Corrections & Notes: • The JS file is actually JScript, not Javascript

Making file extension hidden by default is one of the worst mistakes MS did.

The fact that "Hide File Extensions" is SILL on by default baffles me.

I want to add a fact in your point that "sometimes hackers may hide the malicious files so that you can't see them by default." Even after you enable the "Show hidden files" option, sometimes they may hide it as a system file (by setting the -h and -s attribute to it). So if you're skeptical about such an item, make sure to enable the "Show hidden operating system files" as well.

Fun fact, in older versions of Windows the .msp files were used by Microsoft Paint.

I absolutely don't understand why file extentions aren't shown by default in windows. It's not annoying and soooo important and also useful (for example if you have two files of different type (like a word document and a pdf export of it) with the same name and have to find the right one by icon)

Also worth mentioning, file extensions are just labels, and they can be manipulated at will regardless of the underlying data. So you might run a .cmd file or something, but the rest of the payload may be contained in a file with extension .docx exactly like a normal document, when really it's just a .dll with the extension changed.

Also, docx, xlsx, pptx, etc are actually encoded as zip files. If you change the extension to zip you can see the bundle of files. This can be exploited, unknown office files should be opened in zip explorers before office.

You also have ".jar" which is an executable java application. It's basically an executable version of a zip file, where java classes are stored within. Any code that is inside a ".jar" file will be executed and ran when you execute it.

I just love how ThioJoe makes the highest quality tech content on the platform He doesn't resort to clickbait or becoming a Linus clone He has his own style and I literally can't find anyone who makes similar content and at the same level of quality Keep up the good work

He may not be a OneDrive synced file, but never fails to upload 💯

I think the main thing or key from this is don't download things willy-nilly over the internet, use extreme caution with links in email, texting, IM's etc. Always exercise caution with attachments. Only go to reputable trustworthy sources with a careful eye. As much as I like open sources that's where you really have to be careful because of too many hands accessing the source code. But that does not mean that someone can't still attach or inject a malicious code to a paid licensed version either. Buyer/ end user beware! You are your own first line of defense, watch dog and security. Pay attention to everything, because you really have to. All the more reason to have backups should one slip past you, in hopes that you can recover. Thanks for the video Theo.

Conclusion: literally anything can be malware

Sometimes it does take one slip up. If you ever run a file that closes and doesn't seem to do anything there is a chance that depending on where it came from it may steal passwords and other things and send them to some random person who you most likely never met or knew existed.

I work in the antimalware industry! More common than changing file extensions or default programs for opening files, we edit local machine group policy to prevent execution on specific file types within a folder that we dedicate to malware. Also, to preserve file names to the extent possible (and to prevent execution and changing default program associations), we just add underscores to file extensions (.exe_, .js_, .scr_). I understand that given the sponsor you wouldn’t show how to edit defender settings, but you could have gone over how to use bitdefender to better protect yourself. Antiviruses have similar settings.

You know it will be a good day when ThioJoe uploads.

literally every comment is "can we give a moment to appreciate how much work thiojoe puts into his videos"

Thanks for having captions, sometimes i have to watch without audio like if my bluetooth headphones run out of battery, helps alot!

Important note: Windows can include meta characters into filenames, for example a right-to-left character. This can lead to characters in filenames being displayed in unusual orders. A common filename this is used in is something like nice-arcs.jpg is acutally a src file, not a jpg

There are also xlsb files that can contain macros. It is the same as xlsm but instead of the XML format it is saved as Microsoft's Binary type.

for example, i can *literally* rename *"executable.exe"* to *_"executable.txt"_* _(or any other file extension)_ and still be able to *run it* under *command prompt* by normal means, the "executable.txt" will be opened in notepad because it has the .txt extension which windows will interpret it as a "text file" (even viewable in the preview pane in explorer)

You shouldn't ever fully trust any file type really. If your picture viewer has a vulnerability, a hacker can take advantage of it by embedding malicious code to something like a JPEG. Video files, image files, sound files, game data files (it's not too uncommon for cracked games to have functions in them that allow them to load external files from the game directory and those are the real malware). Even text files aren't universally safe because theoretically a text editor (or its part, like a syntax highlighting library) can be susceptible to some kind of code injection.

I’m surprised you didn’t mention .jar files. I’ve heard they have been used a ton by hackers/viruses and every time I download one my pc tells me it could be dangerous and I have to manually tell it to keep the file every time.

One type of annoying virus that I got back in 2001 was )and it was called redbot or redcode or redsomething, it got very spread back then...) that the file would arrive to you as a DOUBLE extension file, but Windows (2000 or xp or 98 or me or whatever you used) would only show you the LAST one, hiding the second to last extension which was the actual extension. So, the OS would show you it was a JPG, for instance, and mark it with the icon of a picture, but when you tried to open it, it was actually a VB script and it WOULD ATTEMPT TO RUN IT as a VB script, instead of failing to open it as a JPG, and then you were fucked. That virus would scour through your Outlook contact and sent mail list and send itself to everyone. I had to send SO MANY apology mails to people because of it!

Thanks for this. Might be good to revisit PDFs some day since the landscape seems to have changed. Like a lot of people read in-browser now, with stuff like Firefox's built in browser that I guess approaches reading differently, but I don't feel like there's strong confidence in what are the preferred routes for using those files

Something I was literally wondering about only a couple hours back when downloading an MP3 like the old days. Great timing!

CMD,ZIP,BAT and EXE are the ones to usually be thought of, no idea it went this deep!

ThioJoe I really appreciate you adding subtitles to your videos, they are very useful

I wish you had mentioned in the summary at the end that technically at some level ANY file can become an issue if the program that opens it is ubiquitous enough and has a bug. This used to be a big problem although (maybe) DEP solved it back in the xp/vista days when MS had a bug that let a JPG run code (The GDI+ JPEG parsing vulnerability published in September 2004). With the amount of layers that need to fail for it to be an issue I wouldn't worry about it TOO much as long as you keep up to date on your updates. But it is a good reminder to keep up to date on your updates if nothing else.

You did not mention HTA files, which are HTML applications. Although if I am right these don't work on modern Windows versions anymore, but on a bit older versions they worked and they are are basically just like VBS and JS files, because they have unrestricted system acces via VBScript or JScript, but then embeded in an HTML code and opening with a real window a bit like Electron applications do today, but then using Internet Explorer as their engine instead, since we are talking about a really old technology.

always love and appreciate those proper subtitles!

Respect for having good captions and chapters

Thanks for the excellent video TJ ! Very well done as always. Clear, concise and to the point. Please keep up the amazing work. For I appreciate your content. !! 👍👍 ⭐️⭐️⭐️⭐️⭐️

I would probably add jar files to the list purely because of how common it is to have the jdk installed. And for those who aren't familiar with the jdk or its executable, the jar file. Jar files are a combined executable and library, which is used in Java, Android, and Kotlin development. In other words, it's everywhere and can on a lot of devices (especially phones) run without you downloading the jdk manually.

DLLs can be a lot more dangerous than may be immediately obvious, you don't even need to directly do anything for there to be a problem. A malicious dll file in your download directory might be inadvertently used by some exe in your downloads that you run later, this is very dangerous if the exe is an installer running elevated calls into a malicious dll by accident. This is one reason why auto download exploits are a problem as the malicious file might cause trouble later even if it doesn't immediately cause a problem. You should never leave untrusted dlls in locations where programs might be run from. This can also be a problem with the temp directory so it is a good idea to clean out your temp directory regularly. Dlls in temp can be a general problem even if not malicious as poorly coded installers might leave dlls in the temp dir that interfere with other installers that also want to run from the temp directory. The Installers and dlls in temp problem is mostly an issue with older installers. More modern ones are coded better to try and avoid the temp dll problem. Microsoft over time has attempted to mitigate dll attacks but the solutions are not perfect.

