Can Viruses infect .AVI files???

Discussion in 'Computer Support' started by Smiley, Jun 26, 2003.

  1. Smiley

    Smiley Guest

    What I've learned about viruses from college and other reading material led
    me to believe that viruses could not infect .avi files. I looked it up and
    found a page the further confirmed that:
    http://www.custom-code-factory.com/viruses.htm

    The thing is, I was downloading a .avi file over a file sharing network when
    my Norton Antivirus detected in it a virus called W32.HLLW.Purol (looked it
    up:
    http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.purol.html )

    Could this virus infect a .avi file? And if not, why did my antivirus
    detect it?
     
    Smiley, Jun 26, 2003
    #1
    1. Advertisements

  2. Smiley

    Brian H¹© Guest

    X-No-Archive: Yes
    Errrrr...erm... Smiley said:
    I think you will find that about the only thing that can't contain a virus is a
    plain text file.
     
    Brian H¹©, Jun 26, 2003
    #2
    1. Advertisements

  3. Smiley

    Brian H¹© Guest

    X-No-Archive: Yes
    Errrrr...erm... Smiley said:
    And how do you think infected files get transmitted via Kazaa etc?
     
    Brian H¹©, Jun 26, 2003
    #3
  4. Smiley

    °Mike° Guest

    ANY file can be infected - ie. have the virus added to it,
    but only executable files can actually activate the virus;
    this includes HTML, .vbs, .js etc.

    The file you downloaded probably had a fake (double) extension.
    This is a common way to trick people into running an infected
    file. For instance, an infected file could be called:
    somemovie.avi.exe , somemovie.avi.scr , somemovie.avi.vbs .
    Most systems will NOT see the actual executable extension,
    which is the last part of the file name. That is why it
    is important that you scan ALL files - even from people you
    know, and otherwise trust - BEFORE opening them.
     
    °Mike°, Jun 26, 2003
    #4
  5. Smiley

    °Mike° Guest

    Wrong:

    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

    Also, javascript and HTML are (effectively) text files.
     
    °Mike°, Jun 26, 2003
    #5
  6. Smiley

    Smiley Guest

    The file you downloaded probably had a fake (double) extension.
    It didn't have a double extension, I'm not stupid enough to fall for that -
    I'm a computer programmer so I know about extensions. It was a plain .avi
    file, that's it. I need to know if a plain.avi file can be infected.
     
    Smiley, Jun 26, 2003
    #6
  7. Smiley

    Brian H¹© Guest

    X-No-Archive: Yes
    Errrrr...erm... °Mike° said:
    That's why I said "plain text"
     
    Brian H¹©, Jun 26, 2003
    #7
  8. Smiley

    Smiley Guest

    And how do you think infected files get transmitted via Kazaa etc?

    People who are trading executables like games and such, or word documents
    and the like.
     
    Smiley, Jun 26, 2003
    #8
  9. Smiley

    Brian H¹© Guest

    X-No-Archive: Yes
    Errrrr...erm... Smiley said:
    Well if you *are* a programmer, you should know what a binary is, and what code
    is, and how easy it is to insert code.
     
    Brian H¹©, Jun 26, 2003
    #9
  10. Smiley

    °Mike° Guest

    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

    THAT'S "plain text".

    Save it as a text file an scan it. Rename it to xxxx.com
    and run it.
     
    °Mike°, Jun 26, 2003
    #10
  11. Smiley

    °Mike° Guest

    If you're not that stupid, then you shouldn't have any trouble
    understanding my reply to you.
     
    °Mike°, Jun 26, 2003
    #11
  12. Smiley

    Shep© Guest

    "Nail on the head" Slumpy.Right on the mark :D
     
    Shep©, Jun 26, 2003
    #12
  13. Smiley

    Smiley Guest

    Or people who expect to download an avi file, so think there's nothing
    Kazaa actually hides the file extension? Good thing I don't use Kazaa.
    Sorry, my file was actually a .avi file, I use WinMX and it doesn't hide
    file extensions.
     
    Smiley, Jun 26, 2003
    #13
  14. Smiley

    Brian H¹© Guest

    X-No-Archive: Yes
    Errrrr...erm... °Mike° said:
    OK, if I have to dot t's and cross i's, a file in plain text written with
    notepad or wordpad (ie, a letter or "text document"), without code, and saved
    with *.txt and that will only be opened with notepad or wordpad.
     
    Brian H¹©, Jun 26, 2003
    #14
  15. Smiley

    Smiley Guest

    It didn't have a double extension, I'm not stupid enough to fall for
    that -
    I know exactly what code is - and programming code needs to be run as, guess
    what, a PROGRAM. Know what else? Image and video files are NOT programs,
    and they do not contain programming code. If somebody's found some way
    around that I'd be really interested in knowing how.
     
    Smiley, Jun 26, 2003
    #15
  16. Smiley

    Unk Guest

    Not quite true: See the EICAR Test String.
    http://securityresponse.symantec.com/avcenter/venc/dyn/11101.html

    True, you can't execute it, but a text file can contain the code.
    Copy and paste the below to a new text file and scan it with your antivirus
    program.

    ***** <-- omit this line
    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
    ***** <-- omit this line

    Unk
     
    Unk, Jun 26, 2003
    #16
  17. Smiley

    Slumpy Guest

    "So, Mr Slumpy you *really* are the perpetual comedian, aren't you ?" I
    threw back my head and roared with laughter as Shep© continued:
    Thanks, precious :)
     
    Slumpy, Jun 26, 2003
    #17
  18. Smiley

    °Mike° Guest

    You're missing the point. The Eicar test virus is pure
    ASCII, but contains executable code - it CAN be done.
     
    °Mike°, Jun 26, 2003
    #18
  19. Smiley

    fkasner Guest

    Have you taken a look at EICAR.COM ? It is not readable in any language
    that humans speak but it has a distinct virus signature and will set off
    a good virus detector. You can create a virus using ASCII characters
    from zero to 127 .
    FK
     
    fkasner, Jun 26, 2003
    #19
  20. Smiley

    Brian H¹© Guest

    X-No-Archive: Yes
    Errrrr...erm... Unk said:
    But that is *not* plain text, it is code. Plain text is what you find in
    dictionaries.
     
    Brian H¹©, Jun 26, 2003
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.