In part 1 I wrote about the use of multiple engines at once for 1 file, now let’s see how to quickly check a device for malware using the same technology.
The VirusTotal service has an api interface & can be used scripted.
Sysinternals a must have toolset for every ITPro has integrated the service in 2 of their tools:
Sysinternals Tools are availabe in multiple ways:
- A zip file containing all the tools: SysinternalsSuite.zip
- separate tool downloads from Live.Sysinternals.com
- for Windows 10 & 11 from the store: Sysinternals Suite
Process Explorer is commonly referred to as an advanced Task manager
Autoruns is the one place to see everything that gets started when Windows starts up
Both of these tools have VirusTotal integration, slightly different to activate:
For process explorer open the options menu / VirusTotal.com & select Check VirusTotal.com
You will need to accept the terms for VirusTotal the 1st time and if you want you can also enable automatic submit of unknown executables.
Now you almost instantly know the result on virus total for all your running processes (right column)
(screenshot made on a device with preview Windows & Office causing some false positives)
For Autoruns select the Options menu / Scan Options
Enable the Check VirusTotal.com option & optionally Submit Unknown Images
Again in a few seconds you have the result for all startup items on you device
Conclusion:
If you want to know if anything possible malicious is running on your device, these 2 tools give you near to instant info on all running & startup items on your device
Tips:
If any item has a hit, just click the score in the Virus Total column to open up the result page on the website to confirm what engines detect the issue & probably can already fix it.
If you get a low score, check the results to make sure it’s not a false positive by 1 or 2 engines
It’s good to have these tools close, but make sure you always use the updated version