How to Unhide File Extensions in Windows

What Are File Extensions...
File extensions are the part of the filename at
the righthand end of the name. For instance, a
filenamed "ABCDEFG.EXE" has a file extension
of ".EXE".  The file extension is whatever comes
after the last "." (period or 'dot').

Why MicroSoft ships Windows with its default
settings being the most dangerous they can be
is a mystery to all of us. Well, I suppose it
helps to keep the antivirus companies
in business  :-O

And if you choose not to Unhide File extensions on
your PC(s), then you should definitely have the
best AntiVirus and AntiSpyware installed on your
system(s).

The Hackers File Extension Hiding Trick...
By default, Windows is set to hide file
extensions of known file types.  What this
means to you is that you are easy prey to the
most common type of email virus tactic,
which is- to mail an attachment with a filename
that looks like something it is not.  

The trick is that the virus hackers will simply
name the file in such a way as to appear to be a
JPG or something harmless because they know that
most peoples' systems will not show the actual
file extension.  

For example, if your system is hiding file
extensions, a file attachment of "MyDog.JPG.VBS"
will appear in your email program as "MyDog.JPG"
which leads you to believe that it is simply a
picture, when in fact it is a VB script (a program
that can do whatever the virus writer wants it to if
you decide to double-click on it).  

The Fix: One Simple Windows Setting...
What we will describe here, is how to change the
system setting that determines if file extensions
are displayed or not...

To keep Windows from hiding file extensions,
do this:

-Open Windows Explorer, then use the Explorer
menu and do...

-View/Folder Options (or Tools/Folder Options,
depending on what version of  Windows you have).  

-A window will appear.  

-Click on the "View" tab and...

-In the list of checkboxes on that screen, make
sure you UNcheck the "Hide  file extensions of
know file types".  

-Then click on Apply...

-Then click on "Like Current Folder" to apply
this setting to all folders.

-Then click OK on all windows to get back to your
Windows Explorer window.  

Depending on which folder you had selected when you
started Windows Explorer, you might immediately notice
that you can now see the file extensions for all your
files now (that you couldn't see before).  Actually,
there are still some file types that Windows insists
on hiding from you, but for our purposes today, this
new setting will suffice.  

We'll cover the more advanced UN-hiding of extensions
in a future VACM.

File Attachments To Avoid...
Now that you can see file extensions, here are the ones
to be wary of when they arrive as email attachments:

".EXE", ".DOC", ".XLS", ".SCR", ".VBS", ".WSF", ".PIF",
".BAT", ".CMD", ".INF", ".SHE", ".SHB", ".LNK"

Files ending in any of these file extensions are all
capable of executing malicious code on your system.

File types that are less likely to contain viruses, but that
still can are:

".DOC", ".PDF", ".XLS"

These include Word Document, Adobe Acrobat files, Excel
Spreadsheets.

***********************************************
* How Does This Help Me To Fear No Attachments?
***********************************************
Now that you know what types of attachments to stay away from,
just follow a few simple rules when dealing with your email.

1. First, get in the habit...
of updating your AntiVirus and AntiSpyware software EVERY time you turn on
your comuter.

2. ALWAYS know what files are dangerous...
Know what to double-click on and what to
never double-click on.  Use the lists of file
types we gave you above and post them near
your monitor.

3. NEVER double-click attachments. Instead...
If you feel that you must open an attachment for some reason,
then you should do it in a way that lets your AntiVirus and
AntiSpyware software scan the attachment first.
For this to happen, what you should do is right-click
on the attachment in your email message and when
the menu pops up, choose "SaveAS".
Then choose a folder (or the desktop) as a
location in which to save the file.

This does two things- first, you get to see the entire filename
in the SaveAs dialog box and, second, when you click the "Save"
button, your antiviru software detects that a file is being written
to disk and immeidately "wakes up" and scans it.

Only if the virus scan reports no problems should you then proceed
to open the attachment. If you saved it to your desktop, it will be
easy to find and simple to delete the file when you are done with it.

WARNING: one other trick that is being used...
regarding file naming of virus files is to use a filename that
contains a huge number of spaces before the end of the file name (the
file extension). For example, the "FUNNY.JPG" virus was actually
"FUNNY.JPG.VMS". Once you unhide file extensions, you will see the
".VBS" on the end and you will see that ".VBS" is on the list of
executable files to not touch.

The Virus writers next tactic to get around this...
is to now make it harder for you to see the file extension even if they are not
hidden by Windows. by using a different tactic so that even if your system no longer hides file extensions, you still might decide that the file is OK.

Here's what they do:
They might take the "FUNNY.JPG.VBS" virus file and change the name to this:

"FUNNY.JPG                                 .VBS"

By adding all this "white space" to the filename, it makes it more difficult to
see that there is a "hidden" file extension way out there at the end of this
very long file name. Not a problem, though, if you use the right-click / "SaveAs"
technique you will see the filename in a fairly wide field AND you can use
your keyboard's RightArrow key to scroll all the way to the right of the filename
and know with absolute certainty what the filename really ends with.

Summary:

The obvious protection is to get the best Antivirus
and AntiSpyware softwares installed on your system(s).
But even if you have real-time anti<whatever> software
you really should tell Windows to not hide any part of any filename. Knowing
the real, complete filenames of everything in "My Computer" is a tremendous
help in determining what each file is.