Re: Running program files on XP with non-executable extension?

From: Poster 60 (ekron_at_wapda.com)
Date: 11/03/05

• Next message: Winged: "Off topic MPAA looks to bolster its dominance by plugging the analog hole"
• Previous message: Beachcomber: "Re: VPN over WiFi: How Much of a Security Risk?"
• In reply to: JS: "Running program files on XP with non-executable extension?"
• Next in thread: Leythos: "Re: Running program files on XP with non-executable extension?"
• Reply:(deleted message) Leythos: "Re: Running program files on XP with non-executable extension?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 03 Nov 2005 02:12:56 GMT

JS wrote:
> --
>
> I found that if I add the random letters *before* the EXE then
> AntiVir PE's guard does not detect it as a virus.

   This is what an anti-virus program will do if you choose to rename
the file to keep it for observation purposes. If you add a "v" in front
of the exe extension, it is no longer read as an executable. You will
also notice the icon of the file changes.
You could also rename it by a second extension after the exe - exe.abc

>
> So BLUESKY.HJEXE is ok according to 'AntiVir PE'.

     The executable is disabled but it is still a malicious file. It can
be reactivated by changing the extension back to exe.

>
> Is this just an oddity in 'AntiVir PE'? Or is this being done
> because of something in XP Pro which might truncate the letters in
> a file's extension after the first three letters?

---

• Next message: Winged: "Off topic MPAA looks to bolster its dominance by plugging the analog hole"
• Previous message: Beachcomber: "Re: VPN over WiFi: How Much of a Security Risk?"
• In reply to: JS: "Running program files on XP with non-executable extension?"
• Next in thread: Leythos: "Re: Running program files on XP with non-executable extension?"
• Reply:(deleted message) Leythos: "Re: Running program files on XP with non-executable extension?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Running program files on XP with non-executable extensions? ... use Software Restriction Policy to create a path rule to the folder where ... But my antivirus guard 'AntiVir PE' warned me about ... Even with the dummy extension letters. ... (microsoft.public.security) Re: Running program files on XP with non-executable extensions? ... use Software Restriction Policy to create a path rule to the folder where ... But my antivirus guard 'AntiVir PE' warned me about ... Even with the dummy extension letters. ... (microsoft.public.security.virus) Re: Running program files on XP with non-executable extensions? ... use Software Restriction Policy to create a path rule to the folder where ... But my antivirus guard 'AntiVir PE' warned me about ... Even with the dummy extension letters. ... (microsoft.public.windowsxp.security_admin) Re: Running program files on XP with non-executable extension? ... > adding a couple of random letters to the extension. ... > AntiVir PE's guard does not detect it as a virus. ... "Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten ... (comp.security.misc) Re: Running program files on XP with non-executable extensions? ... > virus guard says may be a virus. ... But my antivirus guard 'AntiVir PE' warned me about ... Even with the dummy extension letters. ... (microsoft.public.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2005-11