Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus in a text file?


  • Please log in to reply
9 replies to this topic

#1 peel

peel

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 08 February 2010 - 01:23 PM

So I was trying this thing out, they give you this free code if you do a survey on a website for this product online. So I had to download it. I downloaded it. it was a compressed file. Winrar opened up as soon as I downloaded it. The only thing in the file was a text file like it said. Then I accidentally double clicked the text file instead of scanning first. What opened was a text file but Im highly suspicious there might be a virus or trojan or keylogger in here somewhere. I then proceeded to scan the compressed file with malware bytes and superantispyware. they didnt find anything but i am still suspicious.

BC AdBot (Login to Remove)

 


#2 peel

peel
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 08 February 2010 - 01:25 PM

ok i uploaded the .rar file if any1 wants to take a look: http://www.mediafire.com/?5ivautylgv4
i dragged it out of my temp folder onto the desktop so I could upload... I hope that didnt do anything

#3 whiteac2k4

whiteac2k4

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:09 PM

Posted 08 February 2010 - 02:39 PM

Go here http://www.eset.com/onlinescan/ to be safe

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:09 PM

Posted 08 February 2010 - 03:09 PM

.Txt is a file extension specially associated with plain text files but there are various text file types and formats. If the file is a "true plain text" file, it cannot execute a virus. The file, however, could actually be an executable containing malicious code disguised as a text file designed to trick users into opening a file type which can execute malicious code. This is done using double file extensions...adding an executable extension (.exe, .pif, .com, .vbs, etc) to the end of .txt such as anyfile.txt.exe so that it appears to be a text file. In some cases, you may not see the double extension because file extensions are hidden by default in Windows. If you have chosen the option to unhide file extensions, you still may be fooled if the malware writer named the .txt file with extra spaces before the ".exe" extension such as shown here ([i]click Figure 1 to enlarge[i]). The real extension is hidden because the column width is too narrow to reveal the complete name and the tiny dots in between are nearly invisible.

In some cases the malware may attach a .doc or .txt file found on a system while scanning for message body texts so it can send information back to a remote attacker. An example of this is the Email-Worm.Win32.Magistr.a. It is possible to get infected by a virus that activates when reading an email without an attachment. The Wscript.KakWorm was spread by taking advantage of a security hole in Microsoft Outlook Express. The worm was hidden in the HTML of the email itself and when the message was viewed by the recipient, the worm automatically infected the computer. The Email-Worm.Win32.Magistr.a also scans e-mail database files, obtains e-mail addresses and sends its copies there.

By design, Internet Explorer will render HTML found in a plain .txt document instead of displaying it as plain text (like Firefox and other browsers) if the contents appear to be HTML. This makes it vulnerable to someone opening a .txt attachment in IE that could contain and execute malicious code. See text/plain as html in IE, and a workaround.

I have encountered "false positive" detections on some plain text files triggered by Corporate Editions of McAfee and Norton Anti-virus which uses heuristic algorithms known as Bloodhound. In these cases, I suspect the detection was triggered when the anti-virus scanned text files containing code and information about specfic malware infections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 peel

peel
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 08 February 2010 - 06:38 PM

thanks for the info but is there any more effective ways than just checking the extension? because that would require opening it up again

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:09 PM

Posted 08 February 2010 - 06:50 PM

You can try right-clicking on the file and letting your anti-virus scan it. However, it is not unusual for an anti-virus or anti-malware scanner to be suspicious of some compressed, archived, .cab and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 peel

peel
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 09 February 2010 - 02:50 PM

like i said i already scanned and it was clean. i also tried it with AVG Free edition and it was clean. However, all of these are free services so If you guys could scan it with a better scanner thatd be great. Also, I scanned my whole computer with that online scanner thing and it detect anything

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:09 PM

Posted 09 February 2010 - 03:23 PM

Go to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 peel

peel
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 09 February 2010 - 09:35 PM

ok i tried both and its clean. :thumbsup:

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,055 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:09 PM

Posted 09 February 2010 - 09:38 PM

:thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users