Helping people with computers... one answer at a time.

In general, it's very unlikely that a picture would become infected with a virus, but there are related scenarios to be aware of.

My old computer was severely infected with viruses. So badly that the viruses cut off task manager, changed my background to a screen warning me about spyware and also tries to restart my computer every five minutes. My anti virus pops up with a new virus its found every few minutes as well. I'm not really interested in fixing the old computer. I'm purchasing a new one in a week or so. My question is can these viruses I have be transferred through pictures I have put on a cd-rom? These are priceless pictures. My mother who uses the same computer as me would be devastated if I couldn't put these on the new computer.

Short answer: probably not. In fact it's highly unlikely that viruses actually travel in pictures.

However, there are a few things to be aware of, and a few steps that will increase the security of your result.

In general, you're probably quite safe. It's highly unlikely that a picture you had prior to an infection became infected. In fact it's so unlikely that in your shoes, I'd probably do nothing about them.

There are some cases where pictures can in fact carry viruses, but once again even that is extremely rare. Typically, a virus-carrying picture must be created by someone with malicious intent, so they're not going to infect existing photos. When they first appeared they were placed on websites so that visitors would be infected.

These images also take advantage of vulnerabilities that have long been fixed by Microsoft, so making sure your system is up-to-date with the latest patches also goes a long way to ensure that you're safe even if by some change you did happen to have one.

"It's highly unlikely that a picture you had prior to an infection became infected."

The other picture-related vector for virus propagation is a picture that's not a picture.

The name of a file is just that: a name, and nothing more. The operating system uses the file name as a hint of what to do with the file. For example, this means that Windows knows that ".jpg" files should be opened using an image viewer.

But there's nothing that says a ".jpg" file needs to actually contain a picture. In fact, some exploits in the past have caused files of one type to be called something else. You see this all the time in virus-bearing email attachments where files might be called ".zip", but in fact might contain a ".exe" executable that can then run and infect your machine.

The same thing has, at times, happened with ".jpg" files. Depending on how it's done, and how up to date your system is, it's possible for a virus to masquerade as a picture. If you attempt to view the picture, you get a virus instead.

But once again, these weren't pictures to begin with; they're scenarios that were specifically crafted to deceive.

If you have a picture that you know is a picture - particularly if it's a picture you took with your own camera or scanned with your own scanner - then it's extremely unlikely that it would become infected with a virus.

However there's nothing wrong with double or triple checking.

So, here's what I would do:

  • Burn the pictures to CD for safekeeping.

  • Run an up-to-date virus scan (or two) on the CD, making sure that it's configured to check all files.

Assuming that comes up clean, then I'd consider those pictures perfectly safe.

Article C3554 - November 3, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

7 Comments
Bill Holland
November 4, 2008 9:33 AM

Thank you, Leo!
I teach intro to computer science at a local junior college. You wouldn't believe how much information I get from your columns to pass on to my students. I certainly do appreciate it.

Catmoves
November 4, 2008 12:21 PM

Leo, have a look at this: http://www.switched.com/2008/11/03/sneaky-trojan-horse-swipes-data-on-500-000-bank-accounts/?icid=200100397x1212392818x1200794898
It's not new, but how many get caught and how do you know if you are going to a dangerous site? With IE7 I use a free program named CallingID. It's from Microsoft and although slow sometimes, warns about known sites one doesnt' need to visit.
Haven't seen an equivalent for other browsers, though.

grace
November 5, 2008 8:07 AM

the article was helpful but not so explanatory. how do i know a 'picture that is not a picture?'. and if i were the guy who asked the question, how do i get rid of the virus? do i have to reformat my system?

Good question. If the file is already on your machine you could, of course, run a virus scan to hopefully get rid of it. The problem is that these are most often used on malicious websites where you don't have a chance to "look before you leap". The best advice is simply to keep your machine up-to-date with Windows patches, since it's unpatched machines that these things take advantage of, and stay away from questionable web sites. This article may help on what to do when you're infected, regardless of the cause: My computer's infected with a virus, how do I clean it up?
- Leo
06-Nov-2008

matt
November 10, 2008 8:54 PM

This article helps with my comprehension. Thanks a lot!!!

Carrie Brightman
February 18, 2009 9:33 AM

Hi,

I definitely have a worm on a CDR with some very valuable pictures on it.

What do I do now?

Thanks,

Carrie

Disable autorun, copy the contents of your CD to your hard disk, run anti-virus scans (probably multiple, definitely making sure their databases are up to date), and then burn a new CD of the images.
- Leo
19-Feb-2009
Mark
April 30, 2009 4:00 AM

In an explorer window go to Tools->Folder options->view and un-check "hide extensions for known file types" option. This is one of the most dangerous defaults settings of all time.

It's possible to name an executable file as for example picture.jpg.exe and if the extension is hidden you might be fooled into thinking you have a picture file. If you have a file with a double extension where the final extension is executable odds are high its a virus.

Also beware of screen saver files .scr. The name means screen saver but your computer handles it exactly the same as an .exe file.

Al
December 24, 2012 11:53 AM

ANY file can contain a virus, even picture files. An infected picture file would exploit a known weakness in your file viewer (the application that opens the infected file) to cause the viewer to execute malicious code stored in the picture. Software manufacturers are well aware of this and have taken steps to remove those weaknesses in mature applications.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.