Not a trick question: Seriously, how do you scan a file?

[Jen898]

This is not a trick question gotta say that as I'm sure some experienced computer users out there will think I'm stupid for asking this question. Fact is some people are new to computers.

I'd like to know how a person scans an individual file to make sure that it isn't malicious once you've opened it up in Sandboxie and decided that you want to save that file to your hard drive.

For peace of mind please tell new users the >steps to take to make 1000% certain that the file is not something that will ruin your operating system >and that it's okay to go ahead and copy said file to your hard drive. Thank you

WindowsXP
Avast Anti-virus
IE7
Firefox3.6
Chrome8.0
Opera11.01
Safari5.0
Avant11.7

[Hank52]

I'm not sure how Avast works, but with Avria version 9, I just navigate to the File and right-Click on the File and Select Scan selected Files with Antivir. You would think Avast would have something similar?

I've looked on Google about Avast's Scanning method and I think you will have to look in Avasts settings to get a pop-up to tell you the results of the Scan, however if you should have a Virus, it's supposed to give you an alert sound.

If you were to get a Virus, just leave it there and let Sandboxie Delete the Sandbox.

One more thing. Even though the Virus will be Deleted, If avast detected it, it might have Quarantined it in Avasts Quarantine Folder. Don't worry about this. That Virus can't harm your computer in any way, and you can just remove the entry from Avast. You might also find that Avast will find a "Virus" in the System Restore when you Scan later. Not to Worry I'm told. That's just a "Windows thing" That can't hurt your Computer either. It's just another neutered copy of that Virus. Just Delete that System Restore point so you won't get anymore notifications from your Anti-virus Scanner.

Ken:

[BoredNow]

Yeah, like Hank52 said, just right-click and scan.

There's two ways to get there.

The first way scans your entire 'Sandbox'...the second way scans the specific file.

(1) Open My Computer > Local Disk (C) > Right-click Sandbox and choose 'Scan with Avast'

(2) Open My Computer > Local Disk (C) > Open Sandbox > Open (your name)>
Open the sandbox the file is in...eg.DefaultBox > Open User > Open Current >
Open the location you saved it to ..eg. Desktop > Right click the file and choose
'Scan with Avast'

I'm assuming Avast has the 'right-click scan' capability.

I usually just do the first method. If I find something then I track down the file
that I downloaded (method 2) and scan it again to confirm that it's the file my
AV scan caught.

[BoredNow]

FireWall - Comodo 2.4 ??? ...two point four??...LoL..that's sooooo 2008.

[bs1]

@Jen898,

Follow BoredNow's and Hank52's instructions regarding how to scan, using your resident anti-malware software, a sandboxed file before recovering it to your real system.

But, if you want to go one step further to be "1000% certain" (as you phased it), then you should consider scanning the file via Virustotal. Virustotal (and there other sites like it) is a free online scanning service that will scan a file using over two dozen anti-malware engines. The more scanners, the greater the likelihood that at least one of them will detect a new virus (or zero day exploit) that others might miss.

Using Virustotal is simple. Go to their web site, click the Browse button, and navigate to the sandboxed file that you want to scan.

[FYT]

I wanted to ask a closely related question so I thought I would just revive this thread rather than start a new topic. The method of malware scanning for sandboxed files mentioned above is the one I've been using. However, I noticed when you click "Explore Contents" in the Sandbox menu that you get a message recommending running windows explorer sandboxed before manipulating files. Is there a security risk in using the method of scanning via unsandboxed windows explorer?

If there is, then I've run into a snag, because neither of my on-demand malware scanners are allowed access when using sandboxed Windows explorer and I'm not sure how to change settings accordingly.

I'd appreciate any clarification on this subject!

[Guest10]

Is there a security risk in using the method of scanning via unsandboxed windows explorer?

No, there's no risk.
Just right-click either the sandbox folder and perform a scan of the entire folder, or browse though the contents of the folder and right-click scan whatever you want, using an unsandboxed Windows Explorer.
Even if you made a mistake and ran a .exe file that's in the sandbox, it will start and run sandboxed anyway - just because it's located inside of the sandbox.

[FYT]

Ah, ok - I'm glad I sort of understood what I was doing. [Though I am curious about the reason for that automatic SB recommendation that one use a sandboxed windows explorer: when is that useful?]

Anyway, thanks for clearing things up, Paul -- much appreciated!!

[bo.elam]

[Though I am curious about the reason for that automatic SB recommendation that one use a sandboxed windows explorer: when is that useful?]

You can use a sandboxed Windows Explorer to navigate to files you download from the internet, when you click on the file, it will open sandboxed.

Bo

[fyt]

You can use a sandboxed Windows Explorer to navigate to files you download from the internet, when you click on the file, it will open sandboxed.

Thanks very much for the explanation!