1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How Reliable is a Virustotal Scan?

Discussion in 'BlackHat Lounge' started by mrtwister_65, May 4, 2012.

  1. mrtwister_65

    mrtwister_65 Regular Member

    Joined:
    Dec 30, 2009
    Messages:
    462
    Likes Received:
    534
    I wanted to share an email harvester on BHW. So I run it through virustotal.

    Scan Result:

    Sophos - Mal/Generic-L
    Symantec - WS.Reputation.1
    TheHacker - Trojan/Dropper.Delf.dhp

    But my Avira Antivir, Avast and Microsoft Security Essentials do not find those viruses in the file. So, what's your take on those results?

    Edit: App is cracked and after the installation works without entering any reg codes.
     
    Last edited: May 4, 2012
  2. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    Whenever I use virus total I mainly look at the results from Nod32 and Kaspersky. I then scan the program with a legitimate copy of Kaspersky on my own computer and if I think it's necessary I use the Safe Run option. What your're getting above are most likely false positives due to the nature of the program and or the fact that it has been cracked.

    PS. Always use a quality firewall. A good firewall with the right setup can go a long way, even without an antivirus program.
     
    • Thanks Thanks x 1
    Last edited: May 4, 2012
  3. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    It all depends on how long ago the file was last modified.
    If a .exe is crypted it may take a while before the malware is
    recognised by the other AV's They now have crypters that update
    over the web so the malware will never be detected.

    With those results I wouldn't let it near my PC unless it was on VMWare or in a sandboxie.
    What you need is a process viewer like all seeing eye by sysinternals so you can see exactly what processes
    it runs or drops onto your system.
    You should also use an udp/ip viewer to see exactly where you computer is connecting to.

    Av's are only any use after the horse has bolted.
     
    • Thanks Thanks x 1
    Last edited: May 4, 2012
  4. WizGizmo

    WizGizmo Super Moderator Staff Member Premium Member

    Joined:
    Mar 28, 2008
    Messages:
    3,846
    Likes Received:
    55,442
    No Virus scan is 100% reliable. The most protection a user can have
    is to run an application through VM (Virtual Machine) software. That
    way, if there is any virus or malware, it does not infect the user's
    host machine.

    "Wiz"
     
    • Thanks Thanks x 1
  5. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    I would really only be concerned if more than a couple picked it up as a virus. One or two could just be a false positive.
     
    • Thanks Thanks x 1
  6. WizGizmo

    WizGizmo Super Moderator Staff Member Premium Member

    Joined:
    Mar 28, 2008
    Messages:
    3,846
    Likes Received:
    55,442
    That is still a risk since you would only be guessing. Personally, I won't
    use a piece of software if it has even just ONE virus alert showing.