Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Executable files with double extensions?


  • Please log in to reply

#1
Mssuzi01

Mssuzi01

    Member

  • Member
  • PipPip
  • 13 posts
I have a question on this. I am not sure what this means...Warning: Executable file with double extensions found. [COLOR=gray] Any idea what I do with them or if they are maybe causing my computer problems. I have posted a note on the hijack posts with my hijack info. I am just wondering if anyone can explain this to me in basic terms. Thanks....Susan
  • 0

Advertisements


#2
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
Files with double extensions are typically trying to disguise themselves as something they are not, to get a user to click on them..

They are always bad.


So, you might see a file like

BritneySpearsNaked.vbs.jpg

so it would appear as a picture, when in fact it is an executable script
  • 0

#3
Mssuzi01

Mssuzi01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you so much for the info and quick response. Is it safe to say that it be ok to remove them? Here is a sample of one I found: Warning: Executable file with double extensions found: C:\Windows\Microsoft.NET\framework\v.1.14322\System.XML.dll
I am at a loss of what to do with them....Thank you. Susan
  • 0

#4
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
Whoops...nice catch....

I should have said ALMOST ALWAYS BAD

There are several such files in C:\Windows\Microsoft.NET\framework

that are OK. Sorry about the confusion....I had foregotten about Net....

No, leave those.

What program gave you the warning? Any up to date antivirus program should include those files as save in its virus definitions.
  • 0

#5
Mssuzi01

Mssuzi01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi, Thank you so much for all your help and time!!! The program "Trojanhunter" that I downloaded and received yesterday is the program telling me this info. I am hoping it was up to date. It says I am finally Trojan free....my other programs are also coming up clean but these warnings were bothering me and wondering if I don't have some messed up files. I am updating the Trojanhunter right now so I'll see if maybe that would catch it. Didn't even think to update it since I just got it yesterday. I'll try that and run it again. Thank you so very very much!!
Susan
  • 0

#6
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
I'm surprised that trojan hunter would flag it...Dot.net framework has been out for a loooong time.

That said, it is following the general rule of thunmb that double extension files are bad.

A LOT of trojans come as double extension files..and in retrospect, it was unwise for MS to do it this way.
  • 0

#7
Mssuzi01

Mssuzi01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I did a new scan and the same files for Microsoft.Net came up but so did these....C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Ocr\13.0.0.35__9cf889f53ea9b907\LEAD.Drawing.Imaging.Ocr.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e7c301a9\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f255f46d\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Cache\Adobe Reader 6.0\ENUBIG\Adobe Reader 6.010.cab
Warning: Unable to unpack UPX-packed file C:\WINDOWS\cpanel.exe (Add to ignore list) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream) (View ADS stream...) (Delete ADS stream)
Does that mean I can delete these ones instead and just leave Microsoft.Net ones? Again...thank you for your time and help. Susan
  • 0

#8
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
all ok, leave them
  • 0

#9
Mssuzi01

Mssuzi01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you for your time and help. It is greatly appreciated. Susan
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP