Free VirusTotal Uploader Links to 40 Antivirus Programs
Supercharge your security with VirusTotal Uploader, which uploads your files to a free online scanner.
By Erik Larkin, PC World
February 22, 2010 06:12 PM ET

The latest version 2 of the VirusTotal Uploader utility adds a new program window with some useful extra features. For starters, you'll see a list of all the programs currently running on your PC. To get a VirusTotal scan on any of them, select it and click the "Upload process executable" button.

Another handy option--and one that's exclusive to the uploader--will have VirusTotal fetch and scan an online file without your even having to download it first. Type in the URL, or right-click it and choose "Copy link location" to cut and paste it, and then click the "Get and upload" button. The file will skip through your computer's memory, but will never save to your hard drive. You'll get the usual list of results and can then decide whether you want the download.
http://www.networkworld.com/reviews/2010/022210-free-virustotal-uploader-links-to.html Haven't tried it yet.

Tried ver. 2 on XP.

Tested the uploading of a running process EXE. No problem.

Some the payload infected EXE's in the Vietnamese communist (DDoS) malware that I inadvertently downloaded a couple months ago from a hacked but reputable web site had the mentioned EXE's set as hidden system files.

IIRC, I had to go to a safe mode command prompt on XP before I could change the attributes with the attribute command to try to delete them. (But they reappeared when machine was rebooted :( )

I hope that this uploader will be able to upload EXE's in the process list even if they are (bogus) hidden system files.

BTW the reason that I first noticed the malware was that my firewall asked permission for them to access network. The firewall also showed what folders the EXE's were in on the HD.

FWIW, Spybot S & D and Windows Defender will also show where on the disk that running processes were loaded from.

IIRC, I had to go to a safe mode command prompt on XP before I could change the attributes with the attribute command to try to delete them. (But they reappeared when machine was rebooted :( )
Would Malwarebytes cage those critters?

Would Malwarebytes cage those critters?
Sometimes you have to wait a week or two (or more :( ) for new virus signatures to be developed. Depends on the AV company.

I have AdAware, MalwareBytes, and other on-demand AV products on my PC. IIRC both of those did NOT detect the malware at the time.

Results in detecting malware depend on which AV software you use and when you fetch the updates or when you scan (in the case of cloud based AV).

In my particular situation, PC TOOLS Threatfire was the first to find the malware, most likely because it is mainly BEHAVIOR based.

When Threatfire found the malware because of the BEHAVIOR it ALSO gave me it's name for the malware. I then googled that name and did more research on it. During that research, I discovered that SurfRight Hitman Pro was recommended as a good tool to clean the particular malware. When I installed and ran it, it found more traces (perhaps already incapacitated but not cleaned by Threatfire) and removed them. It's a 30 day free trial. It uses multiple engines (on the web?) and other methods to detect malware.

YMMV. Results depend on AV software mfg. and how long after the threat is released that you download updates and scan.

Threatfire is both resident (behavior based) and has on-demand scans.

I have used Threatfire concurrently with both Panda Cloud AV and with AVG 9 without problems.

Of course any AV can and will sooner or later flag "false positives". I've had this happen with Malwarebytes.

At any given instant in time, I think Microsoft Windows Defender (free download for XP, incl. in Vista & Win 7 ?) will tell you what EXE's are talking to the network. Using that info, you could use the uploader to vet any EXE you want with VirusTotal. Of course, for example, a trojan keylogger would maybe only talk to the internet when it had some keystrokes to send. Maybe not keeping a 24/7 session open.

If a threat is a true 0-day threat, your chance of catching it is pretty low because nobody would have signatures. Behavior based and heuristic based scanning might help but are no guarantee.

If you wanted to be ultra safe, you could download the software and send it to virustotal. If virustotal does not have a MD5 hash for it, I'd wait a week or two to send it to virustotal AGAIN and see the results.

Note well that these steps do NOT protect against such things as "drive by downloads". For that kind of protection you can try AVG Link Scanner, McAfee SiteAdvisor, Firefox NoScript, etc. Those three do DIFFERENT things so they can be used together if one so desires.

Would Malwarebytes cage those critters?
This was a case of downloading infected program, NOT an infected document or media.
I don't know, but in the case of an infected program, doing a system backup (using the built in Windows system restore facility) BEFORE installing the infected program MIGHT have allowed me to rollback after discovering the malware. I don't know if this method is sure fire 'escape clause'. However it is a good idea to do this when installing software in most cases, I think.

Since the software in question has been under continuous use and development for almost 20 years (maybe since Windows 3.0 times?), I perhaps trusted it too much and installed WITHOUT a previous backup.

This was a case of downloading infected program, NOT an infected document or media.
Malwarebytes is effective on infected program files as well. I have used it recently to disinfect two friends' computers plagued by "Total Security (http://www.bleepingcomputer.com/virus-removal/remove-total-security)" and/or "Total Virus Protection (http://www.bleepingcomputer.com/virus-removal/remove-total-virus-protection)."

Malwarebytes is effective on infected program files as well.
I am sure that MalwareBytes often will work well on infected program files. So that was not my point.

I think my point is that Windows system restore is designed to move PROGRAMS installed AFTER the restore point "out of view" , if you will. They're still physically present in some form somewhere on the computer in most cases. If I understand the design PHILOSOPHY[?] , system restore is mainly designed to let you back out of incompatible/unstable software installs. Since DOCUMENTS and MEDIA are NOT PROGRAMS, and since one usually wants at least to eye ball documents before discarding or archiving them, I don't think system restore particularly is intended to make DOCUMENTS 'disappear from view'. But I have NOT studied system restore in Windows enuf to have a firm opinion on this.

Furthermore since system restore is NOT an anti-malware feature, it has no way of determining whether a PROGRAM is infected or whether a DOCUMENT/MEDIA is infected and doesn't care either.

I was just trying to point out that system restore could be used as a kind of "halfassed" workaround/recovery tool , provided one has taken the foresight.