended for any Android OS user that wants to install and use VirusTotal's application for Android in order to perform regular malware scans on his phone. No technical background is required in order to understand the document.

Getting started

The first thing you must do is to install the application itself, you can do this directly from the Google Play store.

Install VirusTotal for Android

After installing the application you will have to launch it to perform the very first scan of your system.

Scan output

Once the very first scan has finished, every time you launch the VirusTotal application you will see a list with all the applications installed on your device and a small icon next to them:

The green droid means that the application was scanned in the past by VirusTotal and was not detected by any antivirus solution. If the application was unkown to VirusTotal, a blue question mark will appear in the result column. Finally, if the application was indeed detected by one or more antivirus vendors, the icon displayed will be a red droid:

Please note that you can seach for a given application by using the top search box:

Clicking on any of the applications in the output list will take you to the application's details pane, the very first screen will just show you the detection ratio:

Once there you can see the entire list of antivirus vendor verdicts by clicking on the "Detailed results" button:

Uploading unknown applications to VirusTotal

The very first VirusTotal for Android check is based on hash lookups against VirusTotal. This means that any application that is unknown to VirusTotal will produce no results and, thus, will have a question mark icon in its results column.

Fortunately, VirusTotal allows you to upload any Android applications unknown to us. This can be easily done by clicking on the unkown application in the results list:

In order to be able to upload files to VirusTotal you must register in VirusTotal Community and provide your credentials to the application. The application will then use your public API key to perform the uploads.

The uploads will be queued for scanning with a low priority, whenever the scan ends the application will produce an Android notification:

Rescanning applications

Unless you explicitly tell VirusTotal for Android to rescan an application it will only perform hash lookups for it. This means that even if you recheck, you might be always looking at the same old report. If you wish to force a server-side rescan you will have to keep pressed a given application in the main results list, a dialog will appear asking you if you want to rescan:

Clicking on your device's menu button while using VirusTotal for Android will display a couple of useful options:

Let us take a closer look at these features:

  • Filters: this option allows you to filter the main results list searching just for detected, undetected or unknown applications.
  • Check all: allows you to rescan the applications in your device, you should click on it regularly (once a day for example) if you want to maintain some good habits. Please note that the application itself will not perform rescans unless you instruct it to do so. We must also emphasize that the application will just perform hash lookups when you click on this button, it wont perform a server-side rescan of each application.
  • API key: allows you to insert or modify your VirusTotal Community credentials. This is something that is needed if you want to upload files to VirusTotal and perform rescans rather than just hash lookups.

www.virustotal.com

Условия обслуживания - VirusTotal

Last modified on 7 September 2012.

These Terms of Service ("Terms") govern your access to and use of www.virustotal.com and our products and services ("Services"), and any information, text, graphics, URLs, files, audio, video, photos or other materials uploaded, downloaded or appearing on the Services ("Content"). Any reference to “you” or “your” means you as user of the Services, any reference to “we”, “us”, “our” or “VirusTotal” is to Rotarua Limited, the company that owns VirusTotal. Both VirusTotal and Rotarua Limited are owned by Google. Unless otherwise specified, these Services are for your personal and non-commercial use.

By using and/or accessing our Services, you agree that you have read, understood and consent to be bound by these Terms.

Use of the Services

You must follow all policies made available to you within the Services. You also agree:

  • to use the Services only for lawful purposes, in a manner which is not expressly prohibited by these Terms, and in a manner which does not infringe the rights or interests of VirusTotal or third parties;
  • to abstain from any activity that could damage, overload, harm or impede the normal functioning of the Services. Similarly, and in accordance with applicable legislation, you will refrain from illicitly or fraudulently obtaining or using content; and
  • not to use the Services in any way that could directly or indirectly hinder the antivirus industry/URL scanner industry.

Account Creation and Deletion

VirusTotal offers certain Services that may require the creation of a personal account (e.g. VirusTotal Community). Depending on the information provided in the registration and profile building process, this account may uniquely identify you. Any comment or post shared will be linked to you.

To promote information sharing accountability, accounts and user Content (for example, comments, posts, etc.) generally will not be deleted, unless there is copyright infringement, they are offensive/illegal, serve any other unethical/malicious purpose, or otherwise violate these Terms.

Users who wish to cease their activity in VirusTotal Community may perform the cease request through our public contact form.

