Select file extension by starting letter:

A - B - C - D - E - F - G - H - I - J - K - L - M -
N - O - P - Q - R - S - T - U - V - W - X - Y - Z -
OTHER - Allowed chars in Filenames - what is an extension?

Links - Converters - Multimedia converters

H

---

Potentially harmful extensions

These extensions should be handled with particular caution if received as attachment by mail, on a diskette or from any other source which you consider not fully trustworthy

Since files with these extensions are able to execute, modify execution rights, modify the registry, modify paths, all of these files should be regarded as potentially dangerous and can do severe damage to your system.

 

While some of these files are rather difficult to program and thus rather seldom get misused, especially scripting files like WS, WSF, JS, VBS, VB, VBE, WSC are highly dangerous. In certain contexts (html mail..) they can even get started without knowledge of the user.(This is the reason why the mail unit of AAICWpro supports only a restricted set of html)

This is the reason why some mail-programs rename files with these extensions, so they are no more able to execute. Give them first a check with a !trustworthy! virus checker! Afterwards you may rename them back to their original extension.

Complex virus'es which modify the registry: see below.

(Explanation see below. It should be noted that there are other extensions which can be dangerous too*. The files named here are considered Level 1 files)

ADE = ZL0= AAICWpro/ZoneAlarm Mailsafe renamed File

ADP = ZL1= AAICWpro/ZoneAlarm Mailsafe renamed File

BAS = ZL2= AAICWpro/ZoneAlarm Mailsafe renamed File

BAT = ZL3= AAICWpro/ZoneAlarm Mailsafe renamed File

CHM = ZL= AAICWpro/ZoneAlarm Mailsafe renamed File

CMD = ZL5= AAICWpro/ZoneAlarm Mailsafe renamed File

COM = ZL6= AAICWpro/ZoneAlarm Mailsafe renamed File

CPL = ZL7= AAICWpro/ZoneAlarm Mailsafe renamed File

CRT = ZL8= AAICWpro/ZoneAlarm Mailsafe renamed File

EXE = ZL9= AAICWpro/ZoneAlarm Mailsafe renamed File

HLP = ZLA= AAICWpro/ZoneAlarm Mailsafe renamed File

HTA = ZLB= AAICWpro/ZoneAlarm Mailsafe renamed File

INF = ZLC= AAICWpro/ZoneAlarm Mailsafe renamed File

INS = ZLD= AAICWpro/ZoneAlarm Mailsafe renamed File

ISP = ZLE= AAICWpro/ZoneAlarm Mailsafe renamed File

JSE = ZLF= AAICWpro/ZoneAlarm Mailsafe renamed File

LNK = ZLG= AAICWpro/ZoneAlarm Mailsafe renamed File

MDB = ZLH= AAICWpro/ZoneAlarm Mailsafe renamed File

MDE = ZLI= AAICWpro/ZoneAlarm Mailsafe renamed File

MSC = ZLJ= AAICWpro/ZoneAlarm Mailsafe renamed File

MSI = ZLK= AAICWpro/ZoneAlarm Mailsafe renamed File

MSP = ZLL= AAICWpro/ZoneAlarm Mailsafe renamed File

MST = ZLM= AAICWpro/ZoneAlarm Mailsafe renamed File

PCD = ZLN= AAICWpro/ZoneAlarm Mailsafe renamed File

PIF = ZLO= AAICWpro/ZoneAlarm Mailsafe renamed File

REG = ZLP= AAICWpro/ZoneAlarm Mailsafe renamed File

SCR = ZLQ= AAICWpro/ZoneAlarm Mailsafe renamed File

SCT = ZLR= AAICWpro/ZoneAlarm Mailsafe renamed File

SHS = ZLS= AAICWpro/ZoneAlarm Mailsafe renamed File

URL = ZLT=AAICWpro/ZoneAlarm Mailsafe renamed File

VBE = ZLU= AAICWpro/ZoneAlarm Mailsafe renamed File

VBS = ZLV= AAICWpro/ZoneAlarm Mailsafe renamed File

WSC = ZLW= AAICWpro/ZoneAlarm Mailsafe renamed File

WSF = ZLX=AAICWpro/ZoneAlarm Mailsafe renamed File

WSH = ZLY= AAICWpro/ZoneAlarm Mailsafe renamed File

SHB = ZLZ= AAICWpro/ZoneAlarm Mailsafe renamed File

 

