I got one with a *.com.pif extension and one with xls.lnk.
What is interesting is that the worm also sends out random files from the victim's PC. If you have a hex editor you can read both the worm and the 'cover' file.
JLK
>>The one I got had a ".doc.pif" extension. I didn't open it. <bg>
>>
>>- Bruce
>
>I'm not sure, but I have a feeling that the pif is what's running the worm. Makes sense. it is an executable.
>
>>
>>>>>Please note the double-extension in this worm. Configure your Windows to show all extensions - a double extension (like MyConfidencialDocument.DOC.EXE) indicates a very high probability of virus infection.
>>>>
>>>>In other words, if you hide extensions (unfortunately the default in Windows), you will see MyConfidentialDocument.DOC.EXE as MyConfidentialDocument.DOC, and think it is only a Word document. Many worms take advantage of this fact. (Of course I am aware that a Word Document can carry a virus, too.)
>>>
>>>Hilmar,
>>>
>>>Same with the files I got. My machines always show the full file extension of files, but thanks for the warning.
Nebraska Dept of Revenue