Jump to content

Question About Windows Prefetch Files - I Also Asked This On The Clamav Fourm

Recommended Posts

I asked this on the Windows ClamAV forum but I think this forum and that one are different enough, as regards readership, that it might help to ask the question here. Let me know if this is inappropriate and that readers of either forum would see it posted in just one of  them.


If I were to explain why I'm asking this question, you would have a lot to read - it is rather involved and twisted.


Let me ask the question and see what happens. If more information is needed, I'll explain where I'm coming from on this.


Can a Windows prefetch file be a vehicle for malware?


That is, can malware be inserted into a prefetch file so that that malware could then be "used" to damage, etc a system?


My reading says No. Prefetch files contain data,not code, and are never "executed."


And I've also seen entries on the immunet.com forum - such as: http://support.immunet.com/index.php?/topic/242-default-exclusions/?hl=prefetch which seem to say that prefetch files cannot be dangerous and are actually excluded from their scanning.


So - can a prefetch file, or more generally, a file with file name extention .pf be used by a "bad" guy to make an attack?


And to add a twist to the question - could such an attack, if possible, be used against web sites on a shared Apache server installation on a system running Linux?



Share this post

Link to post
Share on other sites

The only way the prefetch files, in my view, can be used maliciously if the program that the files are associated with is a malicious or compromised (in some manner) third-party software program. I think that's where I would look first (installed software) if I suspected that was the case.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...