From: "JS" < XXXX@XXXXX.COM >
| I downloaded a file (let's call it BLUESKY.EXE) which my anti-
| virus guard says may be a virus.
| I wanted to get more info about this file, so I disabled it by
| adding a couple of random letters to the extension.
| I renamed BLUESKY.EXE to BLUESKY.EXEHJ.
| I figured this would stop XP from running it if I double clicked
| it in error. But my antivirus guard 'AntiVir PE' warned me about
| it again. Even with the dummy extension letters. Surely such a
| program file is now safe enough?
| I found that if I put the random letters *before* the EXE then
| 'AntiVir PE' did not detect it as a virus.
| So BLUESKY.HJEXE is ok according to 'AntiVir PE'.
| Is this just an oddity in 'AntiVir PE' or is this being done
| because of something in my XP Pro which might truncate the letters
| in a file's extension after the first three letters?
Please submit a sample of "BLUESKY.EXE" to Virus Total --
( or the renamed file )
The submission will then be tested against 18 different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.
When you get the report, please post back the exact results.