Tumblr 101: Tips And Tricks To Get Started
Facebook Plunges Again
Change file extensions to outsmart pesky malware
In typical malware author fashion, however, their application-blocking abilities are lazily programmed and pretty easy to sidestep. Here's what I do when an infection won't let me run my favorite tools: find the tool I need to run and change its extension from .EXE to .COM.
Windows still knows how to execute .COM files, but most malware isn't smart enough to intercept this less-used extension. Make the change, and you've got an easy workaround to let you run Malwarebytes and some of the other tools you need to clean even a heavily-infected system.
To change a file's extension, open any folder on your computer and go to tools -> folder options (you can also find Folder Options in the Control Panel). Click the view tab and remove the check mark next to hide extensions for known file types. You can now click on the file (mbam.exe above), replace the exe with com, and launch your app despite the malware's best efforts to stop you!
This won't work with every infection, of course, but it has helped me out of a jam on several occasions.
Got another malware-thwarting tip? Share it in the comments!
Comments
15
Subscribe to commentsKualaBeeApr 29th 2010 12:46PM
Will this interfere with the update mechanism. Sometimes they update more than just the definition so trick interferes with the update then...........
Lee MathewsApr 29th 2010 12:47PM
Most of the time, no...Usually the mbamupdater will run just fine. There are always exceptions, of course!
I make sure that I've got a copy of the manual definition update handy at all times just to be safe.
Jason ClarkeApr 29th 2010 1:05PM
Great tip - this works so much better than what I'd previously been doing (manually setting up a file association for .EXE files as "application").
Thanks Lee!
KualaBeesApr 29th 2010 2:01PM
If a tech savy editor cab get hit with that kind of malware despite knowing and blogging about all the anti malware stuff, what does that mean for everybody else?
Lee MathewsApr 29th 2010 2:01PM
Er..you misunderstand.
This is what I do on CUSTOMER computers. I've never had to do it on any of the systems in my own house.
jkroederApr 29th 2010 2:54PM
Agreed but it's ridiculous that they're not enabled by default
RahabibApr 29th 2010 4:46PM
I get why they do that. I cant tell you how many times my family renames a file that had an extension and left out the period or left off the extension entirely. Having it off means renaming files is a bit more idiot proof (literally).
rhodaApr 29th 2010 6:08PM
Many infections will block software installation in general, rather than targeting exe files. And others will not allow for definition retrieval (as suggested). In those cases, the SUPERAntiSpyware Portable Scanner or Online Safe Scan are the only tools I know of that will work.
theampersandApr 29th 2010 10:06PM
Using the .scr extension also allows you to run Win32 executables.
master811Apr 30th 2010 8:33AM
But at least in Vista/7, by default when you go to rename the file, it no longer selects the extension.
WYApr 30th 2010 11:44AM
Ummm.... won't the malware writers be aware of this tip now and rewrite their code to accommodate the instances where someone does rename their executable files?
Regardless, its still a great tip...
DavidApr 30th 2010 8:38PM
We used to do this on customer PCs 10 years ago when I worked in an unnamed Antivirus company's Tech Support department, except we renamed EXEs to .SCR (screensaver) - they're still executable and most but not all malware authors forget to intercept them (I had a variation of FakeAV on a friend's PC just last weekend that caught it and I had to scan the drive offline).
CalebMay 6th 2010 1:32PM
I removed some malware the other day - It caught on to .exe, .com, .bat, .scr, and .pif. That was fun.
JackJun 29th 2010 12:10PM
- If we can change the extention, yet Windows still knows how to run it, shouldn't that mean the virus can also be altered to a non-.exe extention & still work as an .exe? I always hear rule#1 NEVER click on a link with an .exe extention,it is almost always a virus. So couldn't they just alter those to not be .exe,but one of the other extentions just to trick people into clicking the link? It would still function as an .exe right? How could regular joes remain aware,besides simply never clicking any links at all?
- Also I thought there were 'false' files we can create to trick the virus into thinking it was already present on the machine in question. Of course you need to know the specific names of the files that specific virus checks for before installing etc.
Lee MathewsJun 29th 2010 12:11PM
That definitely won't work, Jack. Try it -- pick an exe on your computer and change the extension to .jpg and see what happens ;)