Can Trojans Be Attached To Any Type Of File

Discussion in 'malware problems & news' started by AnthonyG, Feb 20, 2005.

Thread Status:
Not open for further replies.
  1. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    I was just wondering as kazaa's exe files in programs are almost always full of trojans. Can trojans/keyloggers be attached to any type of file.

    The reason i ask is i am planning to use kazaa to download a couple of hard to find (but legal) old games for my console emulator.

    The file types are .v64.

    So do i need to worry about trojans with them, and if so would clicking on the file and scanning with ewido be ok to test for absolute safeness. As in theres no way i could scan the file and come up with nothing but then load the game into the emulator and the trojan come to life.

    Thanks for your help
    Anthony
     
  2. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Well I don't know whether Trojans come in all filetypes but I'll say they generally dont come in console game format...

    Anyhow, right-clicking the file and using Ewido is good enough...will catch and kill all the nasties.
     
  3. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Trojans can be attached to any file that somebody has taken the time to play with. Any Office document can have them for sure.

    Kazaa does have a lot of trojans, which is why I got rid of it and put Kazaa lite.

    If you have an AV that scans files upon execution (like NOD) then, you have a very good chance of catching a trojan before it jacks up your system.
     
  4. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    Im confused about that statement as i believed it wasnt the program "kazaa" with the trojan infected files its the unscrupulous SOB whos shared file your accessing. So no matter what PsP program you use your still accessing other peoples shared files with contaminated programs in.

    Thats what i have always thought, am i wrong about that.
     
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Capp is slightly wrong, but you're right in a sense.

    KaZaa puts (installs) a lot of Adware/Spyware when you install it, and some of it are detected as Trojans, that's probably what Capp meant.

    This is the reason why people go for KaZaa Lite...it contains no adware, no spyware, no trojans.

    Another one I'd recommend is WinMX...very light...small download and no malware...
     
  6. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    Not the best :D
     
  7. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    If you plan to use P2P programs, do a little research as to which are Malware free, Do not use the official version of Kazaa, there are LITE versions available that are clean, they may be hard to find now though, try and get a link from a P2P forum for a download.

    As far as i know Kazaa lite 2.4.3 is the last release of the clean version(be wary of any newer versions), WinMX is also clean.
     
  8. controler

    controler Guest

    If there are streams attached to the files, do many AT or AV's catch them?
    I know TDS-3 does.

    Bruce
     
  9. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    Sorry, what are streams? First time I've heard of it. Thanks
     
  10. controler

    controler Guest

  11. controler

    controler Guest

  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    There are two issues here - the adware/spyware bundled with the official free version of KaZaa (the Gold commercial version lacks these) and the possibility of downloaded files containing trojans and other nasties. The second applies with all P2P networks and any other system where people can make files available anonymously (or pseudo-anonymously) like IRC, Usenet and "warez" websites.

    Trojans have to be executed to take effect so can only pose a danger if in "executable" files. Executable here means files containing raw code (like .exe, .dll, .sys) and those containing scripts or macros (such as .vbs, .sbs, .bat, .doc, xls). A "non-standard" filetype like .v64 should not pose any dangers though there is little harm in checking it anyway. Trying to include a trojan in this would mean finding a way to compromise the emulator, take control of it and then (somehow) cause it to alter your system settings, a pretty herculean task... ;)
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Anthony1uk - Any ".exe" file d/l'ed via any P2P program can contain a Trojan - it depends on whether someone has altered the file - not which P2P program you use to get it.

    As stated above, some P2P programs themselves contain tracking components, browser hijackers, pop-ups and malware of their own.

    Scanning every and any d/l you obtain via P2P prior to opening it is vital to your computers' health. This is accomplished by d/l'ing whatever it is, going to the folder it d/l'ed to, right-clicking the file and selecting the scan of whatever programs you have to do so with (use all of them that are available to scan with, making sure that they're totally updated first ).

    Assuming the scans come up clean - as long as both your A/V and A/T programs run resident (active, real-time in the SYSTRAY) - you can click to install the program and see what happens.

    You don't mention either what A/V you use or whether you've got the full version of EWIDO (that's the one with the "Realtime Protection - Active). If you don't have the full version, EWIDO's not going to do anything when you click to execute - it would simply be an "on-demand" scanner.

    If there were any way possible, a further check before executing would be to find out what the MD5 of a GOOD copy of the exe was, and then compare the one you d/l'ed to it for a match before installing the exe.

    HTH Pete
     
  14. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Paranoid2000 - Quite right.

    Assuming the file doesn't have multiple (and hidden) file-type extensions, right? Pete
     
  15. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    I use mcafee enterprise 8i and Trojan Hunter 4.2 both original registered to me versions and Ewido Free.
     
Loading...
Thread Status:
Not open for further replies.