Unsolved
This post is more than 5 years old
1 Rookie
•
48 Posts
0
17948
January 13th, 2013 16:00
How to upload a file to Virscan.org?
Hello
I use MSE as my antivirus program. Let's say that it find's a file that it say's is a "threat" and put's it in the Quarantined Items folder. Than, I, [ pretending like I know what I'm doing], decide that I would like to "upload this file" to Virscan.org so it can be scanned to see if it is a safe file that I should keep or it is a real threat, and I should allow MSE to remove it from my computer. Well, that would be about all the further I would be able to go because I don't have a clue as to how to "upload a file".
About the only thing that I can think of that might be the answer would be to "right click" on the file in MSE- than choose "copy"- navigate to Virscan.org.- "right click" inside the File box and choose "paste". Would this be the correct way to do this, and if not, would you kindly tell me how to do it?
My computer is running fine so this is something that I do not need to know how to do right now,but it is something that I would like to know how to do. I have looked for an answer to this question on the Internet, but I am not very good at using the right word's in the Search box to get answer's that fit my question. Hope this all makes sense.
In closing I would like to say thank's to all you " ladies and guys" who "regularly" post here. Thank's for sharing your expertise and knowledge on computer security.
Thank You
LKW198
joe53
2 Intern
•
5.8K Posts
0
January 13th, 2013 20:00
Hi LKW, and thanks for the kind words.
First of all I would note that MSE has an extremely low rate of "false positive" detections- possibly the lowest in the AV industry. I can't recall it ever detecting any in the years I have used it. That said, no AV is perfect, and you ask a very good question.
I've not used Virscan.org to double-check detections, although it appears legit. I have used VirusTotal.com, which uses more than 40 scanning engines, and accepts uploaded files up to 32 MB, so it might be the better choice. (Virscan is limited to a 20 MB file, and uses fewer scans).
Here is how to upload a suspect file to VirusTotal.com:
1) Open MSE, and click on History tab>Quarantined items (radio dot)
2) Select the file you wish to upload, and click the "Restore" button in the lower right hand corner. Note that this takes that file out of quarantine, and restores it to its original location. So you want to be fairly sure your system was working OK before the file was detected.
3) The path to that file should be seen at the bottom of the window. Typically it will be something like:
C:\Users\ etc. Write this path down exactly in its entirety.
4) Now open the website Virscan.org (or VirusTotal.com)
5) Click the "browse" button, and drill down the path to the suspect file. Click on it to hilite it, and click the "Open" or "scan" button.
I have to admit that I can't vouch for this procedure with the latest version of MSE (4.1) as it has never detected anything. But I have a large stable of on-demand scanners that occasionally find false positives and this method has always worked for me.
ky331
3 Apprentice
•
15.5K Posts
0
January 14th, 2013 05:00
Question: Will MSE simply restore a[n allegedly infected] file from Quarantine? Or do you have to first set-up an "exclusion" to allow you to do so (even temporarily)??
iroc9555
2 Intern
•
1K Posts
0
January 14th, 2013 09:00
The important thing here is not to rush or panic when a security program detects a file as malware. Remenber it is already in your system so it can stay there a few more minutes while you do some research to find out what it is really.
1.) Copy the location and name of the file. Also the name given by the security program; Trojan, rootkit, worm, etc.
2.) Do not use your computer to go to banks or any site that you will use your passwords and credit cards untill you know what you got.
3.) Do a research on the web on the file. Google it or Bing it or Yahoo it So that you know if there is a malicious file such as yours, or check your antimalware forum for a new update of your antimalware that is detecting that file as a false/positive ( F/P ).
4.) Send the file to a couple of online analizers to be scan for 30 or more scanners. These could be:
https://www.virustotal.com/
http://vscan.novirusthanks.org/
http://virscan.org/
http://virusscan.jotti.org/en
Here if 2 or 4 scanners detect the file does not mean it is malicious since a few of the scanners use the same database or engine for detection; However, more than 7 or 9 detection, the file has to be considered as dangerous.
5.) You can deside if letting your antimalware quarentine the file or not, but NEVER DELETE. First do no harm and a deleted file can never be recovered. I am not particularly fine when it comes for your antimalware to clean your system. I do not think they do a good job. They are designed to protect you not to heal. so I choose step 6
6.) The best option here is to look for expert help. You can find it in the viruses and worms forum section most security programs have or pick one of any reputable site that has being giving this kind of free service for years. The experts there will use special tools to diagnose and clean your computer according to the specific infection.
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0
http://www.bleepingcomputer.com/forums/forum103.html
http://www.geekstogo.com/
Hope it helps.
joe53
2 Intern
•
5.8K Posts
0
January 14th, 2013 11:00
Another good question.
I'm not sure. I tried to download the eicar (false positive) test file but MSE detected and deleted it as a severe threat. It was placed in Quarantine but I could not restore it anywhere, as I had not been allowed to save it in the first place.
So, I disabled MSE's real-time protection in a Win7 system, and also the IE9 Smart filter, and was finally able to download this "false positive" eicar.com test file to my desktop. I then ran an MSE on-demand scan, and of course it was detected as a "severe" threat and quarantined. I was able to restore this file to my desktop and upload it to VirusTotal, where 43/46 scanners tagged it as a Eicar test file/not-a-virus.
Upon re-enabling MSE's real-time protection, that eicar test file was immediately detected and quarantined again.
As I noted, I can't recall any false positive detections by MSE in the years I have used it. But judging from this test, it would seem one can restore a false positive detection from Quarantine, without resorting to labelling it as an "exclusion".
LKW 198
1 Rookie
•
48 Posts
0
January 15th, 2013 09:00
Joe53 Ky331 iroc9555
Thank-you for your excellent response's to my question. I could't be more pleased in what I have learned in this thread. I have printed it off in it's entirety and will keep it on file in case I need it some day. You have once again shown me why this is such a good web site to come to learn and ask question's on how to keep my computer protected.
There is one thing that you have to give me credit for though. I was correct when I said " I don't have a clue as to how to upload a file". I "wasn't even close" when I made reference as to how I thought this procedure should be done. So after you guy's got done rolling around on the floor laughing your head's off at how I was going to do this, thank's for composing yourself's long enough to post back showing me the right way.
LKW198