Is VirusTotal Reliable Way For Finding Viruses On Exe Files?
You can also use https://www.hybrid-analysis.com/ and https://malwr.com/ to check samples. Keep in mind that you don’t know where the files you submit to these sites end up, so if it might contain sensitive information, it’s best to investigate in your own sandbox or VM.
Yes, it is. But it cannot be the only way to do it since viruses libraries may not be fully up to date when you scan a file.
It’s only an option to check through various viruses database if a certain file is or is not infected. But you cannot use it as a substitute for a local antivirus.
I personally believe it is, yes. In fact, I think it’s more reliable than local antivirus because it uses multiple products in parallel and is more likely to catch a virus or catch a zero-day earlier than any one product.
If you compute an SHA hash and check that, it’s quick but is only positive confirmation – if a hash is listed by several vendors, yes the file is infected. But if it’s not listed, the .exe may still be infected with a known virus but it’s a different .exe so the file hash does not match. You need to upload it. If you think it’s a zero-day, you can check back in a few hours. The score changes; false positives disappear and real ones are found by more products.
Others have pointed out that modern local antivirus will do detection based on heuristics – how a virus behaves when it tries to run. I can’t comment on that, though it seems plausible. I would still not rely on anyone AV; I would check on Virustotal anyway.
A .exe file is by its nature supposed to be an executable file. That makes it hard to characterize as a virus. You could run it in a sandbox and see what it does – if it makes unexpected network connections. You could eyeball the binary and see if it has unexpected text such as references to IRC servers or l33t like “greetz to T0m”.
If you have something that is supposed to be a JPEG or PPT but the metadata says it’s an EXE, that’s much easier. I block all EXE attachments on principle; if someone wants to send me software, they have to send me a GitHub or dropbox link.
Free antivirus programs aren’t always reliable. Virustotal will help you with finding common viruses, but a few viruses have great ways of hiding themselves. Before downloading something, know what you’re doing. If you really think you’ll get a virus and need to get rid of anything suspicious that touches your computer, maybe go for a premium antivirus like Norton which also offers a free 1-month trial.
It is because it scans a file with multiple antivirus products by using different scan engines.
In order to have a site like VirusTotal (VT), the site has to get permission from each of the products that it uses. Companies give permission to VT in exchange for many cooperative capabilities between VT and each of the product producers.
Because of that, there aren’t any (legal) alternatives to VirusTotal.
Virustotal is, like many anti-virus programs, only good in finding previously existing malware. If it’s new and not detected, it can still harm your computer. If you get suspicious files from anyone, run them first in a VM or Sandboxie.
From the past experience, most of the time, the .exe file tends to be miss-detected as viruses. Therefore, I prefer to use Kaspersky for scanning uploaded files before sharing.
Lastly, but not least, you can order any products by browsing through the following link