Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

Double Extension detection by Threat Protection Pro™

NordVPN’s Threat Protection Pro™ has a bunch of handy features to keep your online browsing safe. The double extension feature is one of them. It scans your downloads and notifies you about double file extensions that hackers use to trick you into downloading malware.

Double Extension detection by Threat Protection Pro™

Table of Contents

Table of Contents

What is the double extension detection feature?

NordVPN’s double extension detection is an in-app Threat Protection Pro™ feature designed to enhance malware protection on Windows devices. It spots phishing tricks where hackers hide malicious files behind double file extensions (like “photo.jpg.exe”). In short, the double extension detection feature scans your downloads and makes sure you don’t accidentally open the door to a harmful file through your browser.

How does double extension detection work?

The double extension detection feature scans your files during download and identifies files with more than one extension. Such files are infamous for hiding malicious software inside. So if you try downloading a file that looks something like “file.pdf.exe,” the double extension detection tool will notify you that the file is trying to pretend to be something else.

While an alert about a malicious file might be a false positive, it’s worth double-checking to avoid the risk of downloading a pesky virus.

Double extension detection

How to turn on double extension detection

The double extension detection feature is a part of the Threat Protection Pro™ tool, so if you enable the latter, file protection will activate automatically. You don’t have to do anything.

However, if you need guidance on how to activate Threat Protection Pro™ on your Windows device, follow the steps below:

  1. Open the NordVPN app.
  2. Tap the profile icon at the bottom right.
  3. Tap on the shield icon.
  4. Enable file protection.

What is a double extension file?

A double extension file has two different extensions, one after the other. The most common examples are .pdf.exe, .doc.exe, .jpg.exe, .txt.vbs, and .zip.exe. The second extension is an actual file format that could be hiding a virus, while the first is just text written into the filename.

For instance, if you come across something like “photo.jpg.exe,” you might think it’s just a harmless image file, but you have to be careful about the “.exe” part. It’s actually an executable file that could be infected with malware.

What are the dangers of double extension files?

Hackers use this sneaky double file extension trick to hide a file’s true nature and slip malware, viruses, or ransomware onto your device without you even realizing it. Such disguised files carry all sorts of nasty viruses, including those that modify Windows Registry or even change your system settings.

Take the ILOVEYOU virus, which spread back in 2000, for example. Millions of people all over the globe received an email with an attachment named “LOVE-LETTER-FOR-YOU.txt.vbs.” The “.txt” part made the file look harmless – a regular text file. But everyone who missed the “.vbs” part and clicked on this “love letter” got themselves into trouble. The next thing they knew, their image, audio, and document files were overwritten and gone for good. To make things worse, once the virus entered a system, it replicated and sent itself to every contact in the victim’s address book. So, if you are still wondering, yes, double extension files are dangerous.

What to do if you’ve opened a file with a double extension

If you suspect you’ve downloaded malware by opening a file with a double extension, act immediately. Disconnect your device from the internet and restart your computer in safe mode to stop the malware from loading. Then, run a thorough system scan with a reliable, up-to-date antivirus and remove the threat.

If you’re experienced in IT and know what to look for, you can also try manually deleting unfamiliar files from your computer. However, if the malware persists or you’re unsure about removing it, contact a cybersecurity professional — they’ll know what to do.

However, if you haven’t opened that double extension file yet but think this new download might be sketchy, try using a file checker. It’s super simple – just upload the image or document, and it’ll let you know if there’s anything malicious inside.

Online security starts with a click.

Stay safe with the world’s leading VPN

FAQ