Working with downloaded files

Computers are often infected when users unwittingly download and open malicious files. Please don't just ignore warnings from your antivirus or operating system when copying, downloading or opening files from the internet. The words "Disable antivirus before installing" often suggest that a file contains a virus.

Any file downloaded from the internet may contain a virus. Therefore, all downloaded files, irrespective of type, should be scanned with an antivirus or online scanner before you open or run them.

  • Always check executable files including interpreted files that have the following extensions in Microsoft Windows: .exe, .com, .bat, .cmd, .js, .vbs, .pif, .swf, .jar, .reg, .msi, .gg, .gadget, htm/html/xhtml/mht/chm.

  • MS Office (doc, docm, xls, xlsm, ppt, pptm, .mdb, .accdb etc.) and Adobe Acrobat (pdf) files can also contain macro viruses and require checking.

  • Files with extensions not mentioned above can also contain malicious code that exploits vulnerabilities in your operating system, browser or programs. Despite the infrequency of infection from such files, they must also be scanned.

  • If you receive an email containing an attachment or a hyperlink that leads to a file download (even if the file is "just an image" and you know the sender), you should still scan the file with an antivirus before opening or launching it just in case. It's generally best to download mail attachments to your computer and check them with an antivirus before opening them.

  • You should also treat files downloaded from p2p networks (torrents, DC++) and instant messaging programs (ICQ, Skype, Jabber) with the same caution as files downloaded from other websites.

  • Hackers frequently embed viruses in counterfeit software and films, as well as patches, cracks and keygens. Viruses may be embedded either by those who crack the software of those who distribute it.

  • Sites dedicated to hacking, cracking or containing "adult" content are more likely to contain viruses.

Infected files are sometimes disguised using names such as postcard.jpg.exe. Microsoft Windows hides most file extensions, so users will only see the file as postcard.jpg, and open the file believing it to be an image.

Follow these instructions to show file name extensions:

  • Microsoft Windows 2000, XP:

    Start —> Control Panel —> Folder Options —> View —> clear the "Hide extensions for known file types" checkbox

  • Microsoft Windows Vista, 7:

    Start —> Control Panel —> Folder Options —> View —> clear the "Hide extensions for known file types" checkbox.

Checksums and digital signatures can also help verify files. However, there have already been several instances where developers' computers have been infected by files verified by digital signatures.

When installing and running packages for Linux and other operating systems, or even building apps yourself using the source code, double check the source and authorization required to install and run such applications.

Running "suspicious" apps in a guest virtual machine significantly reduces the risk of the host machine becoming infected, but does not eliminate it entirely.