?
Solved

Need to know the checksum of a file

Posted on 2011-02-25
9
Medium Priority
?
486 Views
Last Modified: 2012-05-11
Dear Experts

i Need to know the checksum of a files

I know there are tools, checksum tools to find out the MD5 checksum

My problem is I have a lot of programs which the size, and name are identical but some of them are malware,
and I did a mess, now I do not know which are the good and bad files
Some of them are very old programs but that works very well under Windows XP

Such as said they are old programs and the sites where I recall I downloaded the files the domain has expired.

With other files I can not find the checksums at their site, or in other download website like filehippo.com

I usually use GetRight as download manager in order to remember when, where I downloaded a file, this time I did not use it with this files

What can I do?

Can I upload the files at VirusTotal.com, then copy the MD5 checksum from this site and use a checksum tool?

I am asking for another advice, OR ALTERNATIVE
VT.com is an idea I had but I would to have another option, but if is the only option I have this is ok, I just want to know if this way is reliable
 
Finally, can you please suggest me a good free and nice checksum tool?

P.S.: I am sorry to ask 2 questions I know I can only ask 1 question

Thank you very much in advance
Regards,
Antonio Macias
0
Comment
Question by:rebelscum0000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 9

Assisted Solution

by:bz43
bz43 earned 200 total points
ID: 34984664
My suggestion is for WinMD5Sum.  It's a Freeware Windows MD5 checksumming utility at: http://www.nullriver.com/products

I've used it for years.  
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 200 total points
ID: 34984927
I use http://www.sdean12.org/SecureTrayUtil.htm - its free, sits in the system tray, and calculates all the major hashing methods (so md5/sha1/ripemd etc)
0
 
LVL 79

Expert Comment

by:arnold
ID: 34985540
sfc /scannow will deal with the windows components.

md5sum,checksums are useful if you have a point of reference.

Or the vendor of the application provides that type of information.

Use the various anti-virs/maware tools to detect which one is an issue to address.
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 

Author Comment

by:rebelscum0000
ID: 34985737
@arnold
>Or the vendor of the application provides that type of information

Such as said they are old programs and the sites where I recall I downloaded the files the domain has expired, How do you want me to ask to the vedor of the application this information if their sites are down?

>Use the various anti-virs/maware tools to detect which one is an issue to address.

I do not have one or two programs that I have to deal with this problem, they are more than 100 files
I will never end to check and detect which file is good and which one is bad or malware

Thank you for suggest me MD5 checksumming Utilities , options are always good  to try

I use Marxio FVC and ChaosMD5

But my PRIMARY QUESTION WAS

Can I upload the files at VirusTotal.com, then copy the MD5 checksum from this site and use a checksum tool?

Will it work?

I am asking for another advice, OR ALTERNATIVE IF VT.com is not a solution

Thank you very much for your help
0
 
LVL 79

Expert Comment

by:arnold
ID: 34985908
The only thing that site will tell you is whether the file you upload is possibly a virus based on the "signature"
Unless you have a prestine system where the correct files/applications are against which you can run md5sum and then compare those to the md5sum checks on the other workstations, you are out of luck.
0
 

Author Comment

by:rebelscum0000
ID: 34985978
@armold
>Unless you have a prestine system where the correct files/applications are against which you can >run md5sum and then compare those to the md5sum checks on the other workstations, you are out >of luck

I can buy Shadow Defender and enter Shadow Mode in order to compare those to the md5sum checks. What about this?
0
 

