Windows EXE Files – how to spot virus exe files?

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

Windows needs .exe files to perform all the computer and application operations. EXE files occupy a critical position in the Windows operating system and its operational stability. But, most malicious and malware program cause system disruptions through EXE files. Your system’s working will be jeopardized because the malware files will either attach to a system EXE file to attack the system. Or, it will launch its own EXE files to cause damage to the operating system or applications.

What is the best way to spot a virus ridden EXE file? Is there a way that we can ensure that the EXE file downloaded out of a third party site is safe to use on the Windows desktop or laptop? There are really some very common sense oriented best practices that should help you spot a compromised file or a malicious file on the system. We will review some very simple steps that you could take to ensure safety of your system against questionable EXE files.

Use anti-virus software to scan EXE files

An anti-virus is, usually, the best first step scan to protect a system against malware or questionable EXE files. Assuming you downloaded an EXE file from the Internet, make sure you scan the system before executing it. It is really a two minute job if you choose to perform a quick scan. Most virus scans, including the in-built Microsoft antivirus, are robust and updated with the latest virus definitions. And, as a result, it is easy enough to spot an exe file that could, eventually, manifest itself as a computer virus.

Most Windows based laptops and desktops come with in-built antivirus program. All that we need is to run the quick scan and check for the validity of the EXE file. To save time, you could actually do a quick scan of the folder on which you have downloaded or placed the downloaded EXE file.

Use VirusTotal.com to scan the EXE file

VirusTotal.com is a site that is owned by Google. If you have downloaded an EXE file online, it is advisable to check for its veracity. One of the simplest and best processes to check the quality and veracity of an EXE file is to upload it to VirusTotal.com website. VirusTotal is a simple site, and you could upload the EXE file through its web interface on virustotal.com website. The VirusTotal engine will scan the file and confirm if the file is safe to you. This is by far the quickest and cleanest way to ensure that the EXE file is safe to execute on your Windows desktop or laptop.

For businesses that receive a lot of documents in the attachment, you could use automated scanning of the files by using an API based automated solution. The API key provided by VirusTotal.com should help your files to be scanned by the VirusTotal engine. This is absolutely the best way for any business to ensure all email attachments are checked before being downloaded on the user end-points. Implement the API based calls to VirusTotal on your email server, and your business’s email attachments will be safer and cleaner for the end-point users.

Visit the VirusTotal web interface to scan any file – https://www.virustotal.com/gui/

Visit JOTTI Virus Scan Online

Jotti virus scan follows the cues from the VirusTotal.com website. It offers online scanning of up to 5 files. These files are scanned by the anti-virus engine of Jotti website to look for any malware in the files. There is a hard limit on the size of files that can be uploaded to the Jotti website. The maximum size of files that can be uploaded is 250 Mb. Usually, an EXE file should be below the 100 Mb size and hence, the limit would be good to scan an EXE file for malware or virus definitions. The best part about the JOTTI virus scan is that it is free of cost.

Visit Jotti virus scan by visiting the virus scan link – https://virusscan.jotti.org/

I like Jotti because it is quick and I can upload a file to check its credentials before executing on my system. It is free and the virus database is robust and updated on a regular basis. Jotti also gives you an option to scan the hash value of a file to see if the file is genuine and free of malware or virus definitions.

Use Metadefender for scanning the EXE file

OPSWAT’s Metadefender is an online malware scan tool. Like Virus Total and Jotti, you can upload the file on the metadefender website to check for the veracity and credentials of the file. OPSWAT also offers business solutions for companies that would want to deploy metadefender or metascan on the company network. Such a server based solution will scan all the attachment or other files to ensure that your company network comprising of Windows workstations has a robust malware scanning server gateway on the network.

Metadefender allows you to upload a file to scan it online. You could also provide the domain name, IP address or the hash value of the file to pull in threat data pertaining to the file or the site or the network from which you have acquired or downloaded the EXE file.

To scan your file for any malwares, visit the Metadefender scan on the following site – https://metadefender.opswat.com/?lang=en

If you would like to know about the online file scanners in detail, please do visit this link for a comparison of various file scanner tools as of August 2021.

Use Windows 10 Sandbox

Windows 10 comes with support for the sandbox functionality. Sandbox is like a simulated operating system of Windows 10. You can use Windows 10 sandbox to check for application compatibility with the Windows 10 operating system. On a similar basis, you could execute or test the EXE file on the Windows 10 sandbox to monitor the impact of EXE file execution on the sandbox. The sandbox will allow a test environment on the system, without compromising the operating system stability and safety of your files. To use the Windows 10 sandbox functionality, use the instructions from this document. In brief, we can tell you that using the sandbox on the Windows 10 system involves the following steps:

  1. Enable virtualization on Windows 10
  2. Enable the sandbox feature from within the control panel on Windows 10.
  3. The sandbox, once enabled, should contain a mirror image of the Windows 10 operating system running on your machine.
  4. Copy and execute the EXE file on the sandbox environment.
  5. Any impact of the EXE execution will be felt and limited in scale and operation to the Windows 10 sandbox.
  6. You can delete the file directly from the sandbox to clear it off your system

If you are a developer or a tester who checks for applications functionality and usability testing, Windows 10 sandbox will be a good tool to have in your arsenal. Do bear in mind though that Windows 10 sandbox is a feature that is available only on the Windows 10 Pro and Windows 10 Enterprise editions. The Home edition of Windows 10 does not come with pre-installed sandbox. There are 3rd party tools that can be used to download and install the sandbox on Windows 10 Home edition. However, using 3rd party software to install sandbox on the Windows 10 Home edition is a potential risk you need to be aware of.

Keeping your system safe from malicious files is a straight forward case. Use any of the steps mentioned in this document to keep your system protected from dangerous executable files.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.