Passwords and Personal Keys/Credentials

You are responsible for safeguarding any password/keys/credentials used to access the Services and for any activities or actions under these credentials. We recommend the use of "strong" passwords (passwords that use a combination of upper and lower case letters, numbers and symbols). VirusTotal cannot and will not be liable for any loss or damage arising from your failure to comply with this guidance.

Privacy

VirusTotal’s Privacy Policy explains how we treat your personal data and protect your privacy when you use our Services.

Copyright

VirusTotal will respond to notices of alleged copyright infringement that comply with applicable law and are properly provided to us. If you believe that your content has been copied in a way that constitutes copyright infringement, please provide us with the following information:

(i) a physical or electronic signature of the copyright owner or a person authorised to act on their behalf;

(ii) identification of the copyrighted work claimed to have been infringed;

(iii) identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit us to locate the material;

(iv) your contact information, including your address, telephone number, and an email address;

(v) a statement by you that you have a good faith belief that use of the material in the manner complained of is not authorised by the copyright owner, its agent, or the law; and

(vi) a statement that the information in the notification is accurate, and, under penalty of perjury, that you are authorised to act on behalf of the copyright owner.

Please send any notice of alleged copyright infringement to:

CopyrightVirusTotal3rd Floor Gordon House, Barrow StreetDublin 4Ireland

In appropriate circumstances, VirusTotal may also terminate/block a user's account if the user is determined to be a repeat infringer.

Your Content in our Services

Access to the public VirusTotal website is free of charge, with the exception of any specific pricing conditions that may apply to certain Services (e.g. VirusTotal Mass API, VirusTotal Malware Intelligence Services, VirusTotal Feed, VirusTotal Monitor, etc.).

You retain all ownership rights in any submission you may make and you confirm that you are the original owner of any content you submit or that you have the necessary rights and permissions to authorise us to use your content. In particular, you promise that you have obtained the permission of all of the people featured or referred to in the Content (and if they are under 18 their parents or guardians as well) to our use of the Content on the Services. You agree to give us evidence of all such rights and permissions if so requested by us.

When you upload or otherwise submit content, you give VirusTotal (and those we work with) a worldwide, royalty free, irrevocable and transferable licence to use, edit, host, store, reproduce, modify, create derivative works, communicate, publish, publicly perform, publicly display and distribute such content.

If you do not want the content provided by you to VirusTotal to be disclosed in the manner set out in these Terms or in the Privacy Policy, do not send it/share it with VirusTotal or the VirusTotal Community.

VirusTotal Rights

All rights, title, and interest in and to the Services (excluding third party brand names) are and will remain the exclusive property of VirusTotal and its licensors. Nothing in these Terms should be construed as conferring by implication or otherwise any licence or right under any copyright, patent, trade mark, database right, sui generis right or other intellectual property or proprietary interest of VirusTotal, its licensors or any third party. We reserve the right to remove any Content without prior notice and at our sole discretion.

Additionally, nothing in the Terms gives you a right to use the VirusTotal trademarks, logos, domain names, and other distinctive brand features.

Any feedback, comments, or suggestions you may provide regarding VirusTotal or the Services is entirely voluntary, and we will be free to use such feedback, comments or suggestions as we see fit and without any obligation to you.

Changes in Services

The Services provided by VirusTotal are constantly evolving, and the form and nature of the Services that VirusTotal provides may change from time to time without prior notice to you. Any changes to the Services, including the release of new VirusTotal features, are subject to these Terms. In addition, VirusTotal may stop (permanently or temporarily) providing the Services (or any features within the Services) without providing prior notice. We also retain the right to create limits on use and storage at our sole discretion at any time without prior notice to you.

Disclaimers

Your access to and use of the Services is at your own risk. You understand and agree that the Services are provided to you on an "AS IS" and "AS AVAILABLE" basis. Without limiting the foregoing, VIRUSTOTAL AND ITS AFFILIATES, AGENTS, PARTNERS AND SUBSIDIARIES DISCLAIM ANY WARRANTIES, EXPRESS OR IMPLIED, OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

You also agree that VirusTotal has no responsibility or liability for the deletion of, or the failure to store or to transmit, any content and other communications maintained by the Services.

