Can Trojans Be Attached To Any Type Of File

I was just wondering as kazaa's exe files in programs are almost always full of trojans. Can trojans/keyloggers be attached to any type of file.

The reason i ask is i am planning to use kazaa to download a couple of hard to find (but legal) old games for my console emulator.

The file types are .v64.

So do i need to worry about trojans with them, and if so would clicking on the file and scanning with ewido be ok to test for absolute safeness. As in theres no way i could scan the file and come up with nothing but then load the game into the emulator and the trojan come to life.

Thanks for your help
Anthony

 

Well I don't know whether Trojans come in all filetypes but I'll say they generally dont come in console game format...

Anyhow, right-clicking the file and using Ewido is good enough...will catch and kill all the nasties.

 

Trojans can be attached to any file that somebody has taken the time to play with. Any Office document can have them for sure.

Kazaa does have a lot of trojans, which is why I got rid of it and put Kazaa lite.

If you have an AV that scans files upon execution (like NOD) then, you have a very good chance of catching a trojan before it jacks up your system.

 

Im confused about that statement as i believed it wasnt the program "kazaa" with the trojan infected files its the unscrupulous SOB whos shared file your accessing. So no matter what PsP program you use your still accessing other peoples shared files with contaminated programs in.

Thats what i have always thought, am i wrong about that.

 

Capp is slightly wrong, but you're right in a sense.

KaZaa puts (installs) a lot of Adware/Spyware when you install it, and some of it are detected as Trojans, that's probably what Capp meant.

This is the reason why people go for KaZaa Lite...it contains no adware, no spyware, no trojans.

Another one I'd recommend is WinMX...very light...small download and no malware...

 

Not the best

 

If you plan to use P2P programs, do a little research as to which are Malware free, Do not use the official version of Kazaa, there are LITE versions available that are clean, they may be hard to find now though, try and get a link from a P2P forum for a download.

As far as i know Kazaa lite 2.4.3 is the last release of the clean version(be wary of any newer versions), WinMX is also clean.

 

If there are streams attached to the files, do many AT or AV's catch them?
I know TDS-3 does.

Bruce

 

Sorry, what are streams? First time I've heard of it. Thanks

 

Oh sorry, streams are those bodies of water that usualy run from North to South LOL

Here is Hw TDS-3 people explain them.

http://www.diamondcs.com.au/index.php?page=archive&id=ntfs-streams

Then we look back to 2000. It appears sometime after this, Kaspersky decides to use ADSTreams as part of their AV. They also start detecting streams with their firewall.

http://news.zdnet.co.uk/internet/security/0,39020375,2081240,00.htm

 

Nother OLD article

http://securityfocus.com/archive/100/82210/2000-09-09/2000-09-15/0

How far have we come since this article ? LOL

 

There are two issues here - the adware/spyware bundled with the official free version of KaZaa (the Gold commercial version lacks these) and the possibility of downloaded files containing trojans and other nasties. The second applies with all P2P networks and any other system where people can make files available anonymously (or pseudo-anonymously) like IRC, Usenet and "warez" websites.

Trojans have to be executed to take effect so can only pose a danger if in "executable" files. Executable here means files containing raw code (like .exe, .dll, .sys) and those containing scripts or macros (such as .vbs, .sbs, .bat, .doc, xls). A "non-standard" filetype like .v64 should not pose any dangers though there is little harm in checking it anyway. Trying to include a trojan in this would mean finding a way to compromise the emulator, take control of it and then (somehow) cause it to alter your system settings, a pretty herculean task...

 

Anthony1uk - Any ".exe" file d/l'ed via any P2P program can contain a Trojan - it depends on whether someone has altered the file - not which P2P program you use to get it.

As stated above, some P2P programs themselves contain tracking components, browser hijackers, pop-ups and malware of their own.

Scanning every and any d/l you obtain via P2P prior to opening it is vital to your computers' health. This is accomplished by d/l'ing whatever it is, going to the folder it d/l'ed to, right-clicking the file and selecting the scan of whatever programs you have to do so with (use all of them that are available to scan with, making sure that they're totally updated first ).

Assuming the scans come up clean - as long as both your A/V and A/T programs run resident (active, real-time in the SYSTRAY) - you can click to install the program and see what happens.

You don't mention either what A/V you use or whether you've got the full version of EWIDO (that's the one with the "Realtime Protection - Active). If you don't have the full version, EWIDO's not going to do anything when you click to execute - it would simply be an "on-demand" scanner.

If there were any way possible, a further check before executing would be to find out what the MD5 of a GOOD copy of the exe was, and then compare the one you d/l'ed to it for a match before installing the exe.

HTH Pete

 

Paranoid2000 - Quite right.

Assuming the file doesn't have multiple (and hidden) file-type extensions, right? Pete

 

I use mcafee enterprise 8i and Trojan Hunter 4.2 both original registered to me versions and Ewido Free.