Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Executable files with double extensions?

Started by Mssuzi01 , Apr 09 2005 11:05 AM

  • Please log in to reply

#1
Mssuzi01
Posted 09 April 2005 - 11:05 AM

Mssuzi01

    Member

  • Member
  • PipPip
  • 13 posts
I have a question on this. I am not sure what this means...Warning: Executable file with double extensions found. [COLOR=gray] Any idea what I do with them or if they are maybe causing my computer problems. I have posted a note on the hijack posts with my hijack info. I am just wondering if anyone can explain this to me in basic terms. Thanks....Susan
  • 0

Advertisements

#2
gerryf
Posted 09 April 2005 - 11:28 AM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
Files with double extensions are typically trying to disguise themselves as something they are not, to get a user to click on them..

They are always bad.


So, you might see a file like

BritneySpearsNaked.vbs.jpg

so it would appear as a picture, when in fact it is an executable script
  • 0

#3
Mssuzi01
Posted 09 April 2005 - 12:17 PM

Mssuzi01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you so much for the info and quick response. Is it safe to say that it be ok to remove them? Here is a sample of one I found: Warning: Executable file with double extensions found: C:\Windows\Microsoft.NET\framework\v.1.14322\System.XML.dll
I am at a loss of what to do with them....Thank you. Susan
  • 0

#4
gerryf
Posted 09 April 2005 - 01:09 PM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
Whoops...nice catch....

I should have said ALMOST ALWAYS BAD

There are several such files in C:\Windows\Microsoft.NET\framework

that are OK. Sorry about the confusion....I had foregotten about Net....

No, leave those.

What program gave you the warning? Any up to date antivirus program should include those files as save in its virus definitions.
  • 0

#5
Mssuzi01
Posted 09 April 2005 - 01:36 PM

Mssuzi01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi, Thank you so much for all your help and time!!! The program "Trojanhunter" that I downloaded and received yesterday is the program telling me this info. I am hoping it was up to date. It says I am finally Trojan free....my other programs are also coming up clean but these warnings were bothering me and wondering if I don't have some messed up files. I am updating the Trojanhunter right now so I'll see if maybe that would catch it. Didn't even think to update it since I just got it yesterday. I'll try that and run it again. Thank you so very very much!!
Susan
  • 0

#6
gerryf
Posted 09 April 2005 - 01:43 PM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
I'm surprised that trojan hunter would flag it...Dot.net framework has been out for a loooong time.

That said, it is following the general rule of thunmb that double extension files are bad.

A LOT of trojans come as double extension files..and in retrospect, it was unwise for MS to do it this way.
  • 0

#7
Mssuzi01
Posted 09 April 2005 - 02:33 PM

Mssuzi01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I did a new scan and the same files for Microsoft.Net came up but so did these....C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Ocr\13.0.0.35__9cf889f53ea9b907\LEAD.Drawing.Imaging.Ocr.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e7c301a9\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f255f46d\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Cache\Adobe Reader 6.0\ENUBIG\Adobe Reader 6.010.cab
Warning: Unable to unpack UPX-packed file C:\WINDOWS\cpanel.exe (Add to ignore list) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream)
Does that mean I can delete these ones instead and just leave Microsoft.Net ones? Again...thank you for your time and help. Susan
  • 0

#8
gerryf
Posted 09 April 2005 - 02:55 PM

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
all ok, leave them
  • 0

#9
Mssuzi01
Posted 09 April 2005 - 03:12 PM

Mssuzi01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you for your time and help. It is greatly appreciated. Susan
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP