How to Unhide File Extensions in Windows

What Are File Extensions...
All file names have two parts- the file name and the file extension. 

The file extension is simply the last characters after the last dot in the file name.  For instance, a file named "XXX.EXE" has a file extension of ".EXE" and a file name of "XXX".  The file extension is whatever comes after the last "." (period or 'dot').

By default, if you look at the files on your PC using Windows Explorer ("My Computer"), Windows "hides" the file extensions for most of your files.  File extensions, in this case, are also hidden when you look at file attachments in Outlook or Outlook Express or many other email programs. This makes it very difficult to know if the attachment you are double-clicking on is a picture or something bad that will run malware and infect your system. 

Why MicroSoft ships Windows with its default Windows settings being as dangerous as they can be in this regard is a mystery to all of us who provide computer support for our customers.  Well, I suppose it helps to keep the antivirus companies in business.   Very sad.

We strongly recommend that you tell Windows that you want to see the FULL filenames of ALL your files.  If you choose not to follow these instructions about how to Unhide File Extensions on your PC(s), then please at least be sure that you have the best AntiVirus and AntiSpyware installed on your system(s).

The Hackers File Extension Hiding Trick and why it works...
By default, Windows is set to hide file extensions of known file types.  What this means to you is that you are easy prey to the most common type of email virus tactic, which is to email an attachment to everyone with a filename that looks like something it is not.  

The trick is that the virus authors will simply name the file in such a way as to make it appear to be a JPG picture or some other harmless type of file because they know that most peoples' systems will not show the actual file extension (those last 3 characters after the dot).  

For example, if your system is hiding file extensions, when you get a file attachment called "MyDog.JPG.VBS", your email program will show the attachment as "MyDog.JPG" which leads you to believe that the attachment is simply a picture of someone's dog.  But in reality, the attachment is a VB script (a program that can do whatever the virus writer wants it to if you double-click on it).  

The Fix: One Simple Windows Setting To Unhide File Extensions...
Here are the steps you need to take in order to change the Windows system setting that determines if file extensions are displayed or not.

To tell Windows to show all file extensions, do these simple steps:

• Start Windows Explorer by pressing Windows+E (or use the Start Menu to start Windows Explorer)
• On the Windows Explorer menu bar, click View/Folder Options (or Tools/Folder Options, depending on what version of  Windows you have).  
• A window will appear.  Click on the View tab in that window and...
• In the list of checkboxes on that screen, you need to remove the checkmark in the "Hide  file extensions of know file types" checkbox.  
• Then click on Apply...
• Then click on "Like Current Folder" to apply this setting to all folders (very important).
• Then click OK on all the windows that opened to get back to your Windows Explorer window.  
• You can then close the Windows Explorer window.  You have told Windows to show you the file extensions of all files.

Depending on which folder you were in when you started Windows Explorer, you might immediately notice that you can now see the file extensions for all the files in that folder now (that you couldn't see before).  

Actually, there are still some file types that Windows insists on hiding from you, but for our purposes today, this new setting will suffice.   We'll cover the more advanced UN-hiding of extensions in a future VACM.

File Types TO AVOID When Received As Email Attachments...
Now that you can see all of your files' file extensions, here are the ones to be very cautious of when they arrive as email attachments:

".EXE", ".DOC", ".XLS",
".SCR", ".VBS", ".WSF",
".PIF", ".BAT", ".CMD",
".INF", ".SHE", ".SHB", and ".LNK"

Files ending in any of these file extensions are all capable of executing malicious code on your system (ie- they could be viruses or spywares). 

Don't Trust Emails From Friends- Even if an email with an attachment is from someone you know, be very careful because many viruses have the ability to send themselves to everyone in the infected computer's Address Book.  If you are not careful, you, too, will become infected.  Let's see why that is so.  Suppose your friend's computer has a virus that emails itself to all your the contacts in your friend's address book.  If your email address is in your friend's Address Book, you will receive an email that looks like it came from your friend but was actually sent by the virus on your friend's computer.  Scary, huh?   Don't assume.  Be sure.

How Does This Help Me To Fear No Attachments?
Now that you know what types of attachments to stay away from and now that Windows will be showing you the file extensions of all files, just follow a few simple rules when dealing with your email attachments.

1. First, get in the habit...
Cultivate the habit of updating your AntiVirus and AntiSpyware software EVERY time you turn on your computer.  Most AntiVirus softwares update themselves automatically.  But be aware that, typically, only the paid versions of AntiSpyware softwares update themselves automatically. You must remain vigilant if you rely on a free antispyware tool that requires you to manually get updates.

2. ALWAYS know what files are dangerous...
Know what to double-click on and what to NOT EVER double-click on.  You can use the list of dangerous file types we gave you (above) and post it near your computer.

3. NEVER double-click attachments. Instead, do this and be safe...
If you feel that you must open an attachment for some reason, then you should do it in a way that lets your AntiVirus and AntiSpyware software scan the attachment first. [note: if you use Outlook or Outlook Express or Thunderbird or any other email program, this applies to you.  Users of online webmail services like Hotmail, Gmail, Yahoo and others are less at risk because these services are pretty good about virus scanning everything before they dump it into your inbox.]

In order to be sure that your antivirus has a chance to scan any attachments you receive, all you need to do is right-click on the attachment in your email  message and when the menu pops up, choose "Save As". Then, choose a folder (or the desktop) as a location in which to save the file.  Then click the "Save" button.  This will save the attachment to your hard drive.

This does two things- (1) you get to see the entire, actual filename in the Save As dialog box (including the file extension).  (2) when you click the "Save" button in the "Save As" dialog box, your antivirus software immediately scans the file as it is being written to your hard drive.  If the file is malware, your antivirus or antispyware software should detect the problem during the save operation and remove the threat and trouble is averted.

When Is It OK To Click?  Only if the virus scan reports no problems should you then proceed to open the attachment. If you saved it to your desktop, it will be easy to find it so that you can delete the file when you are done with it.

WARNING: a trick that is used by virus writers to fool you...
There is a simple technique used by purveyors of viruses that has come to be known as social engineering.  This is where you get an email that promises some kind of reward if you click on a certain link or attachment in an email.  If the email convinces you to click on a certain something, you have been duped into running the "payload" of the virus email.  As an example, let's take a look at the virus known as "FUNNY.JPG" and see how and why it worked. 

The "FUNNY.JPG" virus was the result of some evil persons who created a VB Script that would compromise people's systems when they ran it.  All the virus authors had to do was get their virus script into the systems of as many people as possible and somehow get these people to run their little virus script.  Delivery was easy.  They used spammer techniques to send their virus payload to millions of people as an email.  The email promised a vivacious picture experience and contained an attachment (the virus executable posing as a sexy picture).

This particular virus was delivered via email and the script file was simply an attachment in that email.  "Oh, but I know what attachments are safe to click on" you say?  Victims received this virus email and, those with knowledge and wisdom simply deleted it.  The less-informed persons simply saw an email promising a tantalizing picture and were somehow unable to keep themselves from opening what they thought was a picture of something totally amazing or sexy or whatever.  Users who received the email AND double-clicked on the attached file actually ran this virus script (program) and compromised their systems because of their poor choice.   But it looked like the attachment was just a picture, right?

Bait And Switch Got People To Click...

In order to get you to run their little virus program, the virus authors simply disguised their virus script file as a picture by naming it "FUNNY.JPG.VBS".  

You might think "That doesn't look like the name of a picture cuz it has .VBS on the end of it...".  But here's the trick.  Since virus authors know that most people's systems are configured to hide file extensions of known file types (Windows default), they relied on the fact that most people would not ever see the ".vbs" on the end of the filename.  To them, it looked like the file was named "FUNNY.JPG" and so they naturally thought that the attachment was just a picture and they proceeded to try to open it.  After all, the email said it was an amazing or sexy or nude or whatever photograph.  In fact, the file was not a picture. The filename really ended with ".VBS", so it was an executable script.  When they double-clicked on it, they were actually running this dangerous script virus (program) that damaged their systems and/or compromised their identity  and other private information.

