"Sorry_about_yesterday.MP3.pif " ???

[Van_Lardo]

I was just sent an e-mail from Ghost^x0 (David Hojak) who I haven't talked to for a while.

You see, I won 3rd prize on the Xboxemulation.com's competition and I e-mailed him to thank him for the prizes... this was all months ago... but today I've found that he's apparently "replied" to me (same e-mail title except RE: at the front) and hes sent me a file called Sorry_about_yesterday.MP3.pif

Does anyone know what this is? My hotmail account has scanned there to be no viruses, but I'm not so sure...

Has he sent it to anyone else? Should I open it?

I doubt it's an MP3 file because of the .pif at the end (also because it's only 38k). There was also a text5.txt file but that was 0b... I opened that and was told it had performed an illegal instruction and closed.

Can anyone help?

[snake78]

It's most likely a virus (I wouldn't trust hotmail's scanner).

Anytime you get an attachment that you are not expecting, especially if it has 2 extensions (ie *.mp3.pif), don't open it. Delete it. And then send an email back to the person, asking if they sent it on purpose or at least letting them know that they may have a virus. Most times they don't know. And I'd make sure that your virus definitions are up to date on whatever virus scanner you use (you do have one, right?). And then do a full system scan to make sure that you are clean.

Hopefully your system is fine, but you can never be too safe.

[IUG-13]

Well, unfortunetly, Ghost isn't arround as much as he was. He does post on CVision now every once in a neon purple moon. But he has just started again, maybe you can pm him there.

[Van_Lardo]

I tried to scan disk just a minute or so ago... there was a problem checking the folders... the program kept reseting and starting all over again.

The arrangement of "show desktop" "Explorer" "Mail" and "Media Player" icons at the bottom left hand side of the screen occasionally "blinked" on and off when this happened.

I cancelled the search and drew the conclusion that since I haven't opened the file, I'm probably okay.

My system seems unaffected anyway...

But just in case my PC starts to try and strangle me in my sleep, bye, Everybody!

Ghost^x0 really has been quiet after his website was "shut down", although it does provide a direct link to the new consolevision.com address...

I still have a few of the Bleem! stickers he sent me... most of them are in my local G-Force store where they decorate the decaying DC demo pod and the whisky-covered counter.

They'll be getting rid of that demo pod soon... mybe I should ask for it... (like there's room )

PS: Thanks for the help!

[Faith Alone]

i got the same message from him. ill ask him about it next time i see him on aim

[Dr Zoidberg]

Looks like the runners up in the Xbox Emu comp got a special bonus prize. I haven't got anything extra yet but that's probably because I sent Ghost my details via private message.

[Van_Lardo]

EXTRA prize?

What do you mean, Dr Z?... I got my Bleem! stickers and also a copy of Nester DC with some freeware roms on it...

Didn't you get first prize?

EDIT: Oh... I got it now... extra prize = virus file thing... (I need more coffee!)

[sixteen-bit]

I still have a few of the Bleem! stickers he sent me... most of them are in my local G-Force store where they decorate the decaying DC demo pod and the whisky-covered counter.

They'll be getting rid of that demo pod soon... mybe I should ask for it... (like there's room )

PS: Thanks for the help!

Is this the one just along from Central Station Glasgow? I liked how they tastefully slapped a Bleem sticker on the DC demo pod... If they're getting rid of it, make them an offer! Or maybe I will sometime

By the way, a "pif" is a Program Information File (aka shortcut to dos program) so it might well have been a dodgy file he sent you.

[Van_Lardo]

THAT WAS MY STICKER!!!!

I 'donated' them for a *slight* reduction for "Skies of Arcadia"... I reckon that they'll get more attention in that store than in my room... where the number of gamers visiting regularly is slightly lower...

It's not a bad shop... but I haven't bought anything there since GAME lowered its prices in Buchanan street... Re-Volt for ?4.00?

EDIT: I deleted that file... it was beginning to look more and more dodgy.. Maybe someone should tell Ghost^x0 that his e-mail account's been hacked... (like his old site...)

[sixteen-bit]

THAT WAS MY STICKER!!!!

I 'donated' them for a *slight* reduction for "Skies of Arcadia"... I reckon that they'll get more attention in that store than in my room... where the number of gamers visiting regularly is slightly lower...

It's not a bad shop... but I haven't bought anything there since GAME lowered its prices in Buchanan street... Re-Volt for ?4.00?

EDIT: I deleted that file... it was beginning to look more and more dodgy.. Maybe someone should tell Ghost^x0 that his e-mail account's been hacked... (like his old site...)

Woo, you have fame now; your DC sticker is in the shop! I honestly thought it was some of the employees trying to piss off any sony fanboy that walks into the shop.