JS = ZM0= AAICWpro Mailsafe renamed File

VB = ZM1= AAICWpro Mailsafe renamed File

WS= ZM2= AAICWpro Mailsafe renamed File

MDT = ZM3= AAICWpro Mailsafe renamed File

MDW = ZM4= AAICWpro Mailsafe renamed File

MDZ= ZM5= AAICWpro Mailsafe renamed File

SHB = ZM6= AAICWpro Mailsafe renamed File

SCF= ZM7= AAICWpro Mailsafe renamed File

PL= ZM8= AAICWpro Mailsafe renamed File

PM= ZM9= AAICWpro Mailsafe renamed File

DLL= ZMA= AAICWpro Mailsafe renamed File

 

 

 

 

1. ADE Microsoft Access Project Extension
2. ADP Microsoft Access Project
3. ASX Windows Media Audio / Video shortcut
4. BAS Visual Basic Module
5. BAT Batch File
6. CHM Compiled HTML Help File
7. CMD Windows NT Command Script
8. COM MS-DOS Application
9. CPL Control Panel Extension
10. CRT Security Certificate
11. DLL dynamic link library
12. EXE Application
13. HLP Windows Help File
14. HTA HTML program
15. INF Setup Information File
16. INS Internet Naming Service
17. ISP Internet Communication Settings
18. JS JScript File
19. JSE JScript Encoded Script File
20. LNK Shortcut
21. MDB Microsoft Access Application
22. MDE Microsoft Access MDE Database
23. MDT Microsoft Access Add-in Data
24. MDW Microsoft Access Workgroup Information
25. MDZ Microsoft Access Wizard program
26. MSC Microsoft Common Console Document
27. MSI Windows Installer Package
28. MSP Windows Installer Patch
29. MST Visual Test Source File
30. PCD Photo CD Image or Microsoft Visual Test compiled script
31. PIF Shortcut to MS-DOS Program
32. PL Perl script: only dangerous if Perl is installed on that particular computer
33. PM Perl script module: only dangerous if Perl is installed on that particular computer
34. REG Registration Entries
35. SCF Windows Explorer command
36. SCR Screen Saver
37. SCT Windows Script Component
38. SHB Shortcut into a document
39. SHS Shell Scrap Object
40. URL Internet Shortcut (Uniform Resource Locator)
41. VB VBScript File
42. VBE VBScript Encoded Script File
43. VBS VBScript Script File
44. WS Windows Script File
45. WSC Windows Script Component
46. WSF Windows Script File
47. WSH Windows Scripting Host Settings File

virus'es which modify the registry

Now, while this is quite common know-how, complexer viruses tend to hide better by manipulating the registry. They do that by changing the "exefile"-type and key. This can be done in two major ways:

• once by modifying the execution modus. The normal key:
  HKEY_CLASSES_ROOT/exefile/shell/open/command/"%1" %*
  is changed for instance to:
  HKEY_CLASSES_ROOT/exefile/shell/open/command/winload.exe "%1" %*
  
• second by introducing their own extension(s) as executable(s). How this is done is not described here, since this seems not "standard" knowledge of the hackers. Also it seems not to be described anywhere else. Now if this is done not in the most obvious manner, this is really hard to detect.

 

While the first case is detected and handled by most virus scaners, it seems the second case is often overlooked by these. In fact there are some virus-scanners which do not detect this case.

If you feel your system is affected by a virus but can't detect the virus by normal virus-scanners, try the little tool which is offered here on the contribute-page for download. It writes out all unknown HKEY_CLASSES_ROOT entries to a text file. If you have found the virus, eliminate the virus and repair the registry as described on the different virus information sites eg: http://www.antivirus.vt.edu/alerts/.

Alternatively, if this all sounds much to complex to you download the little extension-gather program on the contribute-page here and send it to us with the concern: "virus scan please". Your data will in this case get scanned automatically before the anonimizing process. In case there are any anomalities you are informed imidiatedly.

Two new - previously unknown - viruses have already been detected this way in the first two weeks of this offering. Since we are not interested in atracting the hate of the virus programmers world wide they are published on the normal virus information sites.

*It is not possible to give a sharp definition of possibly dangerous files under Windows. Since viruses can hide in ole objects, the range of files which are potentially dangerous under Windows extends to everything in which ole objects may be embedded - word documents for instance. On the other hand the above named files may be contained in a compressed archive. Virus scanners must therefore consider every type of archive as potentially dangerous and scan it. And there are quite a lot of them....

---

 

Select Extension by starting letter:

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U -