If you want a free online virus and malware scanner, look no further than VirusTotal. Unlike antivirus programs running on your computers and taking away viruses and malware after they have been installed, VirusTotal allows you to scan the URL of a file directly before opening it. Or, if you wanted, you could download the files first and then find out straight away how clean the file is that way.
Since VirusTotal is a free tool, many underestimate its powers: it has been owned by Google for over five years now, so it has got one of the biggest names in the business managing and maintaining it. Keeping the world happy and safe online is in Google’s best interest, and that’s likely got something to do with them offering everyone free access to this more-than-useful tool.
Not nearly enough people are aware of its existence though, and many of those who have heard of it do not use it because they never found out how to go about scanning the files. I blame the navigation of the website a little bit for that, and not enough websites covering it to their subscribers should shoulder much of the blame for the rest.
Using VirusTotal is the equivalent of 60+ different antivirus and antimalware tools bundled together. That means you would need to install 60 different tools from different companies to get the same amount of goods that you get from this one tool. In order words, it’s as powerful as they come.
The reasons for wanting to use VirusTotal are the same as why you want to run antivirus protection in general: the web is a great place, but there are also people out there doing things, usually, because it leads to them being able to make money one way or another, that can cause you harm. Most often this is done by hiding malware in bundles and other free files that you then unknowingly download—a big issue in recent times has been malware (adware in particular) hiding inside files that people think are torrents that they’re downloading, and often these torrent sites can even host sponsored links that are files with nothing but a healthy dose of adware.
You shouldn’t be thinking of VirusTotal as a substitute for antivirus protection either. You still want to be running Windows Defender if you’re on Windows 10 or another antivirus if you use another operating system. This is just another layer of protection that you can apply over the top of your existing protection because programs like Windows Defender aren’t stopping harmful files from being downloaded; they are hopefully detecting them when they scan the system periodically, so those files can be on your system between the period of you downloading them and when that period scan eventually begins.
Upon my research, I found quite a few helpful videos—one of them by a man with roughly a 30-minute walkthrough analysis of VirusTotal. His pseudonym is Keen Buffer, and he deserves some credit for this article that I’ve put together. A point he wanted to make people aware of is that a lot of malware is coming from domains that are spelled similarly to the websites you want to visit. For instance, mistype facebook.com by one letter and all of a sudden you are on a webpage that is deceiving you into thinking that you are on the real Facebook website and you then begin to click away. I must admit that I consider myself pretty close to a web guru, being someone that visits websites nearly all day long, and I cannot say I stumble across these types of tricks very often myself. Part of the reason might be because the web browser does a pretty good job of keeping it in its memory bank and automatically spelling the rest of the works for me after I’ve done it a few times. Sometimes you’ll get a bunch of links that are advertising on these landing pages because they are owned by people and available to be purchased. These are called “parked” domains, and the ads give them a means of continuing to make money while it is being parked, which is important for sellers because you have to pay a yearly fee to hold onto a name. That’s not to say that what this man is suggesting is not the case for many websites out there. I just do not think it is a huge problem at the moment. Nonetheless, VirusTotal has a handy feature available where it will help you land on the correct webpages and domains when you misspell them. It does this by having an algorithm that can detect websites with similar names and directs you to those instead of the webpages and domains that do not have anything there. What’s more, it is particularly handy because it has people looking out for those domains that exist that do have malware and trying to catch you out, making sure those are ones you will not land on.
What Is VirusTotal Used For?
When you open the front page of the VirusTotal website, you’ll see three tabs available. The first is “File.” It gives you a button beneath it for uploading and scanning files. This isn’t a great starting point and would confuse people: the main point of using VirusTotal over something like Windows Defender is scanning before the files are on your hard drive. Otherwise, people would wait for Windows Defender to scan it if it were already downloaded. The second tab on the page—and a much wiser tab to show first—is the “URL” tab, and when you click on it, it gives a field where you can paste a URL of a file. The third tab is the “Search” tab, and you can enter a website domain or IP address here. There is little difference between the Search and URL tabs, and it is possible to enter domain names in both. The difference is the IP address and file hash.
In this example, we will use files from the Major Geeks forum. This is a popular forum for geeks and where many useful tools we’ve used over the years have become available to download. Using the Major Geeks site navigation down the left side of the homepage, I’ve clicked on the “System Tools” link to find some tools to download. When I click through to the page that the link is on, I’m going to right-click the mouse over the link and then choose to copy it. That way it isn’t downloading to my computer, and I’ve copied the link’s URL because each link needs to have a URL where it is shown on a webpage. You’ll be able to right-click any link from any webpage like this online. So you find the file you want to download from the webpages you visit and do the same thing.
Now you need to open the VirusTotal website, found at https://virustotal.com, click on the “URL” tab from its homepage and then paste the URL that you copied from your download source webpage. When you do, it’ll look like this in the picture below.
Now you just click on the magnifying glass on the right side of the URL field, and it starts to analyze your file’s URL. When it’s complete, you’ll get a score at the top of the page just like in the picture below. You can also scroll down the page and check out all the different antimalware and antivirus results after it was scan by each of them.
Many people in the IT industry use this tool a lot for scanning files, and you can immediately start to think of ways you can use it yourself. So many people out there are downloading torrent files, whether legally or not, and just hoping that the file they are downloading is not a virus. There’s no need to be taking that risk. All you need to do is remember this website and copy and paste the link and check the results. The scan will complete relatively quickly for most files.
Uploading Files from Your Computer
Any file that is already on your computer could be harmful if it is malware or a virus. The chances of it being harmful dramatically increase if the file is sitting inside an account that has administrative permissions. The antivirus that you have installed on the computer will periodically scan and then get rid of any known threats for you, so hopefully, that results in your mistakes not causing too much damage. Nevertheless, VirusTotal also offers the option to upload files that are on your computer so you can scan them as well. That way you get to find out instantly if it’s something that is a threat so you don’t have to wait until whenever that next virus scan your antivirus does might be. If you’re anything like me, you probably won’t go to the effort of using this part of the tool all that often because you’ll just lazily let your antivirus software pick it up then instead, but the option for uploading files is still very useful nonetheless.
In this example, I’m going to head back to the Major Geeks forum and download a file this time so that it ends up on my hard drive and then I’ll upload it to the VirusTotal tool. The tool I’ve downloaded this time is the ClearIP tool for monitoring my IP address and detecting changes, so that’s the files details you’ll see when I upload it from my hard drive. You just visit whatever webpage you want to download your tools from so they end up on your hard drive instead.
After downloading the file, open the VirusTotal website again and this time leave it on the File tab from the homepage and click on the Upload and scan file button.
Now you just upload the file from your Downloads folder in File Explorer and then it starts the scan right away without having to click anything from the VirusTotal website. The next thing you’ll see is your results showing up. This time one engine has been found. You can look further down the same page to find out what antivirus or antimalware software picked it up as harmful and the others that didn’t. The more software that suggests your file is harmful, the more likely that it is harmful.
Now because I’ve been given one potential red flag, it has me feeling a little nervous about this file, so it’s time to do some further investigating. On the same results page, you’ll see three tabs: the Detection tab, the Details tab, and the Community tab. Each of the additional tabs is useful for trying to figure out what to do next. The value of the community tab is pretty straightforward: you get to read comments left by others, and they help you judge the file’s safety based on other people’s experience. Just getting one reg flag is quite common so you shouldn’t assume this is going to be a virus, but you’ll want to make sure as best you can before deciding to keep it on my computer. So what you need to do next is click on the Details tab and then feast your eyes on the History section.
Under the History heading, you’ll see a date of creation, date of the files first submission, date of its last submission and last analysis. What you want to do is make sure that there is a reasonably large gap between the dates from this section. The fact that this file was created way back on 2005, was then submitted in 2007 and was then submitted to VirusTotal in 2013 tells me that the likelihood of this file being a virus is very low. A red flag would be if the date of creation and submission were the same day or a time that were only a few days apart. That’s far more what you can expect to find from a malicious file because they generally won’t go to anywhere near as much effort as creating something and then letting it sit there for a long tie just to try to make it look real. Nobody has time for that, so it just isn’t likely to happen.
The reason this History heading is so important is that it is possible for someone to change the file name and then repost a file on a website. If that happens then, the hash code will be different on the VirusTotal results page, and it will mean a new creation date. Anything that’s only been around the internet for a short amount of time is going to be a risky keep and anything that’s been around for a long time is likely safe.
Web Tip: One thing I also noticed someone say when researching VirusTotal was that it’s best to head to a search engine like Google and type the name of the website that you are wanting to visit rather than just typing the name into the address bar, and I agree. All websites that have good content will be indexed in Google. The search engine, so long as it is one of the more reliable ones, will be able to tell what site you are looking for if you slightly misspell it. Things can be a little tricker for blogs and news sites that aren’t some of the largest in the world, but generally speaking, if it’s something that you know is a well-known site, use Google instead of the address bar so you avoid landing on a domain that is trying to trick you into thinking it’s the real domain. It’s very difficult to get a website ranking well on Google, even if you’re someone writing high-quality content every day. Google is smart enough to not rank the junk and always rank the real site. There are also things you can look for to know that the domain you are searching for is the legitimate one, such as social media pages beneath it, a logo and Wikipedia links available to the right of it and so on. And if it’s a really big company like Facebook you might even get the stock prices etc. appearing to the right of the link. The important thing to note is that those extra details Google is giving you are associated with the link on the left which is the link you visit to go through to the website itself. Again, I should reiterate that it isn’t like that for all sites—you know we are a legitimate and trustworthy source of information, and yet we don’t have any flashy information in Google, partly because we don’t try to do things like create Wikipedia pages and partly because we just aren’t big enough. But if what you are looking for is a big site such as Facebook then these details will always be there. They get so much traffic that it becomes a priority for search engines to let you know what the official site is in its results, and it’s important they do because where there’s a lot of traffic, there are opportunities for viruses to try to take advantage of the misguided traffic.