HTTP://WWW.STOPNATO.ORG.UK ---------------------------
SULFNBK.EXE Warning
Last Updated on: January 11, 2002 at 10:46:25 AM PST
Symantec Security Response encourages you to ignore any messages regarding this hoax. It is harmless and is intended only to cause unwarranted concern. Type: Hoax Description:
The following hoax email was first reported in Brazil, and the original email was in Portuguese. Other language versions are in circulation. Currently, the English language versions are most common.
CAUTIONS:
This particular email message is a hoax. The file that is mentioned in the hoax, however, Sulfnbk.exe, is a Microsoft Windows 95/98/Me utility