I'm surprised more people don't mention PEStudio - such a useful tool for identifying mysterious files! If a security tool finds a strange driver or .dll, this makes it much easier to track down where it came from. In addition to sending hashes to VT, it has useful categories of information including Strings, debug info, etc which can give lots of clues. This program would have made my life easier a few years ago. It can be integrated into the context menu, although the .reg files need to be manually edited. https://www.winitor.com/
Hi RJK3, I'm curious what uses people have for an on-demand scanner (I had to look up that term; then I voted for "I don't use on-demand scanners.) So, what types of "mysterious files" would get onto your computer? How would a strange driver or DLL get onto your computer? thanks, ---- rich
Hi @Rmus - on mine? I suppose you've already identified the main method a strange file could get on on one of my machines: by the very act of running on-demand scanners They often install temporary drivers to facilitate their functioning, and these drivers often share many characteristics of malware (e.g.: unsigned drivers, random filenames, no identifying information in properties or when googling the hashes, no clear purpose, etc). These show up on Autoruns, and other scanners will in turn diligently flag these suspicious drivers - so the paranoid triangle goes. I've seen threads on security forums where MVPs and helpers provide scripts and support to clean up "infections", yet based on the hashes I knew were actually just randomly named files for stand-alone security tools. Through insecurity, it's possible to chase one's own tail. Alternatively, many legitimate drivers and services aren't properly signed, so I prefer to investigate the first time so I know what's normal later. But on other people's computers - which is the main context for the quoted post - then it's normally from malware/PUPs. I prefer to make sure that it's not a file from some program that I've never even heard of, since people often install things that I would never consider to be a good idea. A VT page with all clean doesn't really tell me anything useful or actionable. Possibilities: - Second opinion on a machine with an AV, since each on-demand scanner may vary on engines, definitions, and methods of detection; - Sanity check for people not using real-time AV/AM software; - For cleaning up 3rd party machines.
No, I know nothing about them and how they work. OK, I missed that. I assumed the topic was asking about people using scanners on their own systems. ---- rich
No worries. Yes, looking at my first reply in this thread I must have taken the OP that way too, but my answer around PEStudio was considering both my PCs as well as others. On my own machines, PEStudio is mainly something I'll put out if for some reason I want to look more closely at a file I've chosen to download - but it does help break that paranoid triangle too. Out of curiosity, how is it you've never had experience with these kind of tools?
If threats are not detected by my active Eset NOD32 Anti-Virus then I trust MalwareBytes Anti-Malware to scan the rests.
What type of file? How will that program help you look more closely at a file? More closely in what way? I'm not sure what you mean. I've never felt the need to use them. ---- rich
VT Hash Check (surprised by the lack of love for the wonderful app) MBAM Hitman Pro Kaspersky TDSS Killer GMER (other)
Well, there are actually quite a number of tools with VirusTotal integration these days. I personally use PeStudio.
It looks like Avira has to update their licence for PC Clener. I get this today (even with new "installation"):
Looks pretty heavy by comparison. I like how light VTHC is. It confirms whether a file is clean using VT's database, and that's it. Taking a glance at PEStudio it looks like it does a bunch of other stuff I have other layers in place to do. I also like how you can use a Download Manager to make get it to automatically scan new downloads. As a Sandboxie user that's not necessary but for those that don't use SBIE that feature is very useful.
I do not use on-demand scanners on my own system. However, these are the ones I use when I do malware removal. Emsisoft Emergency Kit Malwarebytes Anti-Malware RogueKiller TDSSKiller To this you could add JRT, AdwCleaner, ESET Online Scanner, etc. but they aren't listed in this poll.
I don't have any on-demand scanners installed. I use Hitman Pro (one-time scan) when I feel the need to do so. On other PCs, Hitman Pro and MBAM.