Blue Mountain .pif files a virus?

Posted on 2003-03-27
Medium Priority
Last Modified: 2010-04-11

I received the last days two messages with: "Hi I sent you an Ecard from Bluemountain. Including a .pif file. Unfortunately I opened the file. No ecard showed up, but my computer got slow. Especially, with text programs (Word, Outlook)

I have the latest Norton antivirus (with weekly updates) but it didn't recognised it as a virus. Secondly I don't know the senders of the mail, as well as, their email adresses are not valid - they bounce back.

Is this a new virus. And more important is there a solution to?
Question by:gaar
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Author Comment

ID: 8217175
Help is welcome!
LVL 14

Expert Comment

ID: 8218577
I haven't heard of such a thing. But then, how do you know it was an actual Blue Mountain .pif file?

Author Comment

ID: 8218770
Yhe mail says:

"To view your eCard, open the attachment

If you have any comments or questions, please visit

Thanks for using BlueMountain.com."

This is not the regular mail! I informed them already, but they have no answer.

After a double visrusscan with the latest update (no virusses found) and a double check with ad-aware software, the comp is fast again... Word works perfect again...I Don't know??
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Author Comment

ID: 8218796
With both mails, if you send a reply, the following happens:

"This Message was undeliverable due to the following reason:

Each of the following recipients was rejected by a remote mail server.
The reasons given by the server are included to help you determine why
each recipient was rejected.

    Recipient: <Eggler68@hotmail.com>
    Reason:    Requested action not taken: mailbox unavailable

Please reply to Postmaster@chello.nl
if you feel this message to be in error."

Accepted Solution

dibeneditto earned 152 total points
ID: 8378148
Alright there are a couple of things you should know:

.PIF File

Short for Program InFormation file, a type of file that holds information about how Windows should run a non-Windows application. For example, a PIF file can contain instructions for executing a DOS application in the Windows environment. These instructions can include the amount of memory to use, the path to the executable file, and what type of window to use. PIF files have a .pif extension. [Source 01]

PIF Virus and it's variants.

Basically a pif file runs with very little checking involved before hand. Many times people run the file because they have not selected to [hide known file extensions] for their windows enviroment options.

PIF viruses have been around since 1992, so they are not new. [Source 02]

Do you have a virus?

Probally, because your computer is displaying virus like symptoms. Easiest way to check is to look in your registry [run regedit] for:


See if anything out of the ordinary is there.

Do not edit your registry unless you know what you are doing, this could seriously affect your computer.


Hard to say, but I would recommend doing a full system scan and making sure you file scanning is set to [Scan file types: All File Types, Scan in Compressed Files]

In the Future

If you must download a file attachment from email, right click on it and choose [save as...] to a folder you know you can scan again just to make sure.

Sometimes antivirus scanners have a hard time dealing with temporary files, especially those created by Internet Explorer.


Source 01:
Source 02:


Lukas DiBeneditto
B2B eCommerce Webmaster

Assisted Solution

fixit164 earned 148 total points
ID: 8403870
That is according to trend micro a worm called CULT.C go to www.trend micro.com look it up under security information. Strange thing they say its not in the wild could be a slightly diffrent one to what they have here but the fix applies. Hope this helps if you have not already done anything to get rid of it good luck

Expert Comment

ID: 8403872
They also have a free online scan you can use called housecall give your email and country then let it load the files it needs then run the scan

Expert Comment

ID: 8986851
www.housecall.antivirus.com is a good first step.  go there and scan your machine.  I do not believe Micorosft Outlook would have let you open pif, but if it would, if you had symantec norton antivirus 2003, i believe it would have scanned it before allowing it in.

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses
Course of the Month10 days, 7 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question