.Txt is a file extension specially associated with plain
text files. If the file is a "true plain text" file, it
cannot execute a virus. However, a .txt file can be
disguised as an
executable (containing malicious code) designed to trick users into opening a file type which can execute that malicious code. This is done using
double file extensions...adding an
executable extension (.exe, .pif, .com, .vbs, etc) to the end of .txt such as
anyfile.txt.exe so that it appears to be a text file. In some cases, you may not see the double extension because file extensions are
hidden by default in Windows. If you have chosen the option to unhide file extensions, you still may be fooled if the malware writer named the .txt file with extra spaces before the ".exe" extension such as
document.txt................
.exe. An example is shown
here (
click Figure 1 to enlarge). The real extension is hidden because the column width is too narrow to reveal the complete name and the tiny dots in between are nearly invisible.
In some cases the malware may attach a .doc or .txt file found on a system while scanning for message body texts so it can send information back to a remote attacker. An example of this is the
Email-Worm.Win32.Magistr.a. It is possible to get infected by a virus that activates when reading an email without an attachment. The
Wscript.KakWorm was spread by taking advantage of a security hole in Microsoft Outlook Express. The worm was hidden in the HTML of the email itself and when the message was viewed by the recipient, the worm automatically infected the computer. The Email-Worm.Win32.Magistr.a also scans e-mail database files, obtains e-mail addresses and sends its copies there.
I have encountered "
false positive" detections on some plain text files triggered by Corporate Editions of McAfee and Norton Anti-virus which uses
heuristic algorithms known as
Bloodhound. In these cases, I suspect the detection was triggered when the anti-virus scanned text files containing information, notes, and specfic infection names relating to various types of malware.