Solved

Need to know the checksum of a file

Posted on 2011-02-25
9
473 Views
Last Modified: 2012-05-11
Dear Experts

i Need to know the checksum of a files

I know there are tools, checksum tools to find out the MD5 checksum

My problem is I have a lot of programs which the size, and name are identical but some of them are malware,
and I did a mess, now I do not know which are the good and bad files
Some of them are very old programs but that works very well under Windows XP

Such as said they are old programs and the sites where I recall I downloaded the files the domain has expired.

With other files I can not find the checksums at their site, or in other download website like filehippo.com

I usually use GetRight as download manager in order to remember when, where I downloaded a file, this time I did not use it with this files

What can I do?

Can I upload the files at VirusTotal.com, then copy the MD5 checksum from this site and use a checksum tool?

I am asking for another advice, OR ALTERNATIVE
VT.com is an idea I had but I would to have another option, but if is the only option I have this is ok, I just want to know if this way is reliable
 
Finally, can you please suggest me a good free and nice checksum tool?

P.S.: I am sorry to ask 2 questions I know I can only ask 1 question

Thank you very much in advance
Regards,
Antonio Macias
0
Comment
Question by:rebelscum0000
9 Comments
 
LVL 9

Assisted Solution

by:bz43
bz43 earned 50 total points
Comment Utility
My suggestion is for WinMD5Sum.  It's a Freeware Windows MD5 checksumming utility at: http://www.nullriver.com/products

I've used it for years.  
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 50 total points
Comment Utility
I use http://www.sdean12.org/SecureTrayUtil.htm - its free, sits in the system tray, and calculates all the major hashing methods (so md5/sha1/ripemd etc)
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
sfc /scannow will deal with the windows components.

md5sum,checksums are useful if you have a point of reference.

Or the vendor of the application provides that type of information.

Use the various anti-virs/maware tools to detect which one is an issue to address.
0
 

Author Comment

by:rebelscum0000
Comment Utility
@arnold
>Or the vendor of the application provides that type of information

Such as said they are old programs and the sites where I recall I downloaded the files the domain has expired, How do you want me to ask to the vedor of the application this information if their sites are down?

>Use the various anti-virs/maware tools to detect which one is an issue to address.

I do not have one or two programs that I have to deal with this problem, they are more than 100 files
I will never end to check and detect which file is good and which one is bad or malware

Thank you for suggest me MD5 checksumming Utilities , options are always good  to try

I use Marxio FVC and ChaosMD5

But my PRIMARY QUESTION WAS

Can I upload the files at VirusTotal.com, then copy the MD5 checksum from this site and use a checksum tool?

Will it work?

I am asking for another advice, OR ALTERNATIVE IF VT.com is not a solution

Thank you very much for your help
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 76

Expert Comment

by:arnold
Comment Utility
The only thing that site will tell you is whether the file you upload is possibly a virus based on the "signature"
Unless you have a prestine system where the correct files/applications are against which you can run md5sum and then compare those to the md5sum checks on the other workstations, you are out of luck.
0
 

Author Comment

by:rebelscum0000
Comment Utility
@armold
>Unless you have a prestine system where the correct files/applications are against which you can >run md5sum and then compare those to the md5sum checks on the other workstations, you are out >of luck

I can buy Shadow Defender and enter Shadow Mode in order to compare those to the md5sum checks. What about this?
0
 

