I got an e-mail, that simply said, Re: as its subject. Thinking it could possibly something a friend sent, and when I clicked on it, it asked me if I wanted to download an image, .pif.
Naturally, I’m not stupid, so I declined to do so.
Image files cannot contain viruses. PIF can also be Program Information File, wich is something used by DOS programs in windows. I don’t see a way that type of file could be used to spread a virus.
Based on what I read in the very helpful first link provided by Violet, and your description of what happened, then it likely was a virus. It is impossible to tell if some scripting component has already executed or not, based on your description, but most likely not.
I will almost guarantee it is a virus. For a few reasons.
First, there is NO legitimate reason to send someone a PIF file. It’s a Program Information File, so without the program itself, what would be the purpose of it.
Second, there are a few file types that Windows will execute as programs. The normal ones .EXE and .COM, plus .BAT which executes as if it were a list of programs. But, Windows also executes .SCR (screen savers) and .PIF (DOS type program information files). Any of these can contain executable program code. The extension simply tells Windows that it can run it. What it does is up to the information in the file.
This is typical of a few viruses like W32.Magistr. They send the virus code in a file type that Windows will execute when double-clicked.
Update your anti-virus program, or get one if you don’t have one. And inform the person that sent you the file that he/she has a virus. Without telling them, the virus will continue to spread.
According to my Yahoo mail virus scanning software, I have been mailed lots and lots of viruses that had the subject line “Re:” and a file with a .pif extension. It was almost certainly a virus.
I have had NBT (Nothing But Trouble) with antivirus software so I have gone without it for years and have never, ever, had a virus infection and I am quite certain I will not get infected in the future. The most important prvention tool is between keyboard and chair. If only you use the computer you can be the most effective antivirus. This is what I do:
The immediately obvious: Do NOT open anything you are not certain about. In the rare event that I need to scan some file for virus I emeil it to myself at Hotmail who scans every file
In Outlook Express set the Security internet zone to “restricted” and configure “restricted” to not run any scripts. Remember that OE is just part of IE.
Configure your network settings to remove all unneeded bindings as explained in http://grc.com/default.htm
After 4 years without a problem I have just recently decided to add another layer of safety and installed Zonealarm.
I doubt anything can get past those simple measures. I have friends who use antivirus and their computers are full of virus. A bit of knowledge is better than the best tools and no knowledge.
It was the rest of the suite that I had problems with; Disk Dcotor, Reg Thingie and Something Else. Crashed regularly. They had a virus update out a day before McAfee though, so you pay your money and take your chances.
The reason that there was confusion in your mail reader about whether it was an image or an executable is that Internet Explorer (and therefore Outlook Express) had a bug which was exploited by these e-mails. The e-mail standard, since the dawn MIME, was for a program to depend on the “content-type” header to decide what to do with an attachment. However, Microsoft came in with no regard for existing standards and decided that their programs would look at the file’s name extension instead. So this attachment was an executable program, but had a MIME content-type header of “image”. This then allowed IE and OE to run the attachments without warning you that it was a program.
This bug has been corrected in the last nine months or so, and there is an update available from Microsoft. Better yet, use a non-MS mail program and you’ll avoid many of these worms (other programs have bugs, too, but nogoodniks usually target MS clients, plus MS is pretty casual about security risks). It also helps to have Windows not suppress showing you the file extensions for known file types (which you can set in the options menu of Windows Explorer).
Most computer security threats for the past couple of years have been of this type, which is a worm, not a virus, and they tend to spread like wildfire for a few days when they’re released. For this reason, anti-virus software isn’t effective because when you get these e-mails, the worm might be only a few hours old.