Re: Running program files on XP with non-executable extension?

From: Dustin Cook (bughunter.dustin_at_gmail.com)
Date: 11/02/05

  • Next message: Moe Trin: "Re: Sony, Rootkits And Digital Rights Management Gone Too Far" 
    Date: 2 Nov 2005 10:19:51 -0800

    Norman L. DeForest wrote:
    > On Wed, 2 Nov 2005, JS wrote:
    >
    > > I downloaded a file (let's call it BLUESKY.EXE) which my anti-
    > > virus guard says may be a virus.
    > >
    > > I wanted to get more info about this file, so I disabled it by
    > > adding a couple of random letters to the extension.
    > >
    > > I renamed BLUESKY.EXE to BLUESKY.EXEHJ.
    > >
    > > I figured this would stop my XP Pro from running it if I double
    > > clicked it by mistake. But my antivirus guard 'AntiVir PE' warned
    > > me about it again. Even with the dummy extension letters! Surely
    > > such a program file is now safe enough?
    > >
    > > --
    > >
    > > I found that if I add the random letters *before* the EXE then
    > > AntiVir PE's guard does not detect it as a virus.
    > >
    > > So BLUESKY.HJEXE is ok according to 'AntiVir PE'.
    > >
    > > Is this just an oddity in 'AntiVir PE'? Or is this being done
    > > because of something in XP Pro which might truncate the letters in
    > > a file's extension after the first three letters?
    >
    > The file can be found by both its long filename "BLUESKY.EXEHJ" and
    > by its short DOS-compatable file name (which may be "BLUESKY.EXE" or
    > "BLUESK~1.EXE"). It's still an executable file as long as its short
    > name has an executable extension.
    >
    > The short filename for "BLUESKY.HJEXE" would either be "BLUESKY.HJE"
    > or "BLUESK~1.HJE".

    Bingo. :) I changed the extension.. like I thought the poster did. But
    I did it thru console, not explorer... So the extension really is
    something windows doesn't know what to do with. heh.

  • Next message: Moe Trin: "Re: Sony, Rootkits And Digital Rights Management Gone Too Far"

    Relevant Pages