Trojan in jpeg images?

Question:

2012-05-13 06:42:48 UTC

Hi,
I installed Lavasoft Ad-Aware a few days ago (I did not use this virus scanner before). It has just performed a full scan of my computer and found some 77 jpeg images (desktop wallpapers) that are (as it states) infected by "trojan.win32.jpgiframe (v)". Now, that is interesting, as I had those images for about 2 years now, all downloaded from eWallpapers.eu, I opened them in IrfanView and other graphic applications many times and I never had problems with them. They opened as normal images and my previous virus scanners never complained about them. These files are now in quarantine.
Question is: is this a real threat or a false positive? Can there be viruses in jpeg files that actually can be opened in Windows's in-built imaging application, or in PhotoShop, IrfanView etc.? (I know that you can rename an exe to a jpg but if it was that case then the image programs should give me an "unrecognised image format" or some similar error, I guess?)
Thank you

Three answers:

Nex

2012-05-13 07:59:15 UTC

Probably not a false positive but viruses added to image files are inert for the most part (there used to be an exploit that allowed executable code to be added to WMF files whose extension you could then change to more popular formats but it was fixed before vista was released). There are ways of executing them (exec xxx.jpg would run it as an executable, sometimes hackers try to sneak a few .bat or .cmd files into a rar containing plenty of images to trigger the virus).

2012-05-13 15:19:15 UTC

My guess is, they are false positives. If scans with the following products come up clean, I'd ignore the Ad-Aware results.

Try this:

Download the free version of Malwarebytes' Anti-Malware (MBAM). Install it, get updates and run a full scan (still in Safe Mode). This is a direct download link. Copy and paste it into your browser’s address bar, and press Enter.

http://www.myantispyware.com/mbam

If the problem still exists, download and run the free Kaspersky Virus Removal Tool:

http://support.kaspersky.com/viruses/utility

You should now delete the Kaspersky Virus Removal Tool, as updated versions are often made available. Malwarebytes' Anti-Malware can be easily uninstalled, should you wish to do so, but it may prove to be beneficial in the future.

Hope this helps.

Techno

2012-05-13 13:46:41 UTC

Most likely a FP. Virii can be in any format of file.

To be sure do the following...

Download, install, update and then in SAFE MODE* run full scans with these programs...

** http://www.malwarebytes.org

http://www.superantispyware.com

http://dl.surfright.nl/HitmanPro36.exe

**Note: Malwarebytes should be run in 'Normal Mode' unless that isn't possible!

Then re-start.

Try running a couple of on-line scans to be sure...

http://housecall.trendmicro.com/uk/

http://go.eset.com/us/online-scanner

http://www.pandasecurity.com/homeusers/solutions/activescan/

*Note: On start up (before Windows loads) keep tapping either F5 or F8 (be aware that some manufacturers use F8 for system recovery!) then use arrow keys to highlight 'Safe Mode with networking' and hit Enter/Return, click on a user account, enter the Administrator password (if you don't know it, there probably isn't one so leave it blank) and hit Enter/Return.

©Techno

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese