Net Tip: Reveal Hidden File Extensions

One exploit that several creators of viruses and other forms of malevolent code try is to make an e-mail attachment appear to be something other than what it is. Defend against this by making sure all files are shown with their complete filenames. Here's how...

By Jim Freund | Posted Nov 19, 2002
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

One trick that several creators of viruses and other forms of malevolent code try is to make an e-mail attachment appear to be something other than what it is. Window's default is to hide file extensions, and therefore it is a common exploit to use two file extensions to spoof users into believing the attachment is benign, and something other than what it truly is. For instance, a file that is truly named FILENAME.DOC.EXE would show up in Windows as being a Word document. Double-clicking upon it, though, will launch you into Trojan hell.

Therefore it is a wise precaution to make sure that all of your machines display all files, and with their complete filenames.

  • open Control Panel
  • From the "View" menu, select "Options..."
    • Win 2K/XP: select Folder Options
  • Click on the "View" tab
  • Make sure both "Hide files of these types" and "Hide file extensions for known file types" are unchecked
  • Make sure "Show all files" is checked.
    • Win2K/XP: Make sure "Hide protected operating system files" is unchecked
  • Click "OK" to save changes

Another step is to change the Registry settings.

  • Run regedit
  • From the Edit menu select Find
  • Under "Look at", uncheck the "Keys" and "Data" entries and ensure the "Values" entry is checked
  • Enter "NeverShowExt" in the "Find What" box and click "Find Next"
  • When a value is found, right click on the value name and select "Delete"
  • Press F3 to find the next occurrence of "NeverShowExt" and repeat the procedure until all occurrences of "NeverShowExt" have been deleted.
  • The computer will need to be rebooted for changes to take effect

As always, be aware that changes to the Registry are dangerous. We strongly advise that you back it up before proceeding with any manual registry changes.
Run regedit, click on Registry, and select "Export Registry File". Choose a safe location; preferably a network directory and save the file.

--
CrossNodes Net Tips are a new feature of crossnodes.com. If you have a networking tip or trick that you'd like to share, please submit it to the Managing Editor. There can be no financial remuneration, though we will place your byline upon request.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter