
Ask HN: How do you find reliable info about a virus or malware? - LCalrissian
Sorry in advance for the noobish question.  How do you find reliable, detailed info about viruses or malware?<p>I run antivirus (BitDefender) and antimalware (Malwarebytes), and they occasionally come up with results for files I&#x27;ve downloaded, both new and old.  Usually they are of the type Generic.Trojan.34567 or the like, and I tend to assume they are false positives but delete the files anyway.  That said, a Google search for any virus name usually leads to thousands of shady links promising REMOVE GENERIC.TROJAN.34567 FAST DOWNLOAD HERE etc. etc.<p>There has got to be some sort of informational database about these threats, what they can do, maybe how to remove them... isn&#x27;t there?  What resources are out there to learn about known threats?
======
sas3
You are correct in not relying on "any and all info" out there, esp., on
topics that carry risk like this.

The best sources are KBs of AntiVirus vendors. The catch though is that
malware "names/labels" are not standardized - so each AV vendor names it
differently.

Try these to start with: 1\. Symantec KB:
[https://www.symantec.com/security_response/landing/azlisting...](https://www.symantec.com/security_response/landing/azlisting.jsp)
2\. McAfee listing:
[https://home.mcafee.com/VirusInfo/?ctst=1](https://home.mcafee.com/VirusInfo/?ctst=1)

AFAIK, VirusTotal had some way of giving out virus definitions but not sure
now... I need to check.

Some legwork is needed before getting the right info - thanks to the
proliferation of SEO tactics, letting marketers float to the - without
necessarily any solid content in there.

------
zemnl
I suggest VirusTotal[1]. It is a tool used also by malware analysts: it scans
the suspect file/website analyzing it with multiple (60+) antivirus engines.
It also shows various information about the uploaded file: signatures,
sections, imported dll, metadata, etc...

Accordingly to VirusTotal FAQs some of these engines are ad-hoc tuned for
VirusTotal with stronger heuristics and additional options, so an engine on VT
may detect a malware while the same commercial engine installed on your PC
doesn't.

[1]. [https://www.virustotal.com](https://www.virustotal.com)