The Services may contain links to third-party websites or resources. They may also contain comments and/or posts with non-anchored linked URLs. You acknowledge and agree that we are not responsible or liable for: (i) the availability or accuracy of such websites or resources; or (ii) the content, products, or services on or available from such websites or resources. Links to such websites or resources do not imply any endorsement by VirusTotal of such websites or resources or the content, products, or services available from such websites or resources. You acknowledge sole responsibility for and assume all risk arising from your use of any such websites or resources. Please note that user comments on URLs and files may contain URLs/links leading to malware.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, VIRUSTOTAL AND ITS PARENT, SUBSIDIARIES, AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, PARTNERS AND LICENSORS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION, LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER LOSSES, RESULTING FROM (i) YOUR ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE THE SERVICES; (ii) ANY CONDUCT OR CONTENT OF ANY THIRD PARTY, INCLUDING WITHOUT LIMITATION, ANY DEFAMATORY, OFFENSIVE OR ILLEGAL CONDUCT OF OTHER USERS OR THIRD PARTIES; (iii) ANY CONTENT OBTAINED FROM THE SERVICES; AND (iv) UNAUTHORISED ACCESS, USE OR ALTERATION OF YOUR TRANSMISSIONS OR CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE) OR ANY OTHER LEGAL THEORY, WHETHER OR NOT WE HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.

Viruses, Hacking and Other Offences

You must not misuse our Services. You must not attempt to gain unauthorised access to our website, the server on which our website is stored or any server, computer or database connected to our website. You must not attack our website via a denial-of-service attack or a distributed denial-of service attack.

We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your access to or use of the Services or any third party content or websites.

About These Terms

These Terms and the VirusTotal Privacy Policy are the entire and exclusive agreement between VirusTotal and you regarding the Services (excluding any services for which you may have a separate agreement with VirusTotal that is explicitly in addition or in place of these Terms - e.g. premium private services), and these Terms supersede and replace any prior agreements between you and VirusTotal regarding the Services.

Please note that we may update and amend these Terms from time to time and any changes will be posted on the website. By continuing to access the Services after any changes become effective, you agree to be bound by the revised Terms.

The failure of VirusTotal to enforce any right or provision of these Terms will not be deemed a waiver of such right or provision. In the event that any provision of these Terms is held to be invalid or unenforceable, the remaining provisions of these Terms will remain in full force and effect.

These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of Ireland. The Irish courts will have exclusive jurisdiction over any claim arising from, or related to the Services although we retain the right to bring proceedings against you for breach of the Terms in your country of residence or any other relevant country.

For information about how to contact VirusTotal, please visit our contact page.

www.virustotal.com

Проверка файла на вирусы онлайн. ТОП 6 лучших сервисов

Проверка файла на вирусы онлайн

Безусловно, на сегодняшний день есть большое количество антивирусных программ для защиты персонального компьютера от вирусов. И понять, какая антивирусная программа лучше, не разбирающемуся человеку довольно трудно. Намного лучше и правильнее обратиться к профессионалам, узнать мнение продвинутых пользователей и заблаговременно позаботиться об антивирусной защите домашнего компьютера.

Вас также может заинтересовать статья «Проверка APK файлов».

Как проверить файл на вирусы онлайн?

А в этой статье хочу познакомить наших читателей со специальными онлайн сервисами. Это – сайты, которые дают возможность пользователю бесплатно проверить файлы и страницы сайтов на наличие скрытых вирусов, без установки на компьютер программы антивируса. Такие онлайн антивирусы абсолютно бесплатны и вы можете проверять данными онлайн сервисами любое количество файлов.

Плюсы и минусы онлайн антивирусов

Плюсы:

  • Самая надежная проверка файла на наличие вредоносного когда — достигается за счет того что файл заливается на сайт где проверяется на наличие вирусов по сигнатурным базам разных антивирусов. Шансов определить вирус или другую вредоносную программу, больше чем у установленного на пк антивируса.
  • Онлайн антивирус не требует установки на компьютер.
  • Нет необходимости предварительно скачивать файл на свой компьютер, чтоб потом загрузить на сайт онлайн антивируса.  Некоторые сервисы (например Virustotal) дают возможность удаленной проверки файла.
  • Проверка сайта на наличие вирусов.
  • Почти все онлайн антивирусы бесплатны.

