In some cases you want to know whether a certain file or process is a virus. To know if a file is a virus (or potentially dangerous) you first need to determine if it is a legitimate file or not.
It is not always immediately clear whether a file is a virus. Cyber criminals are very good at making a dangerous file look like a legitimate file. This is usually done by taking over the name of a legitimate file. In this way, a potentially dangerous file is less or less noticeable.
There are some steps you can take to determine whether a file is dangerous, deceptive, or legitimate. This still doesn't provide 100% certainty, but it's better than blindly opening an unknown file without verifying it first.
How do I know if a file is a virus?
Process Explorer
The first way is via Process Explorer from Sysinternals. This app provides an insight into all active processes in Windows. This allows you to separate unknown processes from standard processes used in Windows.
Look for processes that seem suspicious or unknown. These can be processes with strange names, processes that require a lot of CPU or geheugen consume, or processes that run from unusual locations on your computer.
Right-click on suspicious processes and click “properties” to get more information about the process. Look for details such as file location, company name, and description. If any of these details seem suspicious or unknown, it could be a sign that the process is malware.
Check digital certificate
A digital certificate for a Windows process is a way to verify the identity and authenticity of the process. When a process is digitally signed in Windows, it means that the software publisher used a cryptographic key to sign the file, creating a digital signature.
A digital certificate is important because it gives you an extra layer of security. By verifying the identity and authenticity of a process, you can be confident that the software running it is legitimate and has not been modified by malware or other malicious actors. Malware generally does not have a certificate, with some exceptions. If the process does not have a digital certificate and it may not be a legitimate file, then caution is advised.
Right-click on the file. Click on properties and then on “digital signature” to determine whether a digital certificate is used.
Check the file with an online virus scanner
If you are not familiar with a file, scanning it with a virus scanner is the best option before opening the file. You can use your local antivirus, but if it does not detect it, scanning with virustotal is a solution.
No antivirus? install Malwarebytes for free and check your computer for malware and more.
Virustotal is a free online service that allows you to scan files and URLs for viruses, malware and other types of malicious software.
You can upload files or enter URLs, which are then scanned by multiple antivirus engines from different security companies. The results of the scan are then displayed, along with information about the file or URL.
I hope this has helped you determine whether the file is a virus or not. Thank you for reading!