The correct answer to "Which Kinds of Files Can Be Viruses?" (the title of the video at the time of this writing) is actually: "Any file that can be opened." The files listed in this video are merely the ones that can perform malicious actions on their own, i.e. without tricking the program opening them into doing things it's not intended to. I think that's important to keep in mind, because failing to do so may lead to letting one's guard down at the wrong moment.

I remember a great Win XP SP0 exploit where just hovering the mouse over an MP3 file could get you infected due to malformed ID3 tags and the mouse tip. Good times.

nice drop bro, appreciate the warnings :) this stuff is really important. Your video helped me explain how to keep my parents safe and your videos helped us a lot in general really

Any file can be a virus if opened by a program with an exploit

Thanks for a thorough review. I wonder, if one has common sense, does one needs to run an antivirus software at all? I mean, there are huge privacy concerns - an antivirus runs all the time, has access to all of your files. Who knows what it’s doing with all that information…

For archived files, its pretty much unlimited. you are able to make a compressed folder and rename the 'zip' to just about anything, you just need a tool like 7zip, or winrar to open it.

I love how his recent videos are all genuine and not satire like his old videos back in 2015-2017

Thank you for all your content, as it is unassailable and very valued. So I pose the question: are use system, mechanic, ultimate for both virus, malware, system maintenance combination, suit. I know Bit Defender is a superior program for defense and monitoring, can you recommend a program for system maintenance that can be integrated into Bit Defender?

I didn't know all of these, good video!

Thank you. I was just thinking about this very question earlier this week.

Thank you for being a stable voice in this wilderness.

this is gonna filled with information thank you so much

This is the video we didn't know we need but needed.

Thanks Joe I did not know of all of these file extensions.

That's great, sobriety can be something really difficult especially if you have a previous addiction. Stay safe

Good video. Thank you for protecting us, soldier!

Hey Joe, have you done a video on the 'Hosts' file in many operating systems and some devices? It's quite handy and a lot of sites publish custom Hosts files to block online content and ads. A free alternative to spending money on ad blocking software.

This guy always has good videos for years now

Nice video, I would however have added one extra thing to talk about the shortcuts. Inside a shortcut you aren't just limited to running other files, but you could make the shortcut point to something like 'C:\Program Files (x86)\[some web browser like IE]\*.exe [some website]/virus.bat' and then even without that file being on your system, that shortcut will download the file using Internet Explorer. With some extra editing via Notepad I think you might also be able to include the bad code right in the file without the use of other files or programs. Stay safe lol. Great video Thio

Fun fact. I had set the poweshell limitation i saw in his poweshell video and it breaks visual studio installer. It gives a completely arbitrary error, so if you are failing to install or upgrade visual studio after applying poweshell security settings, remove themand retry. It is to bad as it is easy to do a simple bat file that can temporarily clear and reset (run as admin) which means ms could have done the same since vs installer also requires admin.

Education is the best preventative, Thank you for sharing and informing.

You should just assume ANY kind of file can be an exploit. Remember image formats can exploit weaknesses in the rendering programs. Etc

Our lecturer showed us just how nuts a simple word macro is. Full remote access with some social engineering, and made stronger via obfuscation. Crazy.

I remember when I learned that changing the file extension has nothing to do with what the file is, and you can freely change it back without ruining it. It was like The Matrix

I would add a 6th and a 7th category. If an attacker knows that you use some outdated piece if software (including OS components) with a security hole allowing an attacker to execute any code it can be used to deliver malware. It can be a targeted attack specific to you, or can target everyone who is a registered user on a web page (forum, etc) about the outdated piece of software. I have also seen malicious code in source code form. Targeting people who would copy lots of code from questionable sources to their own solutions.

Informative and to the point

Thanks for these warnings! Did Windows patched the ability to have the actual extension _before_ the dot?

Don't open a random powershell script

12:55 the zip file itself can't store the "mark of the web", but if the zip file has that mark, all extracted files will inherit it if you use Windows' built in extractor. 7Zip among others doesn't mark the extracted files, so you should still be careful. The mark of the web is actually an alternate data stream on the file called "Zone.Identifier". It's text data and you can even open it in notepad. The easiest is to use the command prompt. Notepad my-downloaded-file.zip:Zone.Identifier

Windows' built in zip archive extraction code should probably add that "mark of the web" to files that are extracted from a zip file which also has that mark of the web.

