Has anyone seen this?

[David H. Lipman]

That's good because a stock Windows OS has no idea on what the majority of those
are. Those are constructs created by specific software except "Quick View" which
is a Win9x construct and is a for some graphic files only.

Dave

| Not just AV apps, there aren't any;
| "Quick View"
| "Open with Irfan",
| "Browse with ACDSee",
| "Edit with WinHex",
| or other context conveniences that normally appear.

 

[Bart Bailey]

That's good because a stock Windows OS has no idea on what the majority of those
are. Those are constructs created by specific software except "Quick View" which
is a Win9x construct and is a for some graphic files only.

Graphic files only?
My "Quick View" shows for ALL files, including pif.
The only time it doesn't show is for folders.

Bart

 

[Banana Republic]

Wells Fargo, I believe, is a well known currier in States. My suggestion
will be to go to their own web site and find out if they do have an
application on pif file for anybody to fill up. This will solve your
mystery.

Banana Republic

 

[FromTheRafters]

Not just AV apps, there aren't any;
"Quick View"
"Open with Irfan",
"Browse with ACDSee",
"Edit with WinHex",
or other context conveniences that normally appear.

These can probably be added through a registry hack using
"ContextMenuHandler" and the CLSID for the scanner. They
(Microsoft) probably didn't think anyone would need or want
to scan these files.

 

[Jim Ferguson]

This is the reply I received from Wells Fargo after I sent the inquiry to
them concerning the phony message:


Thank you for writing to Wells Fargo about an email you received from "Wells
Fargo Accounting" regarding a new account application.

The email is a hoax and contains an attachment which, when opened, will
download a software program into your personal computer. This program
collects passwords and other information and relays it to an unauthorized
third party. Do not open the attachment.

Wells Fargo urges recipients of this email to immediately delete both the
email and the attachment.

If you believe your computer is infected, clean your system using anti-virus
software and change all your Internet and system passwords.

Anti-Virus Software Links:
http://www.mcafee.com/
http://www.symantec.com/product/
http://www.trendmicro.com/en/products/us/personal.htm

Please be assured that the hoax email was not sent from Wells Fargo and is
not associated with any department of Wells Fargo. It is being circulated
to a large number of people, including some Wells Fargo customers.

We regret that you received this deceptive message under Wells Fargo's name
and appreciate that you were concerned enough to bring it to our attention.
Wells Fargo is in no way involved in the distribution of this hoax email,
and its systems have not been compromised in any way. As always, we
encourage individuals to use and maintain the most updated anti-virus
software, and never to open emails or attachments that come from an
unrecognized source.

Wells Fargo is committed to protecting our customers. We believe a critical
success factor in combating fraud attempts is a strong collaborative effort
between Wells Fargo and the community. We encourage you to use extreme
caution when approached by anyone requesting personal and sensitive
information.

Get additional information here on how to protect yourself against fraud:
http://www.wellsfargo.com/privacy_security/identity_protection/index.jhtml

Sincerely,
Andrea
Wells Fargo
Online Customer Service



ORIGINAL MESSAGE:
-----------------

 

[Tim Backstrom]

FYI...The newest signatures for McAfee VirusScan released last night
recognizes the e-mail attachment as the Trojan "Downloader-DI". The
prior signatures didn't recognize it at all.

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on Tue, 22 Jul

In Message-ID:<[email protected]> posted on


It's a windows thing, and not AVP

Bart

If a PIF is renamed to an [exe], it can be scanned by the right click
context option. Trouble is the renaming doesn't work unless the ext is
showing, because the PIF is added to whatever you rename the file.
Here's a fix to show PIF extension, which will allow renaming for right
click context scanning:

---begin---
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile]
@="Shortcut to MS-DOS Program"
"EditFlags"=hex:01,00,00,00
"IsShortcut"=""
"NeverShowExt"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile]
@="Shortcut to MS-DOS Program"
"EditFlags"=hex:01,00,00,00
"IsShortcut"=""

---end---
Be sure to leave the last line blank, as above.

Sorry this took so long, been distracted <g>