Online System Security Scanners

I've provided several lists of home/personal PC security software resources users may find helpful in scanning, securing, and cleaning their Windows based computers of rootkits, malware and spyware, viruses and trojans, and rouge processes:

• Grand Stream Dreams Post: Anti-Rootkit Tools

• Grand Stream Dreams Post: Anti-Malware Tools

• Grand Stream Dreams Post: Anti-Virus Tools

• Grand Stream Dreams Post: System Process Tools

I almost always have a copy of most of my tools and the setup and installation files for my most preferred utilities and applications in these categories on an ever-present USB stick. That's important, because if I am asked to look at a user's pc, and it has been compromised, I may want to disconnect it from the network to do my work, severing any malicious activity from the network. Or maybe the network connection has been damaged or destroyed by the malicious file. In these cases, I might not be able to otherwise download one or some of these programs from the Net to the local pc.

Having a copy on my USB stick (set to read-only to avoid cross-contamination of my USB volume) is very useful.

Because of this, I don't usually see a daily need to run an on-line scan of a system to look for the presence of malicious software. No Net access means these options don't work. Also, dial-up users may find the time required to run these may be prohibitive. Broadband access users wouldn't likely see that issue.

However, there are times when the the option of running an online scan of a Windows system might be better than nothing.

Or in the case of a few online scanning services...they are dead-useful resources when working with a potentially compromised file that may not be registering with your installed anti-virus application, and you want peace-of-mind before opening it.

Or you might be getting what you think is a false-positive return of a file you a very sure is legitimate...but want a second opinion before progressing.

There are a number of lists out there like this one. I've tried to collect them together and group them by subject in an informative way.

Services and providers presented in alphabetical order.

Note: Some services use ActiveX controls to work, therefore can only be run from Microsoft Internet Explorer. I've tried to indicate these where possible.

Others are more Firefox/Opera friendly.

Some services will scan your entire system while others require the upload of a suspicious file to their service to scan. Reports may be provided via the web or via return email.

Primarily virus/trojan related online scanners

• Authentium - ThreatMatrix - (ActiveX required) - Free system virus scan

• Arcabit Online Scanner - (ActiveX required) - Free system virus scan

• BitDefender Free Online Virus Scan - (ActiveX required) - Free system virus scan of memory, files, folders, and drives' boot sectors with cleansing option.

• Computer Associates eTrust Antivirus Web Scanner - (ActiveX required) - provides virus scanning, curing and deletion support.

• Dr.WEB Anti-Virus - upload a file to scan for malicious software (look on page's sidebar)

• F-secure Online Virus Scanner - (ActiveX required) - Free system virus scan

• Freedom Online Scanner - Free system anti-virus scanner. I cannot tell if it will also remove identified files.

• eTrust Antivirus Scanner (requires MS Internet Explorer)

• HouseCall (Trend Micro) Online Scanner - (Java or ActiveX) - Checks for viruses, spyware or other malware/grayware. Also performs additional security checks and assists with detected item removal. (Windows, Linux, Solaris systems supported.)

• Kaspersky On-line Scanner - (ActiveX required) - Does not remove threats, only alerts user to the presence of a malicious file.

• McAfee Free Scan - (ActiveX required) - Free system virus scan

• Microsoft: Windows Live OneCare Free Online Scanner - (ActiveX required) - scans for and removes viruses, spyware and other potentially unwanted software and vulnerabilities.

• Panda Active Scan Online Scanner - (ActiveX required) - Scans for viruses, trojans, spyware, malware and provides support for removal of virus, worms and Trojans.

• Panda SpyXposer - (ActiveX required) - Scans for malware presence. Does not offer removal support.

• Symantec Security Check: Virus Detection - (ActiveX required) - "Virus Detection checks for known threats, including top threats identified by Symantec Security Response. Virus Detection provides an analysis of your results and offers suggestions for further action. It does not examine compressed files." -- from Symantec's service description.

Single-File Upload Scanners

• avast! OnLine scanner - upload a single file to check.

• CWSandbox - Laboratory for Dependable Distributed Systems University of Mannheim, upload a single file to check file behavior in a "sandboxed" system. Very cool behavior reporting. More information at the CWSandbox.org site. (added to list 02/07/2006)

• FORTINET - Online virus center - submit a single file for review.

• FRISK (f-prot) Software virus lab - submit a single file for review.

• IKARUS Software Vienna - Upload sample file for analysis and response is via email.

• Kaspersky File Scanner - upload a single file to check.

• Norman SandBox Information Center - SandBox Live - Upload sample file for analysis and response is via email.

• Sophos - Sample submission form - Upload sample file for analysis and response is via email.

• Sunbelt CWSandbox - Sunbelt Software's free automated malware analysis. Upload a single file to check file behavior in a "sandboxed" system. From website description, "CWSandbox not only analyzes the given malware, but also all other processes that are started or infected by the malware." More info here. (added to list 02/07/2006)

• Virusbuster - submit file to VirusBuster labs for review and feedback.

