Re: Running program files on XP with non-executable extension?

From: Norman L. DeForest (af380_at_chebucto.ns.ca)
Date: 11/02/05

  • Next message: Ari Silversteinn: "Re: Truecrypt 4 Released!"
    Date: Wed, 2 Nov 2005 13:04:19 -0400
    
    

    On Wed, 2 Nov 2005, JS wrote:

    > I downloaded a file (let's call it BLUESKY.EXE) which my anti-
    > virus guard says may be a virus.
    >
    > I wanted to get more info about this file, so I disabled it by
    > adding a couple of random letters to the extension.
    >
    > I renamed BLUESKY.EXE to BLUESKY.EXEHJ.
    >
    > I figured this would stop my XP Pro from running it if I double
    > clicked it by mistake. But my antivirus guard 'AntiVir PE' warned
    > me about it again. Even with the dummy extension letters! Surely
    > such a program file is now safe enough?
    >
    > --
    >
    > I found that if I add the random letters *before* the EXE then
    > AntiVir PE's guard does not detect it as a virus.
    >
    > So BLUESKY.HJEXE is ok according to 'AntiVir PE'.
    >
    > Is this just an oddity in 'AntiVir PE'? Or is this being done
    > because of something in XP Pro which might truncate the letters in
    > a file's extension after the first three letters?

    The file can be found by both its long filename "BLUESKY.EXEHJ" and
    by its short DOS-compatable file name (which may be "BLUESKY.EXE" or
    "BLUESK~1.EXE"). It's still an executable file as long as its short
    name has an executable extension.

    The short filename for "BLUESKY.HJEXE" would either be "BLUESKY.HJE"
    or "BLUESK~1.HJE".

    -- 
    Norman De Forest        http://www.chebucto.ns.ca/~af380/Profile.html
    "> Is there anything Spamazon DOESN'T sell?
     Clues. The market's too small to justify the effort."
          -- Stuart Lamble in the scary devil monastery, Fri, 13 May 2005
    

  • Next message: Ari Silversteinn: "Re: Truecrypt 4 Released!"

    Relevant Pages