Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 624
  • Last Modified:

Blue Mountain .pif files a virus?


I received the last days two messages with: "Hi I sent you an Ecard from Bluemountain. Including a .pif file. Unfortunately I opened the file. No ecard showed up, but my computer got slow. Especially, with text programs (Word, Outlook)

I have the latest Norton antivirus (with weekly updates) but it didn't recognised it as a virus. Secondly I don't know the senders of the mail, as well as, their email adresses are not valid - they bounce back.

Is this a new virus. And more important is there a solution to?
2 Solutions
gaarAuthor Commented:
Help is welcome!
I haven't heard of such a thing. But then, how do you know it was an actual Blue Mountain .pif file?
gaarAuthor Commented:
Yhe mail says:

"To view your eCard, open the attachment

If you have any comments or questions, please visit

Thanks for using BlueMountain.com."

This is not the regular mail! I informed them already, but they have no answer.

After a double visrusscan with the latest update (no virusses found) and a double check with ad-aware software, the comp is fast again... Word works perfect again...I Don't know??

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

gaarAuthor Commented:
With both mails, if you send a reply, the following happens:

"This Message was undeliverable due to the following reason:

Each of the following recipients was rejected by a remote mail server.
The reasons given by the server are included to help you determine why
each recipient was rejected.

    Recipient: <Eggler68@hotmail.com>
    Reason:    Requested action not taken: mailbox unavailable

Please reply to Postmaster@chello.nl
if you feel this message to be in error."
Alright there are a couple of things you should know:

.PIF File

Short for Program InFormation file, a type of file that holds information about how Windows should run a non-Windows application. For example, a PIF file can contain instructions for executing a DOS application in the Windows environment. These instructions can include the amount of memory to use, the path to the executable file, and what type of window to use. PIF files have a .pif extension. [Source 01]

PIF Virus and it's variants.

Basically a pif file runs with very little checking involved before hand. Many times people run the file because they have not selected to [hide known file extensions] for their windows enviroment options.

PIF viruses have been around since 1992, so they are not new. [Source 02]

Do you have a virus?

Probally, because your computer is displaying virus like symptoms. Easiest way to check is to look in your registry [run regedit] for:


See if anything out of the ordinary is there.

Do not edit your registry unless you know what you are doing, this could seriously affect your computer.


Hard to say, but I would recommend doing a full system scan and making sure you file scanning is set to [Scan file types: All File Types, Scan in Compressed Files]

In the Future

If you must download a file attachment from email, right click on it and choose [save as...] to a folder you know you can scan again just to make sure.

Sometimes antivirus scanners have a hard time dealing with temporary files, especially those created by Internet Explorer.


Source 01:
Source 02:


Lukas DiBeneditto
B2B eCommerce Webmaster
That is according to trend micro a worm called CULT.C go to www.trend micro.com look it up under security information. Strange thing they say its not in the wild could be a slightly diffrent one to what they have here but the fix applies. Hope this helps if you have not already done anything to get rid of it good luck
They also have a free online scan you can use called housecall give your email and country then let it load the files it needs then run the scan
www.housecall.antivirus.com is a good first step.  go there and scan your machine.  I do not believe Micorosft Outlook would have let you open pif, but if it would, if you had symantec norton antivirus 2003, i believe it would have scanned it before allowing it in.

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now