|
Even
if you configure Windows to show all of the file extensions,
there are still some that are hidden by default. Also, any
installed program can configure extensions to be hidden.
This is why our program includes this special window that
shows you what extensions are being hidden and allow you
to toggle them unhidden.
This window will automatically mark any potentially dangerous
hidden extensions in red, so that you will know which ones
to toggle to unhidden.
A
section for experts - Details about what this section protects
you from.
Assuming that you already configured Windows explorer to
show all extensions and that you have not fixed the
problem using Hacker Eliminator as shown above:
SHS
Extensions
1.Make a copy of notepad.exe and put it on your
desktop.
2.Open Wordpad
3.Click and drag notepad.exe into the open wordpad
document.
4.Click and drag it back to the desktop
5.Rename the file that it created (Scrap) to Readme.txt
You
now have what appears to be a text document icon and a clearly
named readme.txt file showing on your desktop. Click on
the text file and the notepad opens up. If this were a trojan,
you would have been fooled and infected by what seemed to
be a harmless text file. If the extension was allowed to
be seen you would not have been fooled by the file Readme.txt.shs
PIF
Extensions
Next, try renaming notepad.exe to anything.txt.pif You will
only see the file name anything.txt on your desktop. This
is because PIF is another extension that Windows hides by
default. If you run the file it will execute the program,
this is because Windows will also execute PIF extensions
as if they were executable files.
SCR
Extensions
Another extension to watch out for is SCR. Rename your copy
of notepad.exe to notepad.scr and click on it. It will run
notepad as an executable file. Many people have been fooled
by hackers taking over a victim's account. The hacker sends
email or other type of message to all of the victim's friends
saying "Check out this cool new screen saver, you will
laugh your butt off!" Because the message came from
a trusted source, most are fooled and run the SCR file and
then end up with a hacker connecting to their computer.
LockDown Millennium scans all SCR files for trojan infections
by default.
Dangerous
Commands That Can Be Embedded
PIF Shortcut Extensions
Some hidden file extensions can easily be programmed with
hidden commands that could do damage to your system. Following
is a simple test:
1.Right click your mouse on your desktop and select New
and then ShortCut
2.In the command line type: format a: /autotest
3.Click Next
4.In the "Select a name for the shortcut" area
type:
readme.txt
5.Click Next
6.Select a notepad icon and click Finish
You
now have a file on your desktop called readme.txt with a
notepad icon. Make sure that there is a disk in your drive
that you do not mind getting wiped and click on the icon.
The file that you click on will do a format on the disk
in the A: drive. Of course, the hacker's icon would target
another drive, or maybe have a name such as 'game.exe' and
with a command to delete your Windows directory or (deltree
/y c:\*.*) your entire C drive! If the PIF extension were
not hidden, you would not be able to be fooled. If it was
added to your startup folder waiting for a reboot, LockDown
Millennium would warn you within seconds.
SHS
Extensions
Scrap files can also hide embedded commands. Following is
a simple test:
1.Make a copy of notepad.exe and put it on your
desktop.
2.Open Wordpad
3.Click and drag notepad.exe into the open wordpad
document.
4.Click on Edit and select Package Object, then select
Edit Package
5.Click on Edit and then Command Line
6.Type a command in the box such as format a: /autotest
and click on Ok
7.The Icon can also be changed from this edit window
8.Exit from the edit window and it will update the
document
9.Click and drag notepad back to the desktop
10.Rename the file that it created (Scrap) to Readme.txt
You
should now have what will look like a text file. If it runs
it will format the disk in the A: drive. As seen in the
example above for PIF Shortcut Extensions, the hacker could
use more dangerous commands.
|
