can you help w/ reading a file extracted from winzip?

The file's name is "doc.pif" -- what's a .pif? I can't open it w/ any attachment but Notepad, and then I get gobbeldygook. I saved that to the desktop and it appears as a 22kb shortcut to DOS icon -- ?

I do trust it; it's from Mrs. V.'s cousin's son.

Help?!

There's a virus going around in winzip right now.

Were you expecting this Email attachment? Even if it says it's from someone you trust, it could very well be a virus. That's how many of them get opened.

thanks to your question.... is the virus one of those that infiltrates your address book and sends itself to everyone??

I got this virus yesterday, and it said it was from my boss. I generally delete his Emails anyway but this particular one looked too virus-ey so I deleted it even faster.

EDIT: Talk to Ms. V's Cousin's Son and find out what he sent you, or if he sent anything at all, before trying to open this one further.

Now that I've finally caught up (film at eleven), I can't delete the DOS shortcuts. One's on my desktop and one's in my temp file. I get "Cannot delete doc: there has been a sharing violation. The source or destination file may be in use."

How do I delete the damn thing?

And why the bloody hell didn't my virus scan pick this up? Mrs. V. downloads new ones and patches practically every day!

Someone else may be able to chime in and correct me where I'm wrong here...

-Try closing all your applications and then deleting the DOS file. Generally, the error you got means that the program is running, or is referenced by another Windows application and it will cause problems if deleted. If not, use ctrl-alt-delete (assuming you're using Windows), go to Task Manager, and then to Processes. See if it's listed as a running process; if so, you can stop the process and then delete the application.

I'm reluctant to advise you to reboot, but that may be option 3 if neither of these work. Reboot, and then try to delete it.

-The more successful viruses stay ahead of virus scans and their updates. Usually the anti-virus software has good updates within 24 hours of its discovery but during that 24 hour interim the update won't be available and the virus scanner may not be able to detect it.

Good luck.

did it look like this?
.

Download and run Stinger:
http://vil.nai.com/vil/stinger/

Assuming that it is MyDoomm it is fairly new; it just was discovered yesterday.
http://vil.nai.com/vil/content/v_100983.htm

Do you know how to boot into Windows safe mode? As your computer is booting, you'll get to a point where the screen clears and, in most cases, you'll see a blinking cursor in one of the upper-hand corners. At that point press F8 on the keyboard. You should get the safe-mode boot screen. Boot into safe mode, and you should be able to delete the file.

Also, just to be on the safe side, I'd run your anti-virus software again while you're in safe mode. There are some files that cannot be deleted when you run the virus scan in regular Windows.

.pif extensions are needed by windows to run DOS files and unless you have changed windows settings normally a .pif will run automatically when you try to execute it.

It is possible your computer settings have been modified not to run the PIF extension automatically as a protection against future virus. Be grateful and move on.

An ADOBE Acrobat extension is PDF.

Files with .pif or .scr extensions should be considered dangerous; consider it a virus unless proven otherwise.
Ask Mrs. V.'s cousin's son to run a current Virus scanner; however many viruses spoof the address; i.e. the mail can be from anyone having both you, and Mrs. V.'s cousin's son in his/her address book.

In case you need security tools, check here:
http://www.my-etrust.com/microsoft/

:-)

Then again you may have an adventure ahead as you learn about

http://ccs.mit.edu/pif/

The Process Interchange Format (PIF) Project
PLEASE NOTE: The PIF Project has been merged with the PSL (Process Specification Language) Project at NIST. The PIF CORE and its extensions have been incorporated into the PSL CORE and its extensions. This pages and its links are maintained only for the purpose of redirection and archive. Please look at the PSL site current information.


But todays worm has a .pif that when you click on it produces a .scr file

Hope you know who you got file from and why!

:-)

Not unless you're damn sure who it's from AND are expecting it.

You should go to Trend Micro or Symantec and do an on-line scan. Peace

Run Virus Scan on it, or just delete it.

If this person does not tell you they have sent you a file, view it as malicious. Call and ask the sender. Of course you recognize them, your address came from their address book.

warning of winzip attatchments containing .pif files

kill that thing!!!

DELETE IT!

It looks like there's a new wave of worms going around.

"*.pif" files are similar to *.bat. They're executables, effectively. NEVER "open" them (i.e. 'Open' or double-click).

Same for *.scr files received via email.

Also, be SURE you've triple-checked an attachment's extension before opening/double-clicking it. One of the wormer's tricks is to name a file something like:

"naked-anna.jpg_________________________.pif

(where the "_" are actually spaces)

The spaces make it *look* like an image file -- but it's actually an executable. Open it and BAM!, you're infected.

Edited 'cause I hadn't seen the W32.Novarg.A@mm virus warning yet.

Short for Program Information file, a type of file that holds information about how Windows should run a non-Windows application. For example, a PIF file can contain instructions for executing an MS-DOS application in the Windows environment. These instructions can include the amount of memory to use, the path to the executable file, what type of window to use, and default properties such as font size, screen colors.

Check with the sender and make sure he actually sent the file, and that he intended to send it. You may trust him, but the file should still should be suspect. No "document" should be in the form of a "pif" file.

never open file attachments with extentions of:

exe--|
pif | - These are all executables - highest danger risk
bat__|

vbs--|
vbp | - These are program code files - very high risk
cmd__|

scr - supposedly screen saver, often contain viruses - med risk
zip - May contain self-executing files within - high risk
mdb - Database file - Can contain macro or program code - high risk

doc--| - Word and Excel files can contain macro viruses - med risk
xls__|



I'm sure there are some others, but these are the most common.

From: Administrator
Sent: Tuesday, January 27, 2004 10:09 AM
To: xxxxxxxxxxxxxxxxx
Subject: Symantec AVF detected an unrepairable virus in a message in
your mailbox


Location of the infected item: xxxxxxxx/Inbox
Sender of the infected item: xxxxxxxxxxxxxxxxx
Subject of the message: hello
The attachment "text.zip" was Quarantined for the following reasons:
The file was unrepairable. Virus Info:
Virus W32.Novarg.A@mm was found.
Virus W32.Novarg.A@mm was found in text.cmd.

Extremely nasty, it tries to steal your credit-card information by installing a key-logger.

I'm pretty sure my computer's safe from it, but I'll check it a few times before I buy something online.

Check out the info from McAfee:
http://us.mcafee.com/virusInfo/default.asp?id=mydoom

And Symantec:
http://tinyurl.com/2lv95

It's always a good idea to configure your anti-virus software to scan all incoming e-mails.

These worms all basically act the same way, when it infects the system it replicates itself via e-mail by going into your e-mail address book and sending off e-mails to everyone in your address book.

Rule of thumb: never open an attachment without scanning it first.

If you've double-clicked the icon on your desktop you've already set the virus off. Instructions for removal are posted at the two links I provided, and if you use some other anti-virus software, chances are they have posted instructions on removal at their web site.