Basically, anything that is executable (able to run). You’re generally safe with picture files, text files, and the like. However, it still pays to scan first.
Here’s a very short list of the most common to watch out for:
exe, zip, scr, vbs, bat, com, pif, asp, doc, xls
The above file extensions are the most common; don’t misinterpret this to mean that if you get one of these files it’s automatically a virus. A “.zip” file may be nothing more than a set of compressed files your friend sent you to look at. A “doc” or “xls” file may simply be an MS Office file. It’s just that these type of files could also be viruses.
A couple other virus tricks you need to be aware of are :
First, MS Office files can contain what are called “Macro Viruses”. These files can run a “macro” (a macro is a mini-program run from within another program) that can be as destructive as any “regular” virus. So, do not open MS Office attachments unless you are expecting them. If they just show up, verify with the sender first.
The other trick you need to look out for is an extra extension added to an attached file. For example, you may have something like “mypicture.jpg.vbs”. In fact, if you don’t have your computer set to view file extensions, it may just look like “mypicture.jpg” and omit that last “vbs” part.
This may appear to be a jpg picture file, but it’s actually a vbs (Visual Basic Script) file. If executed, it will happily infect your computer with a virus.