Today, my friend, who almost never messages me, sent me a message saying "look at my pictures" Now, my computer-whiz friend is always joking about things like this, saying, "Hey, check out my cool pictures from the beach." So, I was sort of cautious. I sent him a message back saying, ".pif?? What is that??" And I started to Google it, but I decided to open it anyway since he wasn't responding. So, it was supposed to message everyone on my buddy list, but I don't think it did. Just in case, I messaged everyone and said, "Don't open anything I send you." And then I started running scans. I also shut down MSN Messenger and AIM. But when I ran HijackThis, it came up with a running process that looked a little out of place. It was D:\WINDOWS\system32\aim.exe Pretty strange, eh?? AIM is closed, and yet it's still running from the Windows directory. So, I killed the process and then I blasted the .exe And I'm still running scans and stuff. So, watch out. I have the link, but I'm not going to post it as some people will download and run it. But here's the site, it's Korean. I'm not sure if that's just a cover or their unknowingly harboring this virus.

http://redblock.co.kr/

Argh, timed out on the first time posting. Sorry.

PIF is some kind of a batch that can run and execute programs on your pc, i guess that it downloaded some virus from some ftp/http site and executed it. I wonder my windows still supports those things, I thought that pifs are dated from the 16 bit dos age?

Probably you still have a problem, try to pinpoint the virus's name and get a removal tool for it. Those pesky things have backup roots everywhere so if you delete something it is very likely to comeback just like that.

MSN has a stupid one right now, it had me tied up for hours but I got the thing in the end, it gives you the message "Your message made it to the Vida" and gives a link with your email address in it and when you click the link, you get a nice infection, hit me through firefox which I didnt quite understand but it did.

Yeah, my friend has that new virus. I had to block her actually, it got quite annoying... Well, thanks to Mozilla telling me it's a PIF, I didn't end up getting this thing, whatever it does to you.

Seems like a bunch of users were tricked into clicking that link. They all said something similar asking the user to look at the pictures.

Just to make sure they are gone, download and run these two programs (see below):

Download AimFix and run it now.

Download LQFix and run it. Click on Next->Next->Install. Click Finish to launch LQfix. Follow the screen prompts. Your system will reboot afterwards. Please wait for the script to finish in the background at this time...

That should get rid of it if any remnants are left behind. I usually see another piece of junk program working side by side with this aim virus, so that's why I'm asking you to run the second tool (LQFix) also (just in case ).