Malware (spyware/adware/etc.) Online Scanners

• a-squared Web Malware Scanner - (ActiveX required) - Free system scans for trojans, backdoors, worms, dialers, keyloggers, rootkits, hack-tools, riskware, tracking cookies.

• eTrust (Computer Associates) PestScan - (ActiveX required) - Free system malware scan and removal tool.

• ewdio (Grisoft) Anti-Spyware Scanner - (ActiveX required) - Free system malware scan and removal tool.

• Tenebril - Free Spyware Scan - (ActiveX required) - Free system spyware scan

• X-Cleaner Micro Edition - (ActiveX required) - FaceTime Security Labs malware scanner.

• ZoneAlarm Security Scanner (Check Point) - (ActiveX required) - ZoneAlarm Labs malware scanner--will not remove any malicious files by itself.

Online "single-file" Multi-Scan Test Websites

• Jotti's Malware Scan - Utilizing 15 different scan engines: AntiVir, ArcaVir, Avast, AVG Antivirus, BitDefender, ClamAV, Dr.Web, F-Prot Antivirus, F-Secure Anti-Virus, Fortinet, Kaspersky Anti-Virus, NOD32, Norman Virus Control, VirusBuster, VBA32.

• Virus Total Scan - Utilizing 28 different scan engines: Aladdin (eSafe), ALWIL (Avast! Antivirus), Authentium (Command Antivirus), Avira (AntiVir), Cat Computer Services (Quick Heal), ClamAV (ClamWin), Computer Associates (Iris, Vet), Doctor Web, Ltd. (DrWeb), Eset Software (NOD32), ewido networks (ewido anti-malware), Fortinet (Fortinet), FRISK Software (F-Prot), Grisoft (AVG), Hacksoft (The Hacker), Ikarus Software (Ikarus), Kaspersky Lab (AVP), McAfee (VirusScan), Microsoft (Malware Protection), Norman (Norman Antivirus), Panda Software (Panda Platinum), Prevx (Prevx1), Softwin (BitDefender), Sophos (SAV), Sunbelt Software (Antivirus), Symantec (Norton Antivirus), UNA Corp (UNA), VirusBlokAda (VBA32), VirusBuster (VirusBuster)

Software or System Security Vulnerability Scanners

• Dr. Web Link checkers service - plugin for Opera/Firefox/Internet Explorer. Scans file or web-page prior to opening to verify it is not malicious.

• McAfee WiFiScan - "McAfee Wi-FiScan surveys your current Wi-Fi^® connection, your wireless equipment, and local environment to assess security risks introduced by your wireless network." - from McAfee's service description.

• Secunia's Software Inspector - "Detects insecure versions of applications installed, verifies that all Microsoft patches are applied, assists you in updating your system and applications, runs through your browser. No installation or download is required." - from Secunia's service description.

• Symantec Security Check: Security Scan - (ActiveX required) - "Hacker Exposure Check - Checks whether your computer allows unknown or unauthorized Internet communications; Windows Vulnerability Check - Checks whether basic information about your computer, including your PC's network identity, is exposed to hackers; Trojan Horse Check - Checks whether your computer is safe from Trojan horses; Antivirus Product Check - Checks whether you're protected by a commonly-used virus protection product; Virus Protection Update Check - Checks whether you're safe from the latest viruses. Applicable if you have a virus protection product." -- from Symantec's service description.

Not Quite "Fully-Online" Based Software or System Security Vulnerability Scanners

A few of the products/services noted on other lists are included in their online scanner lists, but actually require download and execution of a exe (executable) based file on the local pc or download and running of exe (executable) based file from memory. While technically these might be considered "on-line" scanners, they are not so in the manner of the ones listed above.

I have chosen to include some of these products in this post, as they may be otherwise beneficial for interested parties to explore further;

• Aluria Software (EarthLink) Spyware Scanner - scans and identifies malware on the local pc.

• Computer Associates's Resource Center: (eTrust Pest Patrol, Optimization Scan, Privacy Scan) - download the appropriate tool and execute.

• Microsoft: Malicious Software Removal Tool (for Windows XP and 2K) - targets only specific threats, included in Microsoft Critical Updates, so you may already have the file (MRT.exe) on your system: It is usually located in the C:\Windows\System32\ folder on XP systems or in the C:\WINNT\System32\ folder on Windows 2000 systems.

• Webroot Enterprise Spy Audit - Generate a unique code, download the audit tool executable, find results.

Primary Sources:

I did quite a bit of work hunting these tools down, and then checking the links to get more information about the conditions they ran under and what category they would best be placed under. However, these links were the most helpful in providing me the services noted.

• Computer Cleanup : Free Online Scanners

• MikeAlao's Blog: Free Online Virus and Spyware Scanners (including updated links)

• NIST IT Security: Free Online Antivirus, Spyware, and Firewall Scanners Review

• VIRUSTOTAL - Hispasec Sistemas's list of participating companies

• jotti - list of participating companies

Just another class of security tools to keep you safe!

--Claus

Post updated on 02/07/2007 where noted. Big Thanks to Computer Defense blog for pointing out the additional scanner links!