Guest Mature Posted October 26, 2010 Report Share Posted October 26, 2010 SAMPLE You can see there are two files in the .rar file~One is .txt the other is .png. But actually they are both .exe,it's a simple trick: 1.replace resource icon of the original exe file 2.name the file ***txt or ***gnp or any extension name in a reverse order. 3.place a unicode control characters " RLO Start of right-to-left override" just before the .exe Then when you display the extension name you will see the fie name will be like ***exe.txt or ***exe.png What I'm gonna say is that firstly one of these samples is defined as threat by Immunet while it's harmless because it's written by a net friend of mine,and secondly although Immunet has prompted the threats had been found and quarantined successfully,but the sample file actually is still there,then look into the history of Immunet,it displays the "correct" name of the sample file which is ***?txt.exe but shows the quarantine is fail. I think you should improve this. Regards, Mature Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.