The virus writers were very successful in getting people to double-click on their file attachment or "payload" because most PCs are set to hide file extensions.  That is how Windows is configured by default ( for reasons known only to Microsoft in their infinite wisdom).  Therefore, many people ended up trying to open what they thought was a salacious picture of some sort and, instead, they ran the virus script and infected their systems.  This is the basic bait and switch technique that was used and is the reason why you should waste no time in setting Windows to always show the file extensions of all known file types.

My system is now SHOWING all the file extensions...
What else do I need to know? 

Once you unhide file extensions as detailed above, you will easily be able to spot what kind of file attachments you are dealing with.  In our FUNNY.JPG example, you would now be able to see the ".VBS" on the end of the file "FUNNY.JPG.VBS" and you would know to avoid opening it. 

All that is left to do now is to know that files ending with certain file extensions are dangerous and should never be opened if received as email attachments. 

You already know that ".VBS" is on the list of executable files that you should never touch and we have seen how this was used by the authors of the FUNNY.JPG virus.  There are lots of other file extensions that are indicative of files that will execute something when double-clicked.  We gave you a list of file extensions to avoid earlier in this article.  It would be a good idea to print the list and post it near your computer.  With your list always close at hand, now you just need to remember to always be aware of the FULL and complete filenames and extensions of all attachments you receive and be very sure the attachments are safe before opening them.  And remember, do not just double-click attachments.  Instead, use the "right-click, Save As" method we gave you in step #3, above, so that you know your antivirus actually has a chance to scan the attachment first.

Virus Writers tactics to get around "unhide file extensions" solution...
So, you have set Windows to always show all file extensions and now you are safe, right?  Not quite.  There is another simple little trick used by the evil spammers and hackers and virus writers that gets around the fact that smarter Windows users may have configured their systems to show all file extensions instead of hide them.  The evil malware authors came up with a very simple way to hide the file extension even from these smarter people.

The only thing the virus writers had to do to hide the file extension from the "smarter" user, even if their system is set to show file extensions, was to use a filename that contains a huge number of spaces right before the end of the file name (the file extension).  Very simple, but quite effective.

The effect of padding the virus file's name with lots of spaces is that it becomes harder for you to see the file extension, or, at least, easier to miss it.  Even if file extensions are being shown by Windows, if the filename is so long that you don't see the ".VBS" or ".EXE" or whatever way out on the end of the filename, you are at risk of feeling safe to open the attachment. 

This is what the virus mongers count on.  With this later tactic, even if your system no longer hides file extensions, you still might decide that the file is OK to open because you cannot see the ".VBS" or ".EXE" at the end of the filename because the filename is so long that you cannot see the file extension way out at the end of the filename. 

Let's take a more detailed look at how this works.  We will use our FUNNY.JPG virus as an example and we will show how long filenames with lots of spaces were used to conceal the fact that there is a ".VBS" extension at the end of the virus script's filename.  In fact, you could say that this was an enhanced version of the FUNNY.JPG virus that was designed to fool people regardless of whether Windows was hiding file extensions or not.

The virus writers needed you to think that there was just an innocent JPG picture attached to the email even if you have Windows setup to show file extensions.  Their solution was painfully simple.  They took their virus file "FUNNY.JPG.VBS" and changed the filename by adding lots of spaces to it, like this:

      "FUNNY.JPG.VBS"         was simply renamed to

      "FUNNY.JPG                                     .VBS"

By adding all of that "white space" inside the filename, it makes it more difficult to
see that there is a "hidden" file extension way out there at the end of the
very long filename.

You Can Still Be Safe- Not a problem, though, if you use the right-click / "Save As"
technique we described above, you will see the filename in a fairly wide field AND you can use your keyboard's Right-Arrow key to scroll all the way to the right of the filename if needed. That way, you will know with absolute certainty what the entire filename really is.  Also, if you use the Save As trick, your antivirus software is hopefully good enough to catch the fact that it is a malware and will remove it from your system.

Summary:
Email attachments can easily be viruses even if they look like harmless pictures.  You definitely should invest in the best Antivirus and AntiSpyware softwares.  You should also learn a few simple tricks to dealing with attachments that will help ensure you only open attachments that are safe to open. And even if you have real-time anti<whatever> software installed on your system, you really should tell Windows to NOT hide any part of any filename. Knowing the real, full and complete filenames of every file in  your computer makes good and total sense for many reasons.