The story of the fake VirusTotal

So you’ve probably visited VirusTotal in the past to scan your files. For those that haven’t, VirusTotal is an online, free service that scans your uploaded file(s) – limited to 10 MB in size – with 43 different antivirus engines.

Apparently some scumbag(s) decided to take advantage of VirusTotal’s popularity. Recently someone used VirusTotal’s name to create a fake online virus scanner at hxxp:// (Don’t visit it!)

My suspicious – but curious – mind kicked in once I heard of this site. So, I turned on Sandboxie + Returnil, and opened this fake “VirusTotal” website. Once I opened the site, I was greeted with a message telling you to click a button to start scanning.:

Isn’t it strange, that there is no “Upload” button of some kind, or any instructions other than telling you to click “SCAN”? Hmmm… suspicious. After I checked my defenses, I clicked “SCAN”. What happens? Before long, this screen appears:

I have a rogue antivirus?! I trusted my two-layer defense, so I clicked the “OK” button to see if it really was an advert for a fake antivirus, or just a joke. (Please don’t try this at home… or work, for that matter.) The next image that appeared confirmed my fears. The infamous and familiar fake “drive scan” appeared:

Clearly it was… an advert for scareware software (rogue antispyware/antivirus program)!

Fortunately, the site – the fake VirusTotal website – has already been taken down at the time of this posting. However, the moral of the story stands. We should all learn from this: Don’t fall for these type of scams! When you see a message box like the one in the second screenshot above, instantly shut down your computer! When you reboot your computer, if you see some warning message about viruses/spyware on your computer, run a variety of trustworthy, legitimate security software to remove the rogue software. Malwarebyte’s Anti-Malware has become famous for being able to remove rogue scareware crap. SuperAntiSpyware has also gained a reputation for this job. You can also try to use Avira, avast!, or AVG or refer to Ashraf’s 9 best free security apps list for a good list to pick from.

Good luck to everyone and hope no one ever falls for the traps set by opportunist scumbags.

Related Posts

  • what a scumbag…
    (oh not u ashraf, the dude who created the shareware LOL!)

  • Teqy0

    Ive never been to this website but i have seen that fake “drive scan” before it’s a load of crap what people try to do other peoples computers

  • Grr

    Thanks for the heads-up

  • Adrian

    @Someguy: It would be much easier to remove these types of programs using Malwarebytes or the like.

    @Josh: You’re very welcome. :)

  • o(o.o)o

    Sandboxed browser sessions is the way to go against these types of scumware. Close the browser and flush the sandbox and all is well. You can even set sandboxie to only run programs resident on your computer so any executables that get downloaded into the sandbox doesn’t get a chance to run.

  • Josh

    Good work Adrian! I am sure we will always have these Kamikaze website hijacking criminals around, aiming for a quick buck, but with watchdogs like you around, many potential users are saved from it. Thank you very much.

  • Someguy

    I once was a victim of this type of software. Luckily, I could get to the registry and remove it as antivirus software was locked up by the fake antivirus.

  • Ramesh Kumar

    Yikes! If only I met the webmaster of the site (which got pulled down) I’d do so many $&*#@#&$ things to him that he & all those $&*#@#&$ things would also have to be put inside a sandboxie……….while I wait outside.That said I’ve etched into my mind the pics of the images in your article.
    Thanks a ton Adrian :)
    Ramesh :)

  • Adrian

    @Joji: Yes, WOT and Malwarebytes together will make a much better protection against scareware.

  • I once searched for “Robot Competition” for a school project… and I ended up getting that “infamous” web scanner that appears to be Windows XP themed “My Computer” screen thing, you get the point. :)

    Unfortunately, I didn’t have WOT back then, so I didn’t know what’s safe or not… and I didn’t have Malwarebyte either. Now I’m safe ’cause I have both. :D


  • Doru

    I hear about this and is not only in this style.In the past i have this message after install Pando.But not Pando is problem.Problem is from peoples who share this soft from differents soft for sharing.It is a method to introduce fake soft in your computer.It was ~3 or 4 years .Soo it work in a prezent?.

  • Adrian


    Thanks for the editing – I’m not that good at writing.