Минусы:

  • Требуется подключение к интернету.
  • Доступ на сайты онлайн сервисов может быть заблокирован вирусом (для продвинутого пользователя это не проблема)

Плюсов намного больше чем минусов. Самый большой минус использование таких сервисов будет для вирусописателей, поэтов и других распространителей «добра». Так-как файл после такой проверки будет как говорится на хацкерском жаргоне палится всеми антивирусами.

Итак, предлагаю вашему вниманию обзор шести лучших онлайн сервисов проверки файла на вирусы.

Проверка на вирусы Virustotal

Virustotal — один из самых известных и мощных сервисов онлайн проверки файлов. Интернет проверка файла на наличие вредоносного кода включает в себя единовременное сканирование загруженных вами файлов 40 разных антивирусов. Достаточно закачать на сайт файл чтобы онлайн антивирус проанализировал код файла на наличие в нем скрытых вирусов и других вредоносных программ. Размер загруженного вами файла не должен превышать 32Mb

За счет что Virustotal постоянно, автоматический обновляет свои антивирусные базы сервис с очень высокой вероятностью может определить самые новые вирусы скрытые в файлы. Результатом проверки будет полный анализ файла всеми антивирусами и выдача обобщенного результата.

VirusTotal — сервис для проверки файлов и ссылок на вирусы

После того как файл загружен, сервис анализирует файл и вычисляет хэш. Если данный файл уже загружался на сайт Virustotal и проходил проверку, то в таком случае результат будет сразу показан пользователю. Но если проверка файла была давно, вы можете просканировать файл еще раз для получения свежей, актуальной информации о файле.

VirusTotal Scanner — Программа для онлайн проверки файлов на вирусы

Еще одно достоинство бесплатного онлайн сканера – возможность отправки файлов через специальную программу-загрузчик VirusTotal Skanner (скачать VirusTotal Scanner), или с помощью электронной почты. Установка загрузчика не берет много времени, зато в будущем вы сможете отправлять сомнительные файлы на проверку через контекстное меню операционной системы Windows.

В случае пересылки посредством e-mail пользователю достаточно прикрепить сомнительный файл к письму, в поле «Тема» написать на английском слово «SCAN» и отправить на адрес [email protected] После того как сайт проверит ваш файл, вам будет выслан ответ, в виде подробного отчета.

Проверка на вирусы Dr.Web

Dr.Web  — это первый российский антивирус который запустил сервис онлайн проверки файлов на вирусы. За счет популярности и широкого распространения в России и странах СНГ, этот онлайн антивирус имеет большую популярность, среди Русскоязычного населения.

Онлайн сервис Dr.Web предлагает большой выбор антивирусных продуктов:

  • Бесплатная онлайн проверка файлов посредством интернет браузера.
  • Проверка страниц интернет сайтов. Зачастую вирусы присутствуют в коде различных интернет сайтов, в особенности на сайтах с сомнительным сомнительного содержанием. Иногда бывает что страница на которую переходит пользователь пытается скачать какой-то файл или запустить java-аплет — в таком случае стоит проверить данную страницу на наличие скрытого вредоносного кода и воспользоваться бесплатно онлайн проверкой. Для этого надо скопировать адрес подозрительного сайта и вставить его в сервис онлайн проверки сайтов Dr.Web.
  • Антивирусная утилита Dr.Web CureIt! сканирует весь компьютер целиком со всеми уязвимыми местами. На сайте Dr.Web всегда доступна последняя версия утилиты CureIt с обновленными базами сигнатур.
  • Онлайн проверка файлов Dr.Web Online может проверить ваши файлы  максимальным объемом до 12 Mb.

VirSCAN

VirSCAN — это еще один мощный сервис для проверки подозрительных файлов. Как и приведенные выше, сервис онлайн проверки VirSCAN объединяет в себе несколько разных антивирусов, всего их в списке 37. Комплексная проверка файла хоть и не дает стопроцентного результата, но помогает обнаружить большая часть угроз.

Онлайн сервис проверки файлов на вирусы VirSCAN позволяет единовременно загружать на сайт до 20-ти файлов. Максимально разрешенный объем файла или нескольких файлов не должен превышать 20 Mb. Также, в онлайн сканере VirSCAN есть возможность послать файлы одним архивом.

Плюсом для меня является возможность отображения процесса сканирования. Наблюдая за процессом, можно составить личное мнение об эффективности того или иного антивируса.

