- Can Viruses infect .AVI files???
- Posted by Smiley on June 26th, 2003
What I've learned about viruses from college and other reading material led
me to believe that viruses could not infect .avi files. I looked it up and
found a page the further confirmed that:
http://www.custom-code-factory.com/viruses.htm
The thing is, I was downloading a .avi file over a file sharing network when
my Norton Antivirus detected in it a virus called W32.HLLW.Purol (looked it
up:
http://securityresponse.symantec.com...llw.purol.html )
Could this virus infect a .avi file? And if not, why did my antivirus
detect it?
- Posted by Brian H¹© on June 26th, 2003
X-No-Archive: Yes
Errrrr...erm... Smiley said:
I think you will find that about the only thing that can't contain a virus is a
plain text file.
- Posted by Brian H¹© on June 26th, 2003
X-No-Archive: Yes
Errrrr...erm... Smiley said:
And how do you think infected files get transmitted via Kazaa etc?
- Posted by °Mike° on June 26th, 2003
ANY file can be infected - ie. have the virus added to it,
but only executable files can actually activate the virus;
this includes HTML, .vbs, .js etc.
The file you downloaded probably had a fake (double) extension.
This is a common way to trick people into running an infected
file. For instance, an infected file could be called:
somemovie.avi.exe , somemovie.avi.scr , somemovie.avi.vbs .
Most systems will NOT see the actual executable extension,
which is the last part of the file name. That is why it
is important that you scan ALL files - even from people you
know, and otherwise trust - BEFORE opening them.
On Thu, 26 Jun 2003 15:33:32 -0400, in
<vfmikj9jhiq62d@corp.supernews.com>
Smiley scrawled:
--
STGP, OGPE24HSHD
- Posted by °Mike° on June 26th, 2003
On Thu, 26 Jun 2003 20:36:00 +0100, in
<xWHKa.1388$MO2.286@newsfep4-winn.server.ntli.net>
Brian H¹© scrawled:
Wrong:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Also, javascript and HTML are (effectively) text files.
--
STGP, OGPE24HSHD
- Posted by Smiley on June 26th, 2003
It didn't have a double extension, I'm not stupid enough to fall for that -
I'm a computer programmer so I know about extensions. It was a plain .avi
file, that's it. I need to know if a plain.avi file can be infected.
- Posted by Brian H¹© on June 26th, 2003
X-No-Archive: Yes
Errrrr...erm... °Mike° said:
That's why I said "plain text"
- Posted by Smiley on June 26th, 2003
People who are trading executables like games and such, or word documents
and the like.
- Posted by Brian H¹© on June 26th, 2003
X-No-Archive: Yes
Errrrr...erm... Smiley said:
Well if you *are* a programmer, you should know what a binary is, and what code
is, and how easy it is to insert code.
- Posted by °Mike° on June 26th, 2003
On Thu, 26 Jun 2003 20:58:08 +0100, in
<gfIKa.1407$MO2.1023@newsfep4-winn.server.ntli.net>
Brian H¹© scrawled:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
THAT'S "plain text".
Save it as a text file an scan it. Rename it to xxxx.com
and run it.
--
STGP, OGPE24HSHD
- Posted by °Mike° on June 26th, 2003
On Thu, 26 Jun 2003 15:57:23 -0400, in
<vfmk4jd5sbmr04@corp.supernews.com>
Smiley scrawled:
If you're not that stupid, then you shouldn't have any trouble
understanding my reply to you.
--
"Please Tell Me if you Don't Get This Message."
- Posted by Shep© on June 26th, 2003
On Thu, 26 Jun 2003 21:02:59 +0100, Whilst playing Smegball with the
scutters "Slumpy" <me3@privacy.net> wrote :
"Nail on the head" Slumpy.Right on the mark 
--
Free Windows/PC help,
http://www.geocities.com/sheppola/trouble.html
Free songs download,
http://artists.mp3s.com/artists/17/sheppard.html
- Posted by Smiley on June 26th, 2003
Kazaa actually hides the file extension? Good thing I don't use Kazaa.
Sorry, my file was actually a .avi file, I use WinMX and it doesn't hide
file extensions.
- Posted by Brian H¹© on June 26th, 2003
X-No-Archive: Yes
Errrrr...erm... °Mike° said:
OK, if I have to dot t's and cross i's, a file in plain text written with
notepad or wordpad (ie, a letter or "text document"), without code, and saved
with *.txt and that will only be opened with notepad or wordpad.
- Posted by Smiley on June 26th, 2003
I know exactly what code is - and programming code needs to be run as, guess
what, a PROGRAM. Know what else? Image and video files are NOT programs,
and they do not contain programming code. If somebody's found some way
around that I'd be really interested in knowing how.
- Posted by Unk on June 26th, 2003
On Thu, 26 Jun 2003 20:52:15 +0100, °Mike° <ZHNTPDWBLECA@fcnzzbgry.pbz>
wrote:
Not quite true: See the EICAR Test String.
http://securityresponse.symantec.com...dyn/11101.html
True, you can't execute it, but a text file can contain the code.
Copy and paste the below to a new text file and scan it with your antivirus
program.
***** <-- omit this line
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
***** <-- omit this line
Unk
- Posted by Slumpy on June 26th, 2003
"So, Mr Slumpy you *really* are the perpetual comedian, aren't you ?" I
threw back my head and roared with laughter as Shep© continued:
Thanks, precious :-)
--
slumpy
no more
no less
just slumpy
- Posted by °Mike° on June 26th, 2003
On Thu, 26 Jun 2003 21:08:41 +0100, in
<apIKa.1413$MO2.343@newsfep4-winn.server.ntli.net>
Brian H¹© scrawled:
You're missing the point. The Eicar test virus is pure
ASCII, but contains executable code - it CAN be done.
--
STGP, OGPE24HSHD
- Posted by fkasner on June 26th, 2003
Brian H¹© wrote:
Have you taken a look at EICAR.COM ? It is not readable in any language
that humans speak but it has a distinct virus signature and will set off
a good virus detector. You can create a virus using ASCII characters
from zero to 127 .
FK
- Posted by Brian H¹© on June 26th, 2003
X-No-Archive: Yes
Errrrr...erm... Unk said:
But that is *not* plain text, it is code. Plain text is what you find in
dictionaries.
