How to check a file for viruses before you open it. So you’ve downloaded a file and aren’t sure whether it is safe to run – perhaps it was an illegal music track or a suspicious download from a file sharing site or a Torrent site?
Your own antivirus software should already have scanned it and alerted you if it found any virus infection. But what if your antivirus is not very good or just doesn’t recognize the particular virus that may be hiding in this particular file?
Either way, if it doesn’t recognize the virus then it won’t stop it infecting your computer – so if you are at all suspicious about a download you should test it by other means first.
Checking For Viruses – The easiest way to check it before you try to open/run/play it is to submit it to a free online service that can scan it for viruses using 20 – 40 different antivirus programs. That way, even if your own antivirus software failed to spot a virus in it, there is every chance that the others will – and you can then delete it to ensure your computer is not infected.
Two excellent online services that provide this facility (for files up to 20MB in size) are: Jotti’s Malware Scan and Virus Total. Just go to either site, click on the ‘Browse’ button and select your file from wherever it is stored on your computer, then press the ‘Submit/Send File button’ to start the scan.
If it has previously been submitted for assessment by someone else (which is common as these services are very popular) the results will be found almost instantly because they can just use the last report on it which is stored in their database. Jotti’s will display the report whilst Virus Total asks if you want to View The Last Report – click on that to see it.
If your file has never been submitted for assessment before, both services will take a bit longer to report as they have to run it through all their antivirus programs to produce the results.
Interpreting The Scan Results
There are 3 possible results:
1. All of the antivirus programs report that it is clean. Jotti’s will display ‘Found Nothing’ in green next to each antivirus program and Virus Total will display a dash (-) next to each antivirus program. Although there are no guarantees, it is reasonable to assume that it is not infected and is safe to use.
2. All of the antivirus programs report that it is infected. Both Jotti’s and Virus Total will display a virus name in red next to each antivirus program. Although there are no guarantees, it is likely that it is infected by a virus and should be deleted immediately!
3. A few of the antivirus programs report that it is infected. If the file is not really important you could delete it to be on the safe side. If you would really like to use it you need to decide for yourself based on the actual results:
For example, we submitted the RKill program that we previously recommended in our article on how to temporarily kill running viruses on your computer. Because of its nature (it automatically closes some running processes) RKill could in theory be viewed as suspicious but it is such a popular (and good) program that any decent antivirus software will have already learned that is a genuine program and so will correctly mark it as safe (not a virus).
At Jotti’s 17 out of 20 antivirus programs found no problems with RKill but 3 (that frankly we have never heard of) flagged it as a virus – wrongly in our opinion. Similarly at Virus Total, 32 out of 42 found no problems but 10 flagged RKill as a virus – again, these 10 were the least well known antivirus programs that we personally would feel quite safe ignoring.
If all the better programs like Kaspersky, Avast, NOD32, Norton etc rate a file as safe then we would go with their view rather than that of some unknown, unpopular or relatively untested antivirus programs.