Hey guys,

Has anyone seen this file randomly being sent via your contacts?  I've seen about 15 people from my list try to send it to me now, is it just my comp or is this something going around MSN? They say they don't even see request to transfer to me. Thanks!

-- TLs4

It's most likely a virus. Don't accept any file transfers of files you don't know/ from ppl you don't know.

quote:

---

Originally posted by File Ext

Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension.

---

Yeah I figured as much... just hoping that its on their computers and not mine. I forgot that I had auto-accept enabled in Plus, and came back with 12 of them in my recieved files. Not cool! haha, thanks for the uber quick reply

VIRUS oh, ive had to many of these not more wats a pif neway

Edit: oh yea, fileext.com....derrr sorreh

Symantec site has just posted a virus

http://www.sarc.com/avcenter/venc/data/w32.bropia.html

wow, so this virus does exist since Jan 13? 

Yep, 4 people from my list sent me *.pif files today, seems to be a new MSN virus.

quote:

---

Originally posted by http://www.webopedia.com/TERM/P/PIF_file.html
Short for Program InFormation file, a type of file that holds information about how Windows should run a non-Windows application. For example, a PIF file can contain instructions for executing a DOS application in the Windows environment. These instructions can include the amount of memory to use, the path to the executable file, and what type of window to use. PIF files have a .pif extension .

---

Also stay clear of files in P2P's that don't look right most of the time they will be a virus.

From mess.be:

quote:

---

WARNING: Bropia.A, a new MSN Messenger worm on the loose!

Based on numerous reports from messers, a new virus seems to be propagating itself rapidly through MSN Messenger.

F-Secure identifies the worm as Bropia.A, other antivirus software (like including Kaspersky) labels it IM-Worm.Win32.VB.a.

When received and executed by the victim, the worm places itself in the C directory with a random filename like:

sexy_bedroom.pif
drunk_lol.pif
naked_party.pif
webcam_(random number).pif
love_me.pif and similar looking names.

It then automatically sends itself to active MSN Messenger contacts. It also drops and executes oms.exe, a variant of Rbot, which copies itself as lexplore.exe and adds two registry keys so it will be executed at next system startup. The bot can be used as a backdoor, logging keystrokes, relaying spam and for various other purposes and is therefor a huge security threat to your system. Brobia.A can also disable mouse right button and manipulate Windows mixer volume settings.



If you receive a file transfer request for such a file, press ALT-D or click Decline. Don't ever execute the file. If you did, delete the file immediately and permanently from your system (My Received Files and C drive) and take necessary security measures. For more information, visit F-Secure.

---

more information here
http://forum.mess.be/index.php?showtopic=4399