"Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
news:1130955591.143391.24290@o13g2000cwo.googlegro ups.com...
>
> Norman L. DeForest wrote:
> > On Wed, 2 Nov 2005, JS wrote:
> >
> > > I downloaded a file (let's call it BLUESKY.EXE) which my anti-
> > > virus guard says may be a virus.
> > >
> > > I wanted to get more info about this file, so I disabled it by
> > > adding a couple of random letters to the extension.
> > >
> > > I renamed BLUESKY.EXE to BLUESKY.EXEHJ.
> > >
> > > I figured this would stop my XP Pro from running it if I double
> > > clicked it by mistake. But my antivirus guard 'AntiVir PE'
warned
> > > me about it again. Even with the dummy extension letters!
Surely
> > > such a program file is now safe enough?
> > >
> > > --
> > >
> > > I found that if I add the random letters *before* the EXE then
> > > AntiVir PE's guard does not detect it as a virus.
> > >
> > > So BLUESKY.HJEXE is ok according to 'AntiVir PE'.
> > >
> > > Is this just an oddity in 'AntiVir PE'? Or is this being done
> > > because of something in XP Pro which might truncate the letters
in
> > > a file's extension after the first three letters?
> >
> > The file can be found by both its long filename "BLUESKY.EXEHJ"
and
> > by its short DOS-compatable file name (which may be "BLUESKY.EXE"
or
> > "BLUESK~1.EXE"). It's still an executable file as long as its
short
> > name has an executable extension.
> >
> > The short filename for "BLUESKY.HJEXE" would either be
"BLUESKY.HJE"
> > or "BLUESK~1.HJE".
>
> Bingo. :) I changed the extension.. like I thought the poster did.
But
> I did it thru console, not explorer... So the extension really is
> something windows doesn't know what to do with. heh.
>
Seem to recall there is a "featrue" in NT such that by default it only
considers the first 3 characters of a file extension as significant,
although there is a registry change that can turn this off and take
all characters into consideration.

Sorry, can't remember what it is.