Running program files with non-executable extensions?

Running program files with non-executable extensions?

Post by JS » Thu, 03 Nov 2005 18:43:31


I downloaded a file (let's call it BLUESKY.EXE) which my anti-
virus guard says may be a virus.

I wanted to get more info about this file, so I disabled it by
adding a couple of random letters to the extension.

I renamed BLUESKY.EXE to BLUESKY.EXEHJ.

I figured this would stop XP from running it if I double clicked
it in error. But my antivirus guard 'AntiVir PE' warned me about
it again. Even with the dummy extension letters. Surely such a
program file is now safe enough?

I found that if I put the random letters *before* the EXE then
'AntiVir PE' did not detect it as a virus.

So BLUESKY.HJEXE is ok according to 'AntiVir PE'.

Is this just an oddity in 'AntiVir PE' or is this being done
because of something in XP which might truncate the letters in a
file's extension after the first three letters?
 
 
 

Running program files with non-executable extensions?

Post by bxf » Thu, 03 Nov 2005 19:47:50


The obvious guess is that since extensions are typically three
characters, the programmer who wrote AntiVir PE wrote the COMPARE
instruction to look at only the first three characters.

 
 
 

Running program files with non-executable extensions?

Post by Jerold Sch » Thu, 03 Nov 2005 21:17:11


See tip 0014 Windows NT Short File Extensions.
in the 'Tips & Tricks' at http://www.yqcomputer.com/

REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /V Win95TruncatedExtensions

Yours is set to 1, the default for XP.

To set it to 0,
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /V Win95TruncatedExtensions /T REG_DWORD /F /D 0


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.yqcomputer.com/
http://www.yqcomputer.com/
 
 
 

Running program files with non-executable extensions?

Post by David Cand » Fri, 04 Nov 2005 13:14:36

Rename bluesky.exe it anything you want. Like fred.ttxt. Drag it to a command prompt and press enter.

It has to be an unrecognised extension.

Ditto rename a word document to no extension or a unknown one,. Dbl click it.

--
--------------------------------------------------------------------------------------------------
Read David defending the concept of *** .
http://www.yqcomputer.com/ #more
=================================================
 
 
 

Running program files with non-executable extensions?

Post by Wayne Tilt » Sat, 05 Nov 2005 04:10:00


If you want to see something really scary, copy something like calc.exe
to a new file named 'abazaba.txt' and in a command prompt, type in
'abazaba.txt' and watch Calc open. The command prompt looks into
'abazaba.txt' and determines that it is really an executable so it
launches it. Explorer respects the extension and opens it in Notepad,
cmd.exe doesn't.

Same thing happens with any file launched from a command prompt. So, the
concept of "safe files" (e.g. jpg) is only as safe as how you open it.
Microsoft says it is working as designed. I say it is broken as designed
(B.A.D.).

Wayne