Re: Running program files on XP with non-executable extension?

From: Norman L. DeForest (
Date: 11/02/05

  • Next message: Ari Silversteinn: "Re: Truecrypt 4 Released!"
    Date: Wed, 2 Nov 2005 13:04:19 -0400

    On Wed, 2 Nov 2005, JS wrote:

    > I downloaded a file (let's call it BLUESKY.EXE) which my anti-
    > virus guard says may be a virus.
    > I wanted to get more info about this file, so I disabled it by
    > adding a couple of random letters to the extension.
    > I figured this would stop my XP Pro from running it if I double
    > clicked it by mistake. But my antivirus guard 'AntiVir PE' warned
    > me about it again. Even with the dummy extension letters! Surely
    > such a program file is now safe enough?
    > --
    > I found that if I add the random letters *before* the EXE then
    > AntiVir PE's guard does not detect it as a virus.
    > So BLUESKY.HJEXE is ok according to 'AntiVir PE'.
    > Is this just an oddity in 'AntiVir PE'? Or is this being done
    > because of something in XP Pro which might truncate the letters in
    > a file's extension after the first three letters?

    The file can be found by both its long filename "BLUESKY.EXEHJ" and
    by its short DOS-compatable file name (which may be "BLUESKY.EXE" or
    "BLUESK~1.EXE"). It's still an executable file as long as its short
    name has an executable extension.

    The short filename for "BLUESKY.HJEXE" would either be "BLUESKY.HJE"
    or "BLUESK~1.HJE".

    Norman De Forest
    "> Is there anything Spamazon DOESN'T sell?
     Clues. The market's too small to justify the effort."
          -- Stuart Lamble in the scary devil monastery, Fri, 13 May 2005

  • Next message: Ari Silversteinn: "Re: Truecrypt 4 Released!"

    Relevant Pages