Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 sniper8752


  • Members
  • 385 posts
  • Local time:01:28 PM

Posted 06 February 2012 - 05:30 PM

sorry, wasn't sure where to post this. i wanted to change by background theme and login screen, and found some downloads online. i understand that .exe's are harmful, but can others hurt your computer, even after scanning with threat fire, syp-bot, avg, and malwarebytes? one i was looking at from a .rar file, which contains a ".logonxp". also, could you call something myfile.awesome, and it still be a .exe?

BC AdBot (Login to Remove)


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • Gender:Male
  • Local time:08:28 PM

Posted 07 February 2012 - 06:07 AM

Yes, other files can be harmful too. There are several extensions for executables (PE-files), .scr is one of them.
And what makes things even more difficult, is that Windows will hide known extensions by default.
For example, if you open folder c:\test that contains file program.exe, Windows Explorer will show you "program", not "program.exe".
The same for pictures: picture.jpg is shown as "picture".
This default behavior is abused by malware authors by giving executables 2 extensions, like this: file.jpg.exe.
This file will show up as "file.jpg" in Windows Explorer.
There is a toggle to disable this behavior (Tools /Folder Options / View / Hide extensions ...).

AV products like threat fire, avg, malwarebytes ... can't identify malware 100% of the time. So even if you have a file that none of your programs flag as malware, it can still be malicious.
It is important that you obtain your programs from reliable sources. Many providers of programs will digitally sign their programs, this is a guarantee for you that the program originated from the author, and that it was not modified by a third party. You can check this digital signature in the properties tab.

Edited by Didier Stevens, 07 February 2012 - 06:08 AM.

Didier Stevens

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users