About the email (to stay on topic), it could have been dodgy, though pif files themselves don't seem to be able to do much harm they could load up DOS commands as far as I am aware.

[Van_Lardo]

What gets me though, is that I sent him that e-mail MONTHS ago! And it still had the same title except RE: stuck on the front!

If it was something original, then it could have been... SOMETHING good!

I'll keep an eye out for Ghost^x0 on Console Vision....

[Faith Alone]

[quote="Van_Lardo"]
What gets me though, is that I sent him that e-mail MONTHS ago! And it still had the same title except RE: stuck on the front!

If it was something original, then it could have been... SOMETHING good!

I'll keep an eye out for Ghost^x0 on Console Vision....
[/quote]

ive spoken to ghost about it, he had a virus on his computer. he said he was sorry. i ran a virus scan on my comp and nothin' turned up (well..no new viruses d-: ) so you should have nothing to worry about. *looks extremely cool in his bleem t-shirt* (-8

[Van_Lardo]

(Darn! There's no-where else that still sells those things?)

I got the package from Ghost^x0 (eventually) from the Post Office Package depot thanks to missing the post man...

It said on the parcel "2 Bleem! T-Shirts" so naturally I was over the moon... until I arrived at work (long story) and found a copy of Nester instead...

I'm not complaining....exactly... it just kinda got my hopes up...

ANYWAY... my PC seems fine now. Anyone else notices that e-mail turning up, post it here...it's a weird one in any case...

Thanks for your help.

[Dr Zoidberg]

It said on the parcel "2 Bleem! T-Shirts" so naturally I was over the moon... until I arrived at work (long story) and found a copy of Nester instead...

I got a Bleem! t-shirt.

[|darc|]

Ghost could've told everyone on his contacts list!
Heh... I love Norton, and No, I did not manually scan the email, Norton scanned it right out of Opera 6 on it's own! AutoProtection rules (but if a file is dodgy I'll still scan it manually just to make sure).

[Van_Lardo]

So it DEFINITELY WAS a virus?

The NERVE of some people!

Does anyone actually know what it would have done had I opened it?

...scary, huh?

[|darc|]

Thanks for the thread, cause I might have opened it! (i usually use yahoo web based mail and not a client, norton cant scan that)

[Sin-Tex]

I also got sent the virus, but would not let me download it due to using hotmail.

Damn funny really i only e-mailed him to check if he is still o.k with me using the old xbox emu sites design as a template for my dbz site & anohter site i own that is still being worked on.

I sent him another e-mail & get a message back saying the account no longer exists.

[Sin-Tex]

noticeses this is in the wrong forum.

Moved to off-topic forum

[Dr Zoidberg]

So it DEFINITELY WAS a virus?

The NERVE of some people!

Ghost didn't delibrately send it, he's the one with the virus. You can read a description of it here. Here's some of the description:

"W32/Badtrans-B is an email-aware worm which uses MAPI to spread. The worm forwards itself to addresses found on the infected computer as an email message with no message text.

The worm finds addresses to send itself to by searching the address book. Additionally it searches the internet cache and "My Documents" folders for web pages, looking for further email addresses to which to send itself.

If the worm is replying to mail found on the infected machine, it will use the infected user's address in the From: field of the email, otherwise it will use one of the following addresses in the From: field:

" Anna" <aizzo@home.com>
"JUDY" <JUJUB271@AOL.COM>
"Rita Tulliani" <powerpuff@videotron.ca>
"Tina" <tina0828@yahoo.com>
"Kelly Andersen" <Gravity49@aol.com>
" Andy" <andy@hweb-media.com>
"Linda" <lgonzal@hotmail.com>
"Mon S" <spiderroll@hotmail.com>
"Joanna" <joanna@mail.utexas.edu>
"JESSICA BENAVIDES" <jessica@aol.com>
" Administrator" <administrator@border.net>
" Admin" <admin@gte.net>
"Support" <support@cyberramp.net>
"Monika Prado" <monika@telia.com>
"Mary L. Adams" <mary@c-com.net>

The email uses a known exploit in certain versions of Outlook Express 5 in order to launch the attached file automatically. Microsoft has released a patch which reportedly addresses this vulnerability. It is available at http://www.microsoft.com/technet/securi ... 1-027.asp.
(This patch fixes a number of vulnerabilities in Microsoft's software, including the one exploited by this worm.)"

You want to watch out for these files, they're all the virus talked about above:

Card.pif
docs.scr
fun.pif
hamster.ZIP.scr
Humor.TXT.pif
images.pif
New_Napster_Site.DOC.scr
news_doc.scr
Me_nude.AVI.pif
Pics.ZIP.scr
README.TXT.pif
s3msong.MP3.pif
searchURL.scr
SETUP.pif
Sorry_about_yesterday.DOC.pif
YOU_are_FAT!.TXT.pif