Executable files with double extensions?
Started by
Mssuzi01
, Apr 09 2005 11:05 AM
#1
Posted 09 April 2005 - 11:05 AM
#2
Posted 09 April 2005 - 11:28 AM
Files with double extensions are typically trying to disguise themselves as something they are not, to get a user to click on them..
They are always bad.
So, you might see a file like
BritneySpearsNaked.vbs.jpg
so it would appear as a picture, when in fact it is an executable script
They are always bad.
So, you might see a file like
BritneySpearsNaked.vbs.jpg
so it would appear as a picture, when in fact it is an executable script
#3
Posted 09 April 2005 - 12:17 PM
Thank you so much for the info and quick response. Is it safe to say that it be ok to remove them? Here is a sample of one I found: Warning: Executable file with double extensions found: C:\Windows\Microsoft.NET\framework\v.1.14322\System.XML.dll
I am at a loss of what to do with them....Thank you. Susan
I am at a loss of what to do with them....Thank you. Susan
#4
Posted 09 April 2005 - 01:09 PM
Whoops...nice catch....
I should have said ALMOST ALWAYS BAD
There are several such files in C:\Windows\Microsoft.NET\framework
that are OK. Sorry about the confusion....I had foregotten about Net....
No, leave those.
What program gave you the warning? Any up to date antivirus program should include those files as save in its virus definitions.
I should have said ALMOST ALWAYS BAD
There are several such files in C:\Windows\Microsoft.NET\framework
that are OK. Sorry about the confusion....I had foregotten about Net....
No, leave those.
What program gave you the warning? Any up to date antivirus program should include those files as save in its virus definitions.
#5
Posted 09 April 2005 - 01:36 PM
Hi, Thank you so much for all your help and time!!! The program "Trojanhunter" that I downloaded and received yesterday is the program telling me this info. I am hoping it was up to date. It says I am finally Trojan free....my other programs are also coming up clean but these warnings were bothering me and wondering if I don't have some messed up files. I am updating the Trojanhunter right now so I'll see if maybe that would catch it. Didn't even think to update it since I just got it yesterday. I'll try that and run it again. Thank you so very very much!!
Susan
Susan
#6
Posted 09 April 2005 - 01:43 PM
I'm surprised that trojan hunter would flag it...Dot.net framework has been out for a loooong time.
That said, it is following the general rule of thunmb that double extension files are bad.
A LOT of trojans come as double extension files..and in retrospect, it was unwise for MS to do it this way.
That said, it is following the general rule of thunmb that double extension files are bad.
A LOT of trojans come as double extension files..and in retrospect, it was unwise for MS to do it this way.
#7
Posted 09 April 2005 - 02:33 PM
I did a new scan and the same files for Microsoft.Net came up but so did these....C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Ocr\13.0.0.35__9cf889f53ea9b907\LEAD.Drawing.Imaging.Ocr.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e7c301a9\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f255f46d\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Cache\Adobe Reader 6.0\ENUBIG\Adobe Reader 6.010.cab
Warning: Unable to unpack UPX-packed file C:\WINDOWS\cpanel.exe (Add to ignore list) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream)
Does that mean I can delete these ones instead and just leave Microsoft.Net ones? Again...thank you for your time and help. Susan
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e7c301a9\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f255f46d\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Cache\Adobe Reader 6.0\ENUBIG\Adobe Reader 6.010.cab
Warning: Unable to unpack UPX-packed file C:\WINDOWS\cpanel.exe (Add to ignore list) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream)
Does that mean I can delete these ones instead and just leave Microsoft.Net ones? Again...thank you for your time and help. Susan
#8
Posted 09 April 2005 - 02:55 PM
all ok, leave them
#9
Posted 09 April 2005 - 03:12 PM
Thank you for your time and help. It is greatly appreciated. Susan
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users