You suspect viruses, Trojans or rootkits in a document. Your virus scanner is silent, however. In this case the motto is: keep calm! With a cross-check in the virtual machine, you can find out whether malware is actually involved.
As a rule, you will only notice an infiltrated PC malware if your antivirus program displays a warning. The tools often take a long time to identify the latest threats. If the security software does not recognize the malicious code, in the worst case scenario the digital parasite can act covertly for a longer period of time. To increase the security of their Windows PC, some users install several antivirus tools in parallel. Instead of improving the protective shield of your computer, you achieve exactly the opposite. Two or more active virus scanners from different manufacturers rarely get along under Windows. Each of the virus scanners tries to take control of file access – conflicts inevitably arise. The better approach: Relocate the check of suspicious files with additional scanners to a virtual machine.
Virus scanner for the VM
A virtual Windows computer with its own virus scanner is ideally suited as a test laboratory for PC malware of all kinds. You can use it to test suspicious files and examine mail attachments.
Install a free virus hunter for the virus test in the VM: Free tools such as Avast Free Antivirus, AVG Antivirus Free, Avira Free Antivirus, Kaspersky Security Cloud Free or Zonealarm Free Antivirus can be considered. Trial versions of paid antivirus tools from Kaspersky, Bitdefender and Norton can also be used in a VM. Before installing the scanner, create a safepoint in Virtualbox to reset the VM.
Move the test file into the VM
Use the “Shared folder” function to set up a directory on the host computer that you can access from the virtual PC. You should absolutely activate the write protection.
One hurdle that you have to overcome in the virtual virus testing laboratory is the exchange of the suspected infected files. Copying using drag and drop from the host PC to the VM is prevented by the host’s virus scanner. You must first switch off the virus scanner on the host PC and then repeat the copying process. If the virus scanner also identifies a virus in the virtual system, it is activated immediately and blocks the infected file from being saved in the VM.
If the exchange between the host and guest PC does not work with the mouse, set up an exchange folder in Virtualbox: Select the switched off virtual PC in the Virtualbox main window and click on “Change”. Click on “Shared Folders” on the left and on the blue folder icon with the plus sign on the right. In the following window click on the down arrow behind “Folder Path”, then on “Change” and select a folder on the hard drive or SSD of your Windows PC via which the data exchange should take place. You can customize the name for the shared folder. Activate write protection so that a possible virus infection cannot spread from the virtual PC to the host. To do this, put a tick in front of “Read only”. Activate “Include automatically”. Would you like to assign a fixed drive letter to the exchange folder? Then type “G:” into the field behind “Integration points”. The best thing to do is to put a checkmark in front of “Create permanently”. Close the window with “OK -› OK “.
Copy the suspicious files to the exchange folder. Start the VM, open the Explorer and click on “This PC” on the left and the previously set up drive – in the example “G:”. Here you can scan files for viruses. The virus scanner you have installed is usually entered in the Explorer context menu. A right click and the scanner menu command are sufficient for the file check.
Scan USB drives
USB devices plugged into the real computer can also be used in the virtual machine.
With the virtual PC, you can also examine USB sticks and USB hard drives for malicious code. Connect the device to the host PC. With the virtual PC switched on, go to “Devices -› USB devices ”in the menu bar of Virtualbox. In the list of USB devices, select the appropriate USB stick – in the example this is the entry “SanDisk Extreme (0010)”. Virtualbox now connects the USB device to the VM and you can scan it for viruses.
Occasionally it happens that your main Windows PC recognizes a connected USB device and makes it available without any problems, but it does not appear in the device list in the virtual system. The most common reason for this is an improperly installed USB driver. However, this error can also be rectified later without great effort: To do this, first close Virtualbox. Then navigate in Windows Explorer to the Virtualbox program folder – by default “C: Program Files Oracle VirtualBox” – and change there to the subdirectory “drivers USB filter”. Then right-click on the “Vboxusbmon.inf” file and then click on “Install” in the context menu. Wait for the process to finish. After restarting the Windows host, the USB device should appear properly in the virtual guest system.
Perform online virus test
After checking a suspicious file in the VM, you are not yet convinced that there is no malware? Then get another opinion. Either you reset the virtual PC to the safepoint and install another scanner. Or you can use Virustotal at www.virustotal.com/de. The site is where you upload suspicious files up to a maximum of 128MB in size. Virustotal checks the file with over 50 virus scanners. From Avira to Kaspersky and Symantec (Norton) to Trend Micro and Zoner Software, all the big names in the security industry are represented. A website review and a search of older reviews are also available. For Windows there is the free Virus Total Uploader, which you can use to integrate the service into your work environment. You upload a file selected in Explorer to Virustotal via the context menu and you will receive the test result as a security report a few seconds later.
10 tips for Virustotal – How to use the online scanner correctly