Quickly virus check files on VirusTotal from Windows Explorer's context menu

Martin Brinkmann
Nov 12, 2013
Antivirus, Software
|
9

Sometimes when I download files to my system I'm cautious to execute them even if residential antivirus programs running on the PC have not picked up anything yet.

I prefer to double-check -- sometimes even triple-check -- files before I execute them on the system, especially if I'm not trusting the website I downloaded them from.

Virustotal is my go-to service for these kind of things. I can use the service on the website directly, which is fine when I'm working on a third-party computer for example or when I want to check a file that I have not downloaded yet.

What I prefer to do most of the time to speed things up though is to use a program like Virustotal Uploader straight from the desktop. The program is great, offers a user interface that lets you scan multiple files in a heartbeat, and also comes with Explorer integration to quickly scan files from there.

If you prefer a program that is more bare-bones than that, you may want to take a look at VT Hash Check. It adds a "Check File Hash" option to Windows Explorer that you can use to quickly compute the file hash and check it against VirusTotal's database.

VirusTotal Hash Checker

Note that it won't upload files to VirusTotal. If a file hash is not found in the service's database, it offers to load the VirusTotal website in the default system browser so that you can upload the file directly on it.

While this is not as comfortable as what VirusTotal Uploader offers, it may be suitable on systems where bandwidth should not be wasted on file uploads.

Before you can check any file against VirusTotal's database, you need to enter an API key into the settings. For that, you need to create an account over at the website first.

Reports are displayed in a new window on the screen. The top lists the number of hits -- meaning antivirus engines that detected malicious code. Below that is a table of all engines and their results, including the name of the virus found in the file. A click on Full Results opens them on VirusTotal's website.

The Tools menu at the top of the results window displays interesting options. Here you can export the results to csv, txt or json files, use TrID to identify the file, or request a rescan of the file.

Closing Words

If you are using VirusTotal Uploader, then there is little reason to download and install VT Hash Check as well. The only feature that it adds to the table is the file identification using TrID, which could be useful especially when malicious users have renamed files to avoid detection.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. imu said on November 12, 2013 at 6:03 pm
    Reply

    Phrozen has updated its software after your review to meet your expectations Martin :)

    1. Martin Brinkmann said on November 12, 2013 at 6:39 pm
      Reply

      That was very sweet of them ;)

      1. imu said on November 12, 2013 at 7:08 pm
        Reply

        …plus remember the issue I was having with new Sigcheck? (I know you don’t :)) anyway Russinovich has it fixed updating to 2.01 few days ago :)

      2. Martin Brinkmann said on November 12, 2013 at 10:26 pm
        Reply

        It is displaying the malicious hits now?

  2. melen001 said on November 12, 2013 at 3:29 pm
    Reply

    Hi,

    You’re correct concerning the french site for Virus Total Uploader. Just go HERE for English version >>>>> https://www.phrozensoft.com/processdl_24.ps It does an excellent job and is, and always has been, a very valuable tool for verifying and identifying malicious files that might seems suspicious. This is very useful when downloading software from sites that you suspect might have malware and you want to verify just in case. It integrates to Windows’ Explorer and you can us it right from your “right click” menu in a second which is very fast and convenient and that’s just great. Get it on your PC. I assure you that you will use it frequently.

    Thanks for a wonderful and useful review,
    George Melendez
    Humacao Puerto Rico

  3. Pete said on November 12, 2013 at 3:10 pm
    Reply

    From the FAQ at virustotal.com :
    “we have built a desktop application that eases the task of uploading files to our multiantivirus scanner, find out more about VirusTotal uploader or check other community alternatives such as PhrozenSoft VirusTotal Uploader, though we are not responsible for the latter.”

    If they choose to mention one alternative to their(Google) own uploader software, then I believe they think it’s worth mentioning ;)

  4. Daniel said on November 12, 2013 at 2:38 pm
    Reply

    VirusTotalUploader link seems to be leading to a French site that doesn’t seem to have any connection with the program.

    1. melen001 said on November 12, 2013 at 3:31 pm
      Reply

      You’re correct concerning the french site for Virus Total Uploader. Just go HERE for English version >>>>> https://www.phrozensoft.com/processdl_24.ps

    2. Martin Brinkmann said on November 12, 2013 at 3:20 pm
      Reply

      Corrected.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.