is a file extension specially associated with plain text files
. If the file is a "true plain text" file, it cannot execute a virus
. However, a .txt file can be disguised
as an executable
(containing malicious code) designed to trick users into opening a file type which can execute that malicious code. This is done using double file extensions
...adding an executable extension
(.exe, .pif, .com, .vbs, etc) to the end of .txt such as anyfile.txt.exe
so that it appears to be a text file. In some cases, you may not see the double extension because file extensions are hidden by default
in Windows. If you have chosen the option to unhide file extensions, you still may be fooled if the malware writer named the .txt file with extra spaces before the ".exe" extension such as document.txt
. An example is shown here
(click Figure 1 to enlarge
). The real extension is hidden because the column width is too narrow to reveal the complete name and the tiny dots in between are nearly invisible.
In some cases the malware may attach a .doc or .txt file found on a system while scanning for message body texts so it can send information back to a remote attacker. An example of this is the Email-Worm.Win32.Magistr.a
. It is possible to get infected by a virus that activates when reading an email without an attachment. The Wscript.KakWorm
was spread by taking advantage of a security hole in Microsoft Outlook Express. The worm was hidden in the HTML of the email itself and when the message was viewed by the recipient, the worm automatically infected the computer. The Email-Worm.Win32.Magistr.a also scans e-mail database files, obtains e-mail addresses and sends its copies there.
I have encountered "false positive
" detections on some plain text files triggered by Corporate Editions of McAfee and Norton Anti-virus which uses heuristic
algorithms known as Bloodhound
. In these cases, I suspect the detection was triggered when the anti-virus scanned text files containing information, notes, and specfic infection names relating to various types of malware.