How to check Threats found by Returnil anti-virus?

Discussion in 'General Returnil discussions' started by pdr, Feb 9, 2010.

Thread Status:
Not open for further replies.
  1. pdr

    pdr Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    14
    I have just run a system scan with Returnil, and it has provided me with a list of 5 malware items

    Questions:

    I would like to double-check the files so identified before deleting them. How can I do this?

    If I move them to quarantine, where are they stored? -- In case they are OK, and I would like to put them back in their original locations?

    Thank you for your help.

    Peter
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi pdr,
    Note: DO NOT post the results to the forums, but you can use Jotti and Virus Total to check the files against a number of different AVs for detection verification:

    Jotti: http://virusscan.jotti.org
    Virus Total: http://www.virustotal.com

    The Quarantine is an internal, isolated file inside of RVS itself. Files added to Quarantine can be restored to their original locations.

    Mike
     
  3. pdr

    pdr Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    14
    Hi Mike;

    Thank you very much for the quick reply:
    I do not see an easy way in Returnil to select any of these files, and send them off to either virusscan or virustotal. For example: right-click on the item within Returnil, and have the choice to submit that file? I guess that I have to navigate my way over to the file, then somehow send it as an attachment to an email message to one of those sites.

    Perhaps this has to be a suggestion for improvement in the other forum?

    OK. When I have checked them out, I will try to do that.

    Thanks,

    Peter
     
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    each of the sites allows you to browse to the file and then upload it. Once you open their site, you will see the browse button...

    Mike
     
  5. pdr

    pdr Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    14
    Thanks again, Mike.

    I have also found that you can download a small program on the VirusTotal site, that will add an item to the Right-Click Drop-Down menu. Once installed, you can right-click the file, go down to Send To, and VirusTotal will be one of the options. The file will be sent to VirusTotal, your browser will open, and when the file has been analyzed, you will see the results.

    This is much easier than browsing to the file while you are on the site.

    I still think, though, that a right-click from within Returnil file list would be a very significant improvement.
     
  6. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    So do we :)

    Thanks for the suggestion. It is getting good feedback internally but may not be available until the 3.2 series as there are higher priorities to address before we introduce this type of verification checking.

    Well done :cool:

    Mike
     
Thread Status:
Not open for further replies.