It could be anyfilename.jpg. The compromised .wmf file has to be
processed for the malware to deliver its payload, the method most often
cited is by directing an unsuspecting user to visit a web site and have
him/her click on something and have the web browser process the file.
If, for example, someone were to send you a mascaraded jpeg, or if you
were to download it from the net then try to open it, the file doesn't
need to have the .wmf extension. Inside the file there is a file header
that tells Windows what type of file it is and Windows would
automatically pass it on to the application associated with it so that
it could be processed. Graphic, or image viewers such as IrfanView or
ACDSee often have the .wmf associated to them, so Windows could pass the
file to these programs which would then open the file and the payload
would be delivered. I should add that a few of the MVP's have
deliberately tried to get infected (so that they can study the process
and test patches) and most report that they are having a hard time
getting the file to deliver the payload.

John

Sanford Aranoff wrote:

> The new Windows virus is that a wmf file is disguised as a jpg file.
> Does this mean that the file is actually virusXXX.jpg, or is it
> virusXXX.jpg.wmf?
>
>