Endpoint Protection

 View Only
  • 1.  .ini files

    Posted May 26, 2010 09:31 AM

    How can .ini be seen as malicious? My impression was they are not malicious themselves but can be used to perform a malicious activity. Was just wondering as I've seen SEP catch a few of these


  • 2.  RE: .ini files

    Posted May 26, 2010 09:38 AM
    they all get loaded and modify the files
    Common loading points for viruses, worms, and Trojan horse programs on Windows
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/1999052415383948?Open&seg=ent


  • 3.  RE: .ini files

    Posted May 26, 2010 10:27 AM
    Hi

    Can you upload a screen shot of  this. As per my information SEP should not detect an .ini and inf file as a virus.


  • 4.  RE: .ini files

    Posted May 26, 2010 10:37 AM

    The threats created the .ini files that SEP is seeing.

    For example see this Threat Expert summary of "Infostealer"
    http://www.threatexpert.com/report.aspx?md5=98de7bcad1ba2caf74007bd97bc2b505

    The following files were created in the system:

    %System%\Language\Default.ini
    %System%\Settings\Settings.ini


  • 5.  RE: .ini files

    Posted May 26, 2010 10:47 AM
    Is it possible that all of the .ini and .inf are considered as viruses,worms and trojans?

    Just asking..Many thanks...


  • 6.  RE: .ini files

    Posted May 26, 2010 11:00 AM
    No..INF -is Information File .INI -is initialization File..
    These file are not malicious by themselves but they can be used for malicious activity.

    As they are just pointers to actual files so they can point to mailicous files residing elsewere.

    However as Proactive approach if Antivirus finds them doing some Un-authorized activity then they can be Flagged as Suspicious.


  • 7.  RE: .ini files

    Posted May 27, 2010 02:34 AM
    Thanks for the info.
    I'll check your  " How to find Suspected Threats on your computer." to widen my knowledge.