Analyse PIF file

J

Joah Senegal

Hello all,

Someone was sending me a *.PIF file wich is a shortcut to a MS-DOS program.
I know this kind of files can be harmfull. My virusscanner says the file
contains no virusses. But the filename is suspicious. So I want to analyse
this file... I''ve tried to open in by hexedit, and query the properties of
this file, without any result.

Anyone know how to analyse this file?

THANKS!
 
D

Duh_OZ

Joah said:
Hello all,

Someone was sending me a *.PIF file wich is a shortcut to a MS-DOS program.
I know this kind of files can be harmfull. My virusscanner says the file
contains no virusses. But the filename is suspicious. So I want to analyse
this file... I''ve tried to open in by hexedit, and query the properties of
this file, without any result.

Anyone know how to analyse this file?

THANKS!
Click to expand...
=============
Submit the file to either (or both) sites:
http://www.virustotal.com/en/indexf.html
http://virusscan.jotti.org/

Please post results after it is scanned.
 
J

James Egan

Someone was sending me a *.PIF file wich is a shortcut to a MS-DOS program.
I know this kind of files can be harmfull. My virusscanner says the file
contains no virusses. But the filename is suspicious. So I want to analyse
this file... I''ve tried to open in by hexedit, and query the properties of
this file, without any result.

Anyone know how to analyse this file?
Click to expand...

You should be able to view the file with a hex editor okay. Maybe you
are attempting to edit the file being linked to?

The reason the filename is suspicious is because of the way windows
treats .pif files. By default, such an extension would be hidden so
for example a file actually called "harmless.txt.pif" might appear on
your computer as "harmless.txt" leading you to believe you are about
to open a harmless text file in notepad and instead you are launching
an executable file of likely dubious origin.


Jim.
 
D

David H. Lipman

From: "Joah Senegal" <[email protected]>

| Hello all,
|
| Someone was sending me a *.PIF file wich is a shortcut to a MS-DOS program.
| I know this kind of files can be harmfull. My virusscanner says the file
| contains no virusses. But the filename is suspicious. So I want to analyse
| this file... I''ve tried to open in by hexedit, and query the properties of
| this file, without any result.
|
| Anyone know how to analyse this file?
|
| THANKS!
|


Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

.PIF files not scanned by NAV 6
Using PIF files in XP 2
Missing PIF - file 1
.PIF files won't work 1
Trojan or Address Spoofing? 2
Query view 1
Scan for virus without opening document 6
File path listing and analysis 3

Top