Re: Running program files on XP with non-executable extension?

From: Poster 60 (ekron_at_wapda.com)
Date: 11/03/05


Date: Thu, 03 Nov 2005 02:12:56 GMT


JS wrote:
> --
>
> I found that if I add the random letters *before* the EXE then
> AntiVir PE's guard does not detect it as a virus.

   This is what an anti-virus program will do if you choose to rename
the file to keep it for observation purposes. If you add a "v" in front
of the exe extension, it is no longer read as an executable. You will
also notice the icon of the file changes.
You could also rename it by a second extension after the exe - exe.abc

>
> So BLUESKY.HJEXE is ok according to 'AntiVir PE'.

     The executable is disabled but it is still a malicious file. It can
be reactivated by changing the extension back to exe.

>
> Is this just an oddity in 'AntiVir PE'? Or is this being done
> because of something in XP Pro which might truncate the letters in
> a file's extension after the first three letters?



Relevant Pages