At 12:01 7-9-01 -0400, you wrote:
>Howard E. wrote:
>
>. > I have also received 2 from Oscar at GMX. The messages themselves
>. > are only about 20k and the decoded binaries about 13k. F-Prot
>. > identifies them as W95/Badtrans.A@mm.
>
>. > filename="searchURL.scr"
>. > filename="Humor.TXT.pif"
>
>. > I renamed them to search.exe and humor.exe, but of course all I
>. > get is "This program cannot be run in DOS mode".
>
>Howard,
>
>I would be very cautious about putting an .EXE extension on any virus
files.
>While *you* may get the message, "This program cannot be run in DOS mode,"
>others, however they may get the files, might receive the full impact of the
>virus.
>
>I would suggest considering an extension of, .BAD, or, .UGH, or .VIR or
>something that would be an indication of a bad file.
>
>Roger Turk
>Tucson, Arizona USA
No need to get paranoid;though the outcome of Howards experiment was
predictable, it was worth verifying that the .pif was in fact valid windows
code.
To do that it definitely needed a dos-executable extension.
Bart
(Now let's see if Oscar's remains silent...)
>
>