I already known all these but i wasn't sure. Thanks ❤

Do a video explaining the origins of file extension types. Like how they chose or came up with executable, png, jpeg batch, etc etc.

The file extension is also in "view" just on the windows file explorer

Thanks proper subtitles

pls make video on long-term personal data storage tips like mdisc etc...

Great information, thanks!

this is really good to know Thanks!!!!!!! :D

Congrats on 3 mil!

This guy used to trick me into taping batteries on my ethernet cable, now hes helping everybody out

ThioJoe always dropping videos on my shower thoughts

You're an Angel. Thank you.

I asked this on reddit, thanks for video

it was very helpful, thank you

The laroux virus in the late 1990s was a macro that copied itself into a hidden excel sheet of all your open excel files. I wish there was an easy way to delete a macro from one of these files.

I had a small scare recently. Was browsing a site that constantly gave me pop up ads and one of them auto downloaded a file. Needless to say, i deleted that as quickly as i could and im not planning to return to that site ever again lol

Literally what everyone using a computer should know!! I didn’t even know some of these!!!

batch files and vbs files are not an issue, there is a modify option when you right-click it

One file type that I can definetly say is secure (because I am the one who wrote the file type specification) is .l2db (Lampe2020-DataBase), which is a simple, binary database. You can of course store malicious code in it (the same as you can in .zip files), but it is really non-trivial to execute that. And the format doesn't support encryption, so you cannot smuggle malicious stuff past a good antivirus inside one of those.

PDF's also can have executable scripts? That is something I didn't know. You should create a video for more tips to protect against this potential threats, like, opening a PDF inside your web browser is it safe? What other programs could open PDF is safe mode for example

Best tip out there: just assume that all files could have a chance of having viruses. It's that simple.

Today I learned why ps1 game isos don't use ".ps1" as an extension.

PROPER SUBTITLES nice

What widget/s are you using to monitor system resources on your desktop?

Short answer. Anything that is an executable with any access to the OS/File System or is openable by an executable with a vulnerability that can be exploited using the payload of the file. JavaScript in the context of the browser is really only able to be a “virus” is if the js interpreter or the browser itself has a vulnerability that can give it access to anything beyond the browser like the host file system. JavaScript in the context of the Node.js language is a whole other story because it has access to the local file system and operating system.

.xlsb-files in Excel also support macros!

I downloaded Polybridge 2 from some Russian Site. It was an .iso file. I mounted and ran the .exe file. Everything worked great 👍

This guy’s merch is top notch

hey quick question have you ever heard of .nodes? i just remember that while some discord server was being raided one of the raiders sent a .nodes file with obvious virus name. i never saw .nodes so i wanted to see what it is but found nothing only .node and no i dont have the file since i was not familiar with that file and decided to not get it on some pendrive

You forgot about Office Binary format (XLSB) that also can have macros enabled

while most of js files you encounter are JavaScript the built in host actually runs JScript, the MS implementation of ancient ECMAScript spec

i love the video!, i have a question (its not related to the video but yeah) do you know what \\?\ is?

fyi, FoxIt PDF Reader also has the "Protected View" setting. And it also has it turned off by default.

And then there is the most insidious file, a file that is not supposed to be executable , but is contains deliberately malformed data which is designed to exploit the software reading the file to cause it to buffer overflow or fail in other ways and then execute data as code. Pretty rare. but IIRC this has happened with a certain image format in order to exploit an internet browser in the past.

How do you view scripts that are embedded into .PDF documents? I occasionally get .PDFs in emails and then a popup from Norton saying that it stripped out a script from the document

In certain situations (e.g. software with buffer overflows, script injection volnurabilities, bugs causing denial of service, not checking input file size), ANY file (image, audio, video, ...) opened in such a program can be dangerous (although of course it's less common).