hidden extension query

[Saffy]

I have just run AVG which is picking up a virus on my PC. I have noidea
what is is and although AVG says its healed, every time I run the scanner it
shows up again.

The file is C:\Documents and Settings\All
users\Documents\captyre_005.avi.exe

Under the virus name it says Warning: Hidden Extension.exe

I have looked on the Symantec site and the Grisoft site to see if I can get
any clues, but I am totally stumped as to what to do next and would be
grateful for any help.

TIA

Saffy.

 

[Geese_Hunter]

I have just run AVG which is picking up a virus on my PC. I have noidea
what is is and although AVG says its healed, every time I run the scanner it
shows up again.

The file is C:\Documents and Settings\All
users\Documents\captyre_005.avi.exe

Under the virus name it says Warning: Hidden Extension.exe

I have looked on the Symantec site and the Grisoft site to see if I can get
any clues, but I am totally stumped as to what to do next and would be
grateful for any help.

TIA

Saffy.

Look in Windows Explorer if XP, Tools, Folder Options, View (if not XP
something like that.) Make sure Show hidden files & folders is checked,
No check next to hide extensions for know file types, & no check next to
hide protected operating system files.
Turn off system restore, scan & remove the virus, then turn on system
restore. If on permanent internet connection, I'd unplug it until you
get the virus removed & system restore back on, to prevent getting it,
or another, & prevent it from being sent out.

 

[Jack the Bear]

I have just run AVG which is picking up a virus on my PC. I have noidea
what is is and although AVG says its healed, every time I run the scanner it
shows up again.

The file is C:\Documents and Settings\All
users\Documents\captyre_005.avi.exe

Under the virus name it says Warning: Hidden Extension.exe

I have looked on the Symantec site and the Grisoft site to see if I can get
any clues, but I am totally stumped as to what to do next and would be
grateful for any help.

TIA

Saffy.

It's a double Extension file, an .exe file hoping you'll think it's an .avi.
If you look in the "type" column in Explorer, you'll see that it says
"application," not Windows media file, or whatever .avi files normally
show as on your machine.
If you send me a copy before you delete it, I may be able to tell you
what the file actually is.
Look for "captyre_005.avi" or "captyre_005.avi.exe" in
C:\Documents and Settings\All users\Documents\

- Jack.
(e-mail address removed)

 

[Saffy]

scanner

It's a double Extension file, an .exe file hoping you'll think it's an ..avi.
If you look in the "type" column in Explorer, you'll see that it says
"application," not Windows media file, or whatever .avi files normally
show as on your machine.
If you send me a copy before you delete it, I may be able to tell you
what the file actually is.
Look for "captyre_005.avi" or "captyre_005.avi.exe" in
C:\Documents and Settings\All users\Documents\

- Jack.
(e-mail address removed)

I've just noticed a typo in my original message - it should read capture and
not captyre (I'm guessing this might be relevant).

Saffy.

 

[Jack the Bear]

I've just noticed a typo in my original message - it should read capture and
not captyre (I'm guessing this might be relevant).

Saffy.

Okay instead of:Look for "capture_005.avi" or "capture_005.avi.exe" in
C:\Documents and Settings\All users\Documents\

BTW: First thing, I'll run my "paid for" edition AV at it.

- Jack.

 

[Saffy]

It's a double Extension file, an .exe file hoping you'll think it's an

Look for "capture_005.avi" or "capture_005.avi.exe" in
C:\Documents and Settings\All users\Documents\

BTW: First thing, I'll run my "paid for" edition AV at it.

- Jack.

I created a test text file with the avi.exe extension and AVG thought it was
a virus so I'm a bit more happy about deleting the file. I also looked at
the time the file was created and I think it must be something to do with a
file I downloaded from webshots last night. I would love a "paid for"
anti-virus, but no money means no new software unfortunately.

Would I send the file to this address, as I would love to find out what it
is thats caused me so much hassle.

TIA

Saffy.

 

[Jack the Bear]

I created a test text file with the avi.exe extension and AVG thought it was
a virus so I'm a bit more happy about deleting the file. I also looked at
the time the file was created and I think it must be something to do with a
file I downloaded from webshots last night. I would love a "paid for"
anti-virus, but no money means no new software unfortunately.

Would I send the file to this address, as I would love to find out what it
is thats caused me so much hassle.

TIA

Saffy.

If AVG thinks that "ANYTHING.avi.exe" is a virus, that sounds very much like
you should NOT delete anything untill you get a second opinion, unless you
put a virus in your "test text file."

Feel free to send it to this address, and I'll tell you what I can find out.
You can even delete it from your machine after if you like, as I'll then
have a copy to send you, if you want it back.

Jack (e-mail address removed)

 

[Kerry Liles]

It sounds to me like AVG is merely WARNING you that the file has a double
extension and it therefore is at the very least suspicious. Didn't notice if the
OP has already checked to make sure the AVG definitions are up to date - that
would be a good idea.

Here is what I would do: rename the file to be something less like to
execute - like:

capture_005.avi.exe.txt

and then wait a couple of days. If you don't miss it, delete it.

 

[FromTheRafters]

It sounds to me like AVG is merely WARNING you that the file has a double
extension and it therefore is at the very least suspicious.

That is my take on this as well. The name also indicates to me
that it is not something that you want to execute. While some
double extensions are legitimate, this one really seems to be
an intentional ruse.

Didn't notice if the
OP has already checked to make sure the AVG definitions are up to date - that
would be a good idea.

The file could be submitted to second and/or third opinion scans
as well - perhaps the online scanners can identify the malware.

Here is what I would do: rename the file to be something less like to
execute - like:

capture_005.avi.exe.txt

and then wait a couple of days. If you don't miss it, delete it.

....but then Jack doesn't get an addition to his collection!? (

I betcha it's a porn dialler.

 

[Jack the Bear]

That is my take on this as well. The name also indicates to me
that it is not something that you want to execute. While some
double extensions are legitimate, this one really seems to be
an intentional ruse.


The file could be submitted to second and/or third opinion scans
as well - perhaps the online scanners can identify the malware.


...but then Jack doesn't get an addition to his collection!? (

I betcha it's a porn dialler.

I'll take that bet. CA is getting back to me on it sometime in the
(hopefully near) future. Kaspersky added it to it's defs on March 3, not
ready for the Encyclopeadia (How the F--- do you spell that?) I think it's
called the Worm.Win32.Rafters.Porn.Dedler or something. ;-)

- Jack the Bear.

 

[FromTheRafters]

I'll take that bet. CA is getting back to me on it sometime in the
(hopefully near) future.

I can hardly wait. :O)

Kaspersky added it to it's defs on March 3,

Then what does Kaspersky define it as?

not ready for the Encyclopeadia (How the F--- do you spell that?)

With an e or an æ (or ae) - hell, look it up in the dikshunnery.

I think it's called the Worm.Win32.Rafters.Porn.Dedler or something. ;-)

Probably the latter (the 'or something' part). :O)

Don't forget to post what CA says about it, I'm curious.

 

[Jack the Bear]

;-)

Probably the latter (the 'or something' part). :O)

You were part right, 2/3 former, 1/3 latter..... Worm.Win32.Dedler

Don't forget to post what CA says about it, I'm curious.

All automated stuff for now, including the above little gem.

- Jack.