Yes, other files can be harmful too. There are several extensions for executables (PE-files), .scr is one of them.
And what makes things even more difficult, is that Windows will hide known extensions by default.
For example, if you open folder c:\test that contains file program.exe, Windows Explorer will show you "program", not "program.exe".
The same for pictures: picture.jpg is shown as "picture".
This default behavior is abused by malware authors by giving executables 2 extensions, like this: file.jpg.exe.
This file will show up as "file.jpg" in Windows Explorer.
There is a toggle to disable this behavior (Tools /Folder Options / View / Hide extensions ...).
AV products like threat fire, avg, malwarebytes ... can't identify malware 100% of the time. So even if you have a file that none of your programs flag as malware, it can still be malicious.
It is important that you obtain your programs from reliable sources. Many providers of programs will digitally sign their programs, this is a guarantee for you that the program originated from the author, and that it was not modified by a third party. You can check this digital signature in the properties tab.
Edited by Didier Stevens, 07 February 2012 - 06:08 AM.
SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.
Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"