Author Comment

by:rebelscum0000
Comment Utility
OK I did this test

irSCAN.org Scanned Report :
Scanned time   : 2011/02/26 01:36:26 (MST)
Scanner results: 3% Scanner(s) (1/37) found malware!
File Name      : Shadow Defender V1.1.0.325.7z
File Size      : 1088789 byte
File Type      : 7-zip archive data, version 0.3
MD5            : ca12db0fef5892371128419051c4169b <--VT  md5sum
SHA1           : e8e2b43d42168ed7bff0a60201ca933d1bfb2aa7
Online report  : http://virscan.org/report/66409e0cd1ec291890eac2d521dd10a0.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.1.0.2         20110216210205    2011-02-16  0.36   -
AhnLab V3      2011.02.20.00   2011.02.20        2011-02-20  0.14   -
AntiVir        8.2.4.170       7.11.3.164        2011-02-19  0.49   -
Antiy          2.0.18          20110217.7833565  2011-02-17  0.80   -
Arcavir        2010            201102201716      2011-02-20  0.26   -
Authentium     5.1.1           201102191909      2011-02-19  1.77   -
AVAST!         4.7.4           110219-2          2011-02-19  0.05   -
AVG            8.5.850         271.1.1/3454      2011-02-20  1.83   -
BitDefender    7.90123.6669134 7.36337           2011-02-20  6.93   -
ClamAV         0.96.5          12733             2011-02-20  0.26   -
Comodo         4.0             7744              2011-02-20  0.11   -
CP Secure      1.3.0.5         2011.02.20        2011-02-20  0.06   -
Dr.Web         5.0.2.3300      2011.02.20        2011-02-20  15.05  -
F-Prot         4.4.4.56        20110219          2011-02-19  1.62   -
F-Secure       7.02.73807      2011.02.20.02     2011-02-20  2.48   -
Fortinet       4.2.254         12.914            2011-02-19  0.30   -
GData          21.1835/21.698  20110220          2011-02-20  0.08   -
ViRobot        20110219        2011.02.19        2011-02-19  0.08   -
Ikarus         T3.1.32.15.0    2011.02.20.77771  2011-02-20  7.29   -
JiangMin       13.0.900        2011.02.20        2011-02-20  0.17   -
Kaspersky      5.5.10          2011.02.20        2011-02-20  1.94   -
KingSoft       2009.2.5.15     2011.2.20.9       2011-02-20  0.08   -
McAfee         5400.1158       6262              2011-02-19  7.64   -
Microsoft      1.6502          2011.02.20        2011-02-20  0.18   -
NOD32          3.0.21          5888              2011-02-19  1.89   -
Norman         6.07.03         6.07.00           2011-02-19  12.03  W32/Smalltroj.ZLZB
Panda          9.05.01         2011.02.20        2011-02-20  0.08   -
Trend Micro    9.200-1012      7.848.06          2011-02-19  0.02   -
Quick Heal     11.00           2011.02.19        2011-02-19  0.08   -
Rising         20.0            23.45.04.06       2011-02-18  0.08   -
Sophos         3.16.1          4.62              2011-02-20  3.97   -
Sunbelt        3.9.2474.2      8480              2011-02-19  0.08   -
Symantec       1.3.0.24        20110219.002      2011-02-19  0.06   -
nProtect       20110219.01     3191019           2011-02-19  0.08   -
The Hacker     6.7.0.1         v00134            2011-02-19  0.08   -
VBA32          3.12.14.3       20110218.1211     2011-02-18  3.48   -
VirusBuster    5.2.0.28        13.6.209.3/45191782011-02-19  0.00   -

@arnold
<The only thing that site will tell you is whether the file you upload is possibly a virus based on <the "signature"

And the MD5 that site is tell me is not the checksum of the file?
0
 
LVL 76

Accepted Solution

by:
arnold earned 400 total points
Comment Utility
It is the MD5 of the file you uploaded, if it is compromised, you have to have a point of reference to which to compare it.
Otherwise, if the site had the correct MD5 for a file, there is no point in checking it with all the other entries.
i.e. run MD5sum on the uploaded file, and compare it to a known good MD5 signature, if they match, the file is fine, if they do not, the file is fake/messed up.

Lets use EE as an example, your posts are stamped with rebelscum0000 as the poster.  If someone else has access to your account and posts, there is no way another reader within EE will know outright that someone else is posting question/responses under your name.

Same with the various checksums, you have filea, fileb, filec using the checksum tools you will get a checksum for the files, but the remaining step is to compare these checksum to a set of known good ones.

An example would be is that you create a VM where you would install the OS and all applications. Then you can run MD5sum on all the files and catalog that information.You then apply the updates. and repeat the same step. etc. all the way till they are up to date.
Once you have that, you can then check the checksums on your existing workstation to the cataloged data to determine whether it is a legit or compromised.
i.e. filea may have five version with 5 md5sums. your run a md5sum on filea on workstation B, if it does not match any of the known md5sum, you know it is suspect.  You could then check the version of filea on workstation B if the version reported on the file is similar to the version you have in the catalog, you know this file is somehow compromised. It could be that the file you are looking in is an in between version or is a newer one that you have not yet cataloged.



0
 

Author Closing Comment

by:rebelscum0000
Comment Utility
Thank you
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now