Advice Request Can a txt file be malicious?

[Bungus]

Recently found 2 files one is message.txt
And the other is message-1.txt (I assume was a copy of the first one)
I saw that they were in my downloads folder and with an almost 1 year old date (8-8-2020)
I opened one of them and it was a 3-4 lines of gibberish text I quit the text viewer that was showing the file but left the files

Could the files have hold any malicious payload or have executed anything? I am not a tech savvy so I don't know if files that are usually harmless can hold any malicious codes

 

[shmu26]

A .txt file on its own won't hurt you. Theoretically it could be part of a complex malware attack, or an artifact from one, but I think that is unlikely.

 

[Kongo]

Recently found 2 files one is message.txt
And the other is message-1.txt (I assume was a copy of the first one)
I saw that they were in my downloads folder and with an almost 1 year old date (8-8-2020)
I opened one of them and it was a 3-4 lines of gibberish text I quit the text viewer that was showing the file but left the files

Could the files have hold any malicious payload or have executed anything? I am not a tech savvy so I don't know if files that are usually harmless can hold any malicious codes

a text file on it's own can't be malicious as it doesn't have any malicious code that could be executed if you just open it with the normal Windows Editor. Threat actors could possibly use the double extension trick like: Malware.txt.exe (.exe would be hidden)
But as @shmu26 already said, it's pretty unlikely and from your description it doesn't seem to be the case on your system anyway.

 

[Andy Ful]

Besides advanced attacks, the TXT files can be used also in pretty simple and common attacks. For example, some scripts can be run when having any file extension (for example Windows Script Host). But, this would also require a shortcut, another script (not malicious), etc., because TXT files cannot be run directly from Explorer. Such attacks are usually performed in the wild by using ZIP archives, ISO images, etc.
In more advanced attacks, the TXT files can simply contain encrypted malicious code.
You can post this file here for more information (it is probably not malicious, just an output of something that was run by you).

 

[ZeePriest]

Generally no. But you should always have an anti virus running. The easiest way to check is to open in a binary file editor. A quick glance will tell you if it has text or binary data.

 

[struppigel]

I saw that they were in my downloads folder and with an almost 1 year old date (8-8-2020)
I opened one of them and it was a 3-4 lines of gibberish text I quit the text viewer that was showing the file but left the files

Hello. Yes, this could be malware. The file extension does not say anything about the actual file type. It only tells the operating system which programs are used per default to open the file, e.g., if you double-click on it. A malware can still execute such files by directly calling the correct program. The mere fact that you say it contains glibberish tells me that it is NOT a text file.

Do NOT post the file here.

Instead, please navigate to virustotal.com. Upload the file there, wait for it to be analysed. Please post the link here afterwards. Then I can take a look at it and tell you more.

 

[Lenny_Fox]

A malware can still execute such files by directly calling the correct program. The mere fact that you say it contains glibberish tells me that it is NOT a text file.

Please explain how clicking on a text file can launch a program (other than Andy's explanation, but that requires a whole lot more of staging to execute code)? You are the expert, so please explain and put this remark in context before people draw the wrong conclusions (this is not criticism, just a reminder that an expert can be the source of scareware, when taken his words wrongly)

 

[struppigel]

Please explain how clicking on a text file can launch a program (other than Andy's explanation, but that requires a whole lot more of staging to execute code)? You are the expert, so please explain and put this remark in context before people draw the wrong conclusions (this is not criticism, just a reminder that an expert can be the source of scareware, when taken his words wrongly)

No, I don't think OP launched potential code in the file by opening it in a text editor (and never said that).
But it is on their system and arrived there somehow. If it is malicious (which we don't know yet), it is a sign that the system is infected, was infected or that there was an infection attempt. Infection chains often involve several files. So if there was an infection or an attemped one, it is probably not the only file involved.

Might also be harmless, but we don't know without seeing the file. For sure we shouldn't encourage people to upload suspicious files here on the forum.

 

[upnorth]

we shouldn't encourage people to upload suspicious files here on the forum.

Correct and that's why it exist a specific dedicated forum section for possible malware removal help and support.

@Bungus , Please open a new thread in the correct section and follow the advice there from real experts.

Windows Malware Removal Help & Support

Get help removing adware, malware, spyware, ransomware, trojans, and viruses from Windows PCs. Follow the instructions in the pinned topics first. For security purposes, only authorized members may respond to requests for assistance.

malwaretips.com