MS-DOS Prompt for Games.pif: A Virus

Since September 2004, wherein students started to be busy doing their projects and other requirements, a DOS-shortcut in PIF format started to occupy every folders found in the floppy drives even in the hard disk. At first I thought it was just an ordinary file created during the activation of any DOS files, but I noticed that it always leaves its copy to all folders that I am trying to open. It’s not normal Windows activity already.

So, I then started to investigate and study the behavior of this file. And I found out that this is the product of a malicious codes embedded in file folder.htt which is activated by the special file Desktop.ini.

This is just another modified variant of virus similar to that of what I called, Hedda Marie Virus. But this time, it uses another dummy file MS-DOS Prompt for Games.pif.

I tried to use my updated Norton antivirus software to identify the virus, but it seems my installed antivirus is not smart enough to identify it.

I need to deactivate this virus. So I tried to configure Windows Folder Option to Show All Files, and then I search for the files folder.htt, desktop.ini and *.pif. And then I deleted all found folder.htt, desktop.ini and MS-DOS Prompt for Games.pif files. After that, I restarted my computer.

I thought everything is already fine. But when I open a folder, this MS-DOS Prompt for Games.pif file is saving its copy to it. I have no choice but to disable the registry entry of folder.htt, and desktop.ini. After deleting it, I then restart again the computer, and the result is fine.

My computer is again running smoothly. But I need to delete the infected files to avoid infecting my computer again. So, I do the search of the 3 wanted files and I deleted them all. And now, its free again from virus.