Unzip - Viruses?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I have a file given to me by a friend - but I am leary of opening it
for fear of getting a virus.  Am I justified?  What if I open it and
run it through my anti-virus program?  If it passes, would that assure
safety?  If not, is there another way to check the contents of the zip
file for possible malware?

Re: Unzip - Viruses?




| I have a file given to me by a friend - but I am leary of opening it
| for fear of getting a virus.  Am I justified?  What if I open it and
| run it through my anti-virus program?  If it passes, would that assure
| safety?  If not, is there another way to check the contents of the zip
| file for possible malware?

Submit a sample to Virus Total -- http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it if it is malicious.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Unzip - Viruses?



Fruit2O wrote:
Quoted text here. Click to load it

Let's see...

- You could scan it with your Antivirus software. Most have a
right-click option of 'Scan this file...' or something similar. When I
right-click, I can scan with Antivir.

- You could scan it with your anti-malware software. Most have the same
sort of option. When I right-click, I can scan with SuperAntiSpyware or
Malwarebytes

- You could submit it to VirusTotal (www.virustotal.com) and test it
against multiple scanners at once.

RB

Re: Unzip - Viruses?



Quoted text here. Click to load it

Yes, very much so. Contrary to the popular refrain "...and I don't open
files from strangers" - much malware comes (or appears to come) from
those you *do* know and trust.

Quoted text here. Click to load it

From a general security standpoint, if you didn't request it - delete
it. If you really *do* want it, then you should have it scanned for
malware some days after you receive it (cooling off - trying to avoid
day zero malware) by several scanners.

Quoted text here. Click to load it

No, only the first option assures safety.

Quoted text here. Click to load it

Old school - unzip and scan the resulting files. Now, most scanners are
capable of extracting the files for you when you scan the archive
itself.

...and as an aside, some malware has attacked vulnerabilities in the
implementation of that very feature.



Re: Unzip - Viruses?



On Mon, 2 Nov 2009 22:24:26 -0500, "FromTheRafters"

Quoted text here. Click to load it


Get yourself Sandboxie and run all your operations there to start
with.

Re: Unzip - Viruses?



Quoted text here. Click to load it

Not a bad idea, I used to use a registry change tracker like InControl
on an isolated machine - not perfect, but better than running unknowns
on my online machine.



Re: Unzip - Viruses?



FromTheRafters wrote:
Quoted text here. Click to load it
The registry change monitor is OK as long as you have enough functionality to
run it, whereas Sandboxie prevents a loss of this functionality.

Re: Unzip - Viruses?



Quoted text here. Click to load it

If it is a .zip file, you could use powerarchiver (free) to see the
names of the files inside the zip.
Virustotal may be able to identify virus in a zip.  If it is a self-
extracting .exe file, don't open it
until you submit it to Virustotal (there are other multi-checking
sites.)  You should be
wary of anything you aren't sure of, such as the friend's file.  If
the file is a .zip and
powerarchiver shows a folder or only one file, then you could unzip it
and submit
the resulting file to Virustotal.  Using Virustotal on a single file
is easier and probably
more up-to-date than your AV software.

Site Timeline