Analyse PIF file

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello all,

Someone was sending me a *.PIF file wich is a shortcut to a MS-DOS program.
I know this kind of files can be harmfull. My virusscanner says the file
contains no virusses. But the filename is suspicious. So I want to analyse
this file... I''ve tried to open in by hexedit, and query the properties of
this file, without any result.

Anyone know how to analyse this file?

THANKS!



Re: Analyse PIF file

Joah Senegal wrote:
Quoted text here. Click to load it
=============
Submit the file to either (or both) sites:
http://www.virustotal.com/en/indexf.html
http://virusscan.jotti.org /

Please post results after it is scanned.


Re: Analyse PIF file

wrote:

Quoted text here. Click to load it

You should be able to view the file with a hex editor okay. Maybe you
are attempting to edit the file being linked to?

The reason the filename is suspicious is because of the way windows
treats .pif files. By default, such an extension would be hidden so
for example a file actually called "harmless.txt.pif" might appear on
your computer as "harmless.txt" leading you to believe you are about
to open a harmless text file in notepad and instead you are launching
an executable file of likely dubious origin.


Jim.


Re: Analyse PIF file


| Hello all,
|
| Someone was sending me a *.PIF file wich is a shortcut to a MS-DOS program.
| I know this kind of files can be harmfull. My virusscanner says the file
| contains no virusses. But the filename is suspicious. So I want to analyse
| this file... I''ve tried to open in by hexedit, and query the properties of
| this file, without any result.
|
| Anyone know how to analyse this file?
|
| THANKS!
|


Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it.  In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline