Re: Running program files on XP with non-executable extension?
From: Norman L. DeForest (af380_at_chebucto.ns.ca)
Date: Wed, 2 Nov 2005 13:04:19 -0400
On Wed, 2 Nov 2005, JS wrote:
> I downloaded a file (let's call it BLUESKY.EXE) which my anti-
> virus guard says may be a virus.
> I wanted to get more info about this file, so I disabled it by
> adding a couple of random letters to the extension.
> I renamed BLUESKY.EXE to BLUESKY.EXEHJ.
> I figured this would stop my XP Pro from running it if I double
> clicked it by mistake. But my antivirus guard 'AntiVir PE' warned
> me about it again. Even with the dummy extension letters! Surely
> such a program file is now safe enough?
> I found that if I add the random letters *before* the EXE then
> AntiVir PE's guard does not detect it as a virus.
> So BLUESKY.HJEXE is ok according to 'AntiVir PE'.
> Is this just an oddity in 'AntiVir PE'? Or is this being done
> because of something in XP Pro which might truncate the letters in
> a file's extension after the first three letters?
The file can be found by both its long filename "BLUESKY.EXEHJ" and
by its short DOS-compatable file name (which may be "BLUESKY.EXE" or
"BLUESK~1.EXE"). It's still an executable file as long as its short
name has an executable extension.
The short filename for "BLUESKY.HJEXE" would either be "BLUESKY.HJE"
-- Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html "> Is there anything Spamazon DOESN'T sell? Clues. The market's too small to justify the effort." -- Stuart Lamble in the scary devil monastery, Fri, 13 May 2005