The Sysinternals tools were written by Mark Russinovich and Bryce Cogswell before Microsoft bought their company many years ago. Russinovich continues to develop the tools in his spare time at Microsoft while working on their Azure cloud service.
To quote the "What's New" section on microsoft.com:
Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning.
VirusTotal was created and built up by Hispasec Systems, a Spanish security consulting firm. Over the years it became wildly popular to the point where it needed a cloud infrastructure on the scale that a company like Google could provide. Google took the service over in 2012 [Corrected from 2007].
As shown in the nearby image, when the user right-clicks on an entry in the process list there is a new option: "Check VirusTotal". The first time you select this option you will have to agree to terms of service for VirusTotal. On subsequent checks, there is no obvious feedback when the user selects the Check VirusTotal option. Checking VirusTotal on the top-level process in the listing will cause Process Explorer to check all program files used in the process. Alternatively you can select individual DLLs and other files.
To see results, the user must right-click again on the entry and select Properties. On the Image tab of the resulting dialog box there is a new entry, pictured nearby. The VirusTotal field shows two numbers, "1/50" in this case. This means that 1 of the 50 antimalware engines — Anity-AVL — on VirusTotal detected malware — Trojan/Win32.Agent2 — in the submitted file.
As you can see in this example, the sample submitted is SkyDrive.exe, the actual Microsoft SkyDrive executable and probably not actually malware. Click on the "1/50" and the default browser will open witha page on virustotal.com providing details of the scan. Below is an image of that page.
The false positive in this test result is not a reflection on VirusTotal, but rather on Anity-AVL. I have already submitted the scan result to them as a false positive.
These scans are a snapshot in time, and as the antimalware engines and their signatures update the results may change. You can rescan an executable on the VirusTotal service and see the changes. In fact, VirusTotal and a few other services like it are favorite tools of malware writers who use it to see if the current antimalware engines will detect their programs.
Both VirusTotal and the Sysinternals tools are great examples of the wealth of first-rate free tools available to IT and developers. It's especially rewarding to see people from Google and Microsoft working together, even if under the radar a bit, to make both of them better.