Results 1 to 10 of 10

Thread: An .EXE file with JPEG Icon

  1. #1
    Member
    Join Date
    Aug 2002
    Posts
    86

    Lightbulb An .EXE file with JPEG Icon

    I feel this is going to be use for Windows users

    I have found a file with .exe extension with JPEG icon in my box. My AV (NAV2002) has detected it. It resides in \windows\system folder.

    Moreover,

    I got a place in Startup procedure. I have found an entry of PIX in startup. One can access this thru Start>Run>msconfig. Startup tab of System Configuration Utility Dialog reveals this. Here programs that are to be loaded (called memory resident) will have its place. The syntax is "Key Name followed by its value (path)" (eg: System Tray - SysTray.exe, TaskMonitor - C:\WINDOWS\TASKMON.EXE etc., ). PIX61081 got linked to rundll32.exe and is display the entry as 'PIX61081 - C:\WINDOWS\RUNDLL32.EXE'

    Tip: An important one.

    Go to Folder Options from Windows Explorer
    Uncheck "Hide Extensions of known file types.
    http://www.AntiOnline.com/sig.php?imageid=210 ۯ

    UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity. Dennis Ritchie.

  2. #2
    Junior Member
    Join Date
    Jun 2002
    Posts
    29
    Neo,

    Something intresting. Thanks for the warning.
    ragmyn

    At the heart of the Internet culture is the force that want to know everything about you.

  3. #3
    Senior Member Info_Au's Avatar
    Join Date
    Jul 2001
    Location
    Melbourne
    Posts
    273
    This attachment is an EXE file under an jpeg Icon..
    It will still pass Norton AV2002...I have had this file for 2 years now.
    Still passes all trojan scanners and AV checkers.

    The reason..
    It's not a Virii or Trojan...

    Just a simple exe file that removes "Windows System files" and kills Windows!!

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    262
    Info_Au are you sure if that is the case do not delete this file unless you want to reformat.
    No good deed goes unpunished.

  5. #5
    Junior Member
    Join Date
    Aug 2002
    Posts
    3
    Sounds like a virus which has been "bound" to an exe, and had the icon changed.. this is standard hacking practice for newbie hackers... I would check and see what applications are running and see if there's anything there that you don't recognise

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    657
    Originally posted here by Info_Au
    This attachment is an EXE file under an jpeg Icon..
    It will still pass Norton AV2002...I have had this file for 2 years now.
    Still passes all trojan scanners and AV checkers.

    The reason..
    It's not a Virii or Trojan...

    Just a simple exe file that removes "Windows System files" and kills Windows!!


    suggestion, dont delete anything if u dont know exactly what it is!

    do ur research before u do these such things

    such as if a file like CIH.exe is found on ur computer go to www.google.com and type "CIH.exe" and check what is found about that file

    or if u find multiple files like

    a.dll b.dll c.dll e.dll and their causeing errors type

    "a.dll b.dll c.dll e.dll" in google IN QUOTES so it searchs the exact phrase and it IS A BIG possability that someone elese has had the same problem and has posted something that could help you fix it!! or at least tell u what is going on..


    --NetSyN
    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    Agree 120% with NetSyn. Don't delete things until you know the consequences. I compiled a 2.4 linux kernel on my Slackware 8 system the other day, deleted the 2.2 befroe I tried the 2.4, so confident I was that it'd work... It ****ed up, of course, and I had to reinstall the whole system (well, I could've recompiled a 2.2, but it'd have been more trouble than it was worth!)

    Moral of the story:
    Don't delete unless you're absolutely sure.
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  8. #8

    .

    i also think that it is posssibly a trojan as well. this sounds like what a program called net devil does which is a back door trojan.
    but it usually picked up by Av's and trojan scanners

    odd
    [gloworange]The Enemy Is Ignorance[/gloworange]

    http://www.antionline.com/sig.php?id=194

  9. #9
    Senior Member Info_Au's Avatar
    Join Date
    Jul 2001
    Location
    Melbourne
    Posts
    273
    I know exactly what this file does!!
    I have asked somebody here to look at it more(uncompile it) and they told me what it does a long time ago.

    The reason i posted it is....It still passes AV and trojan scanners so any newbie could think as it passed both of them it was safe to open it??
    NOPE!!
    This exe file removes "System INI" file from Windows and displays a red window with nasty abuse on it...Then on a reboot your P.C will not know how to start-up!

    All that done in 28kb.

  10. #10
    Yes, but can't you easily assign any ICON to any file? Just because you assign an icon to an item doesn't mean anything. All my MP3 files have a stupid RIAA Spoof ICON.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •