A pif file is a Program Information file ... a legacy from windows 3.1
.... it is excutable under windows.

The trick with the two extensions relies on windows habit of hiding the
extensions of known file types unless you change this option after the
install. This leaves the file looking like a text file or a picture,
which is then executed whjen the user double clicks on it.

It is good practice to set windows to show the extensions of known
filetypes.

Mark

Doug Crice wrote:
> 
> I know enough to look out for .vbs or .exe files, but this file ended in
> (random message).TXT.pif
> 
> The message is one of many chosen at random by the virus.  I didn't know
> that an executable file could have a .pif extension.  Neither .exe or
> .vbs was present.
> 
> Clicking on that link to Symantec doesn't seem to work, but typing it in
> does.  Go figure.
> 
> Doug
> 
> Ted Blank wrote:
> >
> > It is good advice not to run any executable that comes from an unknown (and
> > therefore untrusted) source.  .VBS is another type of executable file
> > (Visual Basic Script) and some nasty viruses have come packaged this way.
> > But not all attachments that end in .exe contain viruses.  We used to
> > distribute our programs as .exe attachments BLW (Before Larry and the Web).
> > Just be doubly careful with these files.
> >
> > I also urge people to beware of a simple trick:  naming a file something
> > like    funnyjoke.txt.exe    where your eye might catch the 'txt' part and
> > you double click on it (thinking that Wordpad or some editor will get
> > invoked).  Of course, Windows only looks at the last extension which is
> > 'exe' and poof you are in trouble.
> >
> > BTW, the URL in the note below should end in html, not htm.
> >
> > Regards,
> > Ted Blank
> >
> > IBM Global Services  -  Performance Management and Capacity Planning at the
> > Washington Systems Center
> > Office:  238 Highland St., Portsmouth, NH 03801   Tieline: 8-253-9969
> > Outside: (603) 433-9201
> > Office Fax: (603) 433-9190    Pager: 1-800-759-8888  PIN  1151100
> > Notes:   Ted Blank/Portsmouth/IBM@IBMUS    Internet:  ted@..........
> >
> > Doug Crice @.............. on 11/22/2000 12:28:18 AM
> >
> > Please respond to psn-l@..............
> >
> > Sent by:  psn-l-request@..............
> >
> > To:   undisclosed-recipients:;
> > cc:
> > Subject:  Virus Warning
> >
> > If you get a message with a link with the extension .pif or .exe, don't
> > open it, it contains a virus.
> >
> > You can read about it at
> > http://www.symantec.com/avcenter/venc/data/w95.mtx.htm
> > --
> > Doug Crice                http://www.georadar.com
> > 19623 Via Escuela Drive             phone 408-867-3792
> > Saratoga, California  95070  USA   fax 408-867-4900
> > __________________________________________________________
> >
> > Public Seismic Network Mailing List (PSN-L)
> >
> > To leave this list email PSN-L-REQUEST@.............. with
> > the body of the message (first line only): unsubscribe
> > See http://www.seismicnet.com/maillist.html for more information.
> >
> > __________________________________________________________
> >
> > Public Seismic Network Mailing List (PSN-L)
> >
> > To leave this list email PSN-L-REQUEST@.............. with
> > the body of the message (first line only): unsubscribe
> > See http://www.seismicnet.com/maillist.html for more information.
> 
> --
> Doug Crice                       http://www.georadar.com
> 19623 Via Escuela Drive               phone 408-867-3792
> Saratoga, California  95070  USA        fax 408-867-4900
> __________________________________________________________
> 
> Public Seismic Network Mailing List (PSN-L)
> 
> To leave this list email PSN-L-REQUEST@.............. with
> the body of the message (first line only): unsubscribe
> See http://www.seismicnet.com/maillist.html for more information.
__________________________________________________________

Public Seismic Network Mailing List (PSN-L)