Author Comment

by:rebelscum0000
ID: 34986175
OK I did this test

irSCAN.org Scanned Report :
Scanned time   : 2011/02/26 01:36:26 (MST)
Scanner results: 3% Scanner(s) (1/37) found malware!
File Name      : Shadow Defender V1.1.0.325.7z
File Size      : 1088789 byte
File Type      : 7-zip archive data, version 0.3
MD5            : ca12db0fef5892371128419051c4169b <--VT  md5sum
SHA1           : e8e2b43d42168ed7bff0a60201ca933d1bfb2aa7
Online report  : http://virscan.org/report/66409e0cd1ec291890eac2d521dd10a0.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.1.0.2         20110216210205    2011-02-16  0.36   -
AhnLab V3      2011.02.20.00   2011.02.20        2011-02-20  0.14   -
AntiVir        8.2.4.170       7.11.3.164        2011-02-19  0.49   -
Antiy          2.0.18          20110217.7833565  2011-02-17  0.80   -
Arcavir        2010            201102201716      2011-02-20  0.26   -
Authentium     5.1.1           201102191909      2011-02-19  1.77   -
AVAST!         4.7.4           110219-2          2011-02-19  0.05   -
AVG            8.5.850         271.1.1/3454      2011-02-20  1.83   -
BitDefender    7.90123.6669134 7.36337           2011-02-20  6.93   -
ClamAV         0.96.5          12733             2011-02-20  0.26   -
Comodo         4.0             7744              2011-02-20  0.11   -
CP Secure      1.3.0.5         2011.02.20        2011-02-20  0.06   -
Dr.Web         5.0.2.3300      2011.02.20        2011-02-20  15.05  -
F-Prot         4.4.4.56        20110219          2011-02-19  1.62   -
F-Secure       7.02.73807      2011.02.20.02     2011-02-20  2.48   -
Fortinet       4.2.254         12.914            2011-02-19  0.30   -
GData          21.1835/21.698  20110220          2011-02-20  0.08   -
ViRobot        20110219        2011.02.19        2011-02-19  0.08   -
Ikarus         T3.1.32.15.0    2011.02.20.77771  2011-02-20  7.29   -
JiangMin       13.0.900        2011.02.20        2011-02-20  0.17   -
Kaspersky      5.5.10          2011.02.20        2011-02-20  1.94   -
KingSoft       2009.2.5.15     2011.2.20.9       2011-02-20  0.08   -
McAfee         5400.1158       6262              2011-02-19  7.64   -
Microsoft      1.6502          2011.02.20        2011-02-20  0.18   -
NOD32          3.0.21          5888              2011-02-19  1.89   -
Norman         6.07.03         6.07.00           2011-02-19  12.03  W32/Smalltroj.ZLZB
Panda          9.05.01         2011.02.20        2011-02-20  0.08   -
Trend Micro    9.200-1012      7.848.06          2011-02-19  0.02   -
Quick Heal     11.00           2011.02.19        2011-02-19  0.08   -
Rising         20.0            23.45.04.06       2011-02-18  0.08   -
Sophos         3.16.1          4.62              2011-02-20  3.97   -
Sunbelt        3.9.2474.2      8480              2011-02-19  0.08   -
Symantec       1.3.0.24        20110219.002      2011-02-19  0.06   -
nProtect       20110219.01     3191019           2011-02-19  0.08   -
The Hacker     6.7.0.1         v00134            2011-02-19  0.08   -
VBA32          3.12.14.3       20110218.1211     2011-02-18  3.48   -
VirusBuster    5.2.0.28        13.6.209.3/45191782011-02-19  0.00   -

@arnold
<The only thing that site will tell you is whether the file you upload is possibly a virus based on <the "signature"

And the MD5 that site is tell me is not the checksum of the file?
0
 
LVL 79

Accepted Solution

by:
arnold earned 1600 total points
ID: 34987872
It is the MD5 of the file you uploaded, if it is compromised, you have to have a point of reference to which to compare it.
Otherwise, if the site had the correct MD5 for a file, there is no point in checking it with all the other entries.
i.e. run MD5sum on the uploaded file, and compare it to a known good MD5 signature, if they match, the file is fine, if they do not, the file is fake/messed up.

Lets use EE as an example, your posts are stamped with rebelscum0000 as the poster.  If someone else has access to your account and posts, there is no way another reader within EE will know outright that someone else is posting question/responses under your name.

Same with the various checksums, you have filea, fileb, filec using the checksum tools you will get a checksum for the files, but the remaining step is to compare these checksum to a set of known good ones.

An example would be is that you create a VM where you would install the OS and all applications. Then you can run MD5sum on all the files and catalog that information.You then apply the updates. and repeat the same step. etc. all the way till they are up to date.
Once you have that, you can then check the checksums on your existing workstation to the cataloged data to determine whether it is a legit or compromised.
i.e. filea may have five version with 5 md5sums. your run a md5sum on filea on workstation B, if it does not match any of the known md5sum, you know it is suspect.  You could then check the version of filea on workstation B if the version reported on the file is similar to the version you have in the catalog, you know this file is somehow compromised. It could be that the file you are looking in is an in between version or is a newer one that you have not yet cataloged.



0
 

Author Closing Comment

by:rebelscum0000
ID: 35023024
Thank you
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question