Unzip - Viruses?

F

Fruit2O

I have a file given to me by a friend - but I am leary of opening it
for fear of getting a virus. Am I justified? What if I open it and
run it through my anti-virus program? If it passes, would that assure
safety? If not, is there another way to check the contents of the zip
file for possible malware?
 
D

David H. Lipman

From: "Fruit2O" <[email protected]>

| I have a file given to me by a friend - but I am leary of opening it
| for fear of getting a virus. Am I justified? What if I open it and
| run it through my anti-virus program? If it passes, would that assure
| safety? If not, is there another way to check the contents of the zip
| file for possible malware?

Submit a sample to Virus Total -- http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it if it is malicious.
 
R

Rube Bumpkin

Fruit2O said:
I have a file given to me by a friend - but I am leary of opening it
for fear of getting a virus. Am I justified? What if I open it and
run it through my anti-virus program? If it passes, would that assure
safety? If not, is there another way to check the contents of the zip
file for possible malware?
Click to expand...

Let's see...

- You could scan it with your Antivirus software. Most have a
right-click option of 'Scan this file...' or something similar. When I
right-click, I can scan with Antivir.

- You could scan it with your anti-malware software. Most have the same
sort of option. When I right-click, I can scan with SuperAntiSpyware or
Malwarebytes

- You could submit it to VirusTotal (www.virustotal.com) and test it
against multiple scanners at once.

RB
 
F

FromTheRafters

Fruit2O said:
I have a file given to me by a friend - but I am leary of opening it
for fear of getting a virus. Am I justified?
Click to expand...

Yes, very much so. Contrary to the popular refrain "...and I don't open
files from strangers" - much malware comes (or appears to come) from
those you *do* know and trust.
What if I open it and run it through my anti-virus program?
Click to expand...

From a general security standpoint, if you didn't request it - delete
it. If you really *do* want it, then you should have it scanned for
malware some days after you receive it (cooling off - trying to avoid
day zero malware) by several scanners.
If it passes, would that assure safety?
Click to expand...

No, only the first option assures safety.
If not, is there another way to check the contents of the zip
file for possible malware?
Click to expand...

Old school - unzip and scan the resulting files. Now, most scanners are
capable of extracting the files for you when you scan the archive
itself.

....and as an aside, some malware has attacked vulnerabilities in the
implementation of that very feature.
 
F

FromTheRafters

Bob L said:
Get yourself Sandboxie and run all your operations there to start
with.
Click to expand...

Not a bad idea, I used to use a registry change tracker like InControl
on an isolated machine - not perfect, but better than running unknowns
on my online machine.
 
A

ASCII

FromTheRafters said:
Not a bad idea, I used to use a registry change tracker like InControl
on an isolated machine - not perfect, but better than running unknowns
on my online machine.
Click to expand...
The registry change monitor is OK as long as you have enough functionality to
run it, whereas Sandboxie prevents a loss of this functionality.
 
R

russg

I have a file given to me by a friend - but I am leary of opening it
for fear of getting a virus.  Am I justified?  What if I open it and
run it through my anti-virus program?  If it passes, would that assure
safety?  If not, is there another way to check the contents of the zip
file for possible malware?
Click to expand...

If it is a .zip file, you could use powerarchiver (free) to see the
names of the files inside the zip.
Virustotal may be able to identify virus in a zip. If it is a self-
extracting .exe file, don't open it
until you submit it to Virustotal (there are other multi-checking
sites.) You should be
wary of anything you aren't sure of, such as the friend's file. If
the file is a .zip and
powerarchiver shows a folder or only one file, then you could unzip it
and submit
the resulting file to Virustotal. Using Virustotal on a single file
is easier and probably
more up-to-date than your AV software.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Best Anti-Malware 4
Should I be checking the files skipped during a virus scan? 10
Really 'dumb' question: why does Linux have viruses? linux virus,linux malware 136
latest detection rate URL for AV programs? best SECOND malwareengine, stand-alone is? 13
Obtaining a "Faux Virus"? 8
Norton vs Zip files 1
Latest on jl.chura.pl 2
Does \MsMpEng.exe(1360):\memory_07d80000 mean malware? 7

Top