File Extensions

 

Select file extension by starting letter:

A - B - C - D - E - F - G - H - I - J - K - L - M -
N - O - P - Q - R - S - T - U - V - W - X - Y - Z -
OTHER - Allowed chars in Filenames - what is an extension?

Links

Secret service trojans

German secret services have been caught in the act of observing normal inocent citizens per laptop camera/microfone and stealth keyloggers. Since secret services often cooperate in developping such tools or exchange their tools it may be that these observations happened also in other countries. These files are possible indications that you have been observed: c:\windows\system32\mfc42ul.dll and  winsys32.sys

(if you have installed windows on another drive you should look there)

If you want to read more: http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf

H


Potentially harmful extensions

These extensions should be handled with particular caution if received as attachment by mail, on a diskette or from any other source which you consider not fully trustworthy

Since files with these extensions are able to execute, modify execution rights, modify the registry, modify paths, all of these files should be regarded as potentially dangerous and some can do severe damage to your system.
 
While some of these files are rather difficult to program and thus rather seldom get misused, especially scripting files  are highly dangerous. In certain contexts (html mail..) they can even get started without knowledge of the user.

This is the reason why some mail-programs rename files with these extensions, so they are no more able to execute. Give them first a check with a trustworthy virus checker! Afterwards you may rename them back to their original extension.

 

( It should be noted that there are other extensions which can be dangerous too. These are considered Level 1 files)

 

  1. ADE Microsoft Access Project Extension
  2. ADP Microsoft Access Project
  3. ASX Windows Media Audio / Video shortcut
  4. BAS Visual Basic Module
  5. BAT Batch File
  6. CHM Compiled HTML Help File
  7. CMD Windows NT Command Script
  8. COM MS-DOS Application
  9. CPL Control Panel Extension
  10. CRT Security Certificate
  11. EXE Application
  12. HLP Windows Help File
  13. HTA HTML program
  14. INF Setup Information File
  15. INS Internet Naming Service
  16. ISP Internet Communication Settings
  17. JSE JScript Encoded Script File
  18. LNK Shortcut
  19. MDB Microsoft Access Application
  20. MDE Microsoft Access MDE Database
  21. MSC Microsoft Common Console Document
  22. MSI Windows Installer Package
  23. MSP Windows Installer Patch
  24. MST Visual Test Source File
  25. PCD Photo CD Image or Microsoft Visual Test compiled script
  26. PIF Shortcut to MS-DOS Program
  27. REG Registration Entries
  28. SCR Screen Saver
  29. SCT Windows Script Component
  30. SHS Shell Scrap Object
  31. VBE VBScript Encoded Script File
  32. VBS VBScript Script File
  33. WSC Windows Script Component
  34. WSF Windows Script File
  35. WSH Windows Scripting Host Settings File

Virus detection

 

If you think your system is infected Lavasoft or Adaware offer useful free tools for private users. But since these tools work fully automatic they sometimes do a too good job.

An very useful alternative for not experienced users is Hijackthis. There are sites where you can send Hijackthis logs and get advice what to do.

 

If you think you know enough of your system and are able to help yourself or even want to detect totally new - not already described viruses, the following tool might be the right thing for you:

 

FindVir is a tool (a multitude of tools) for detecting viruses by searching different locations where they usualy hide.

 

 

"Files which have changed since last inspection" does not rely on simple date comparisions (but these too can be performed)  but uses a very fast CRC32 comparision (and date and size and..) as already  'VIRCHECK' from 1999 has done. You can use this command on any system folder or normal files folder. A typical system scan takes only 10 minutes and brings normaly not more than 10-20 files which are easy to survey.

Many Viruses and Worms try to maskerade as Windows executables or dll's and use the same names as normal Windows executables or dll's. They are easily detected by "Find files with identical names in system search path". A database is used in VirDetect  and the paid version of FindVir to discriminate  mascerading files from true Windows system files. So all these dialogs together help easily detect even unknown viruses or worms or other spyware related files.

 

 

Some operations take a long time to complete on todays big harddisks, so it's always advisable to chose only subitems, subdirs in this case.


 

As a short example  a run of "Show Alternate Data Stream Objects" brings these results in the log file(some entries deleted):

 

(ZoneId=3) means downloads with "INTERNET EXPLORER", (so if  you don't use IE or the file wasn't downloaded or was extracted from a zip(rar,7zip...) or copied from FAT (eg if you transfered the file over an USB-Stick formated in FAT32 and not NTFS) or if you clear from time to time all ADS's or..., further investigation should be done)
 


 

 

 

 

Most dialogs have sub-dialogs so that further viewing, alterations, additions or deletions are possible. Right click menues in some dialogs lets you view or delete entries or in the case of services start or stop services.

You can even change your Mac-Address with one of these dialogs or view the full version history of Dll's and the like.

(all artefacts/smearing due to jpeg compression)

 

Since these system infos are far more comprehensive than those of Hijackthis (the most used tool at the moment to give a system snapshot for virus detection) there is an option in  FindVir  to print out a log file of a system summary.

Virdetect's comprehensive rootkit detection or injected process detection routines or IRC-server conection detection routines will get integrated in later versions of FindVir.

 

 

Some operations of FindVir make heavy use of memory! Be prepared to wait if your computer is low in memory.

(Some possibly dangerous operations disabled like delete LSP-chain entry or repair LSP-chain, or stop or start services)

Download FindVir

Load Findvir in a folder of your choice (not in desktop!), e.g. programs\utils\. Right click on desktop, select new, then link.

(FindVir needs the newest Microsoft library tools: vcredist-x86 or 64!)

(additional help info soon)

Use of FindVir is at your own risk! No guarantee for anything.


 

Select Extension by starting letter:

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U -

V - W - X - Y - Z - OTHER - Allowed chars in Filenames - what is an extension?

If you find an extension missing, write! No guaratee given forcompleteness or correctness. If you feel an extension is outdated, write!
Authors and retailers: it is in the interest of us all and our customers toavoid the double use of extensions! Please help us keep this compilation up todate!
Send extension data to: update@file-ext.4uj.org
Compilation Copyright (c)R.Cooper-Bitsch, visit also: www.sunorbit.net