Если сканер пометил проверяемый файл как инфицированный, он отправляет данные о файле своим партнерам.

Учитывая, то что бесплатных онлайн антивирусов очень много, в этом материале я не ставил цель как-то их систематизировать. У каждого онлайн антивируса есть как положительные стороны, так и недостатки. И отзывы об онлайн антивирусах у всех пользователей будут различные. И я могу и ошибаться. Но это пожалуй решать уже вам.

Следите за обновлениями и подписывайтесь на нашу группу в вКонтакте. В следующей статье я продолжу обзор бесплатных онлайн антивирусов.

Вам будет интересно узнать:Список фальшивых, поддельных антивирусов!

www.spy-soft.net

Как пользоваться поиском по базе данных VirusTotal

VirusTotal stores the reports for every single scan requested by its users. This allows users to query and render them without having to submit the items (URLs and files) for scanning. The search feature can retrieve file reports, URL reports, domain and IP address reports (including our Passive DNS information), VirusTotal Community users and VirusTotal Community comments.

No automations! This search feature should not be used as a programmatic interface to retrieve VirusTotal reports, we will ban any scripts using this interface as if it were an API. If you want to use VirusTotal's dataset programmatically you should be looking at the VirusTotal Public API.

This search feature is a free service, available to any user. The search functionality should not be used in commercial products or services. VirusTotal also develops a premium service called VirusTotal Intelligence that offers advanced searching capabilities. Intelligence allows you to go from sample characteristics (antivirus detection names, size, file type, behaviour patterns, drive-by-download URLs, etc.) to a list of samples matching your criteria. These malware samples can be downloaded for further scrutiny. The research platform contains other features such as Yara rule matching on VirusTotal's live submissions, sample clustering, etc.

Contents

AudienceGetting startedSearching for file scan reportsSearching for URL scan reportsSearching for IP address informationSearching for domain informationSearching for VirusTotal Community usersSearching through VirusTotal Community comments

Audience

This document is intended for any VirusTotal user that wants to search through the dataset of past scans. No particular technical knowledge is required to understand the document.

Getting started

In order to get started you just have to refer to VirusTotal's search form and follow the instructions detailed in the next sections.

Searching for file scan reports

In order to search for the last VirusTotal report on a given file just enter its hash. Currently the allowed hashes are MD5, SHA1 and SHA256.

Some users might also be interested in searching for particular file scan reports (e.g. identified by a scan_id returned by the Public API), this can also be done, you just have to insert the scan identifier (sha256-timestamp_epoch). This will return the file scan for a given point in time rather than its last analysis.

Searching for URL scan reports

URL searches are simple, you just have to type in the given URL, the web application will normalize it and compare it with the items in VirusTotal's dataset. Specifying the URL will return the latest report on it.

Some users might also be interested in searching for particular URL scan reports (e.g. identified by a scan_id returned by the Public API), this can also be done, you just have to insert the scan identifier with the string "u:" prepended (u:sha256-timestamp_epoch). This will return the URL scan for a given point in time rather than its last analysis.

Searching for IP address information

VirusTotal runs its own passive DNS replication service, built by storing DNS resolutions performed when visiting URLs and executing malware samples submitted by users. In order to retrieve the information we have on a given IP address you just have to type it into the search box.

This report includes other details such as all the incidents seen related to such IP address: malware samples downloaded from the given server, specimens communicating with it, etc.

Searching for domain information

VirusTotal runs its own passive DNS replication service, built by storing DNS resolutions performed when visiting URLs and executing malware samples submitted by users. In order to retrieve the information we have on a given domain you just have to use the domain: search modifier in the search box.

This report includes other details such as all the incidents seen related to such domain: malware samples downloaded from the given domain, specimens communicating with it, etc.

Searching for VirusTotal Community users

Do you want to know whether a friend has a VT Community account? Simply type in their nick preceeded by the symbol "@", e.g. @VirusTotalTeam. Of course, in order to perform such a search you must first know his VirusTotal Community nick, the search feature will lead you to his VirusTotal Community profile page.

The comments in VirusTotal Community may often help in disinfecting your PC or may proof themselves useful when analysing a particular malware sample, comment tags enable users to search through the VirusTotal Community reviews. Just type in a tag, e.g. "#zbot".

www.virustotal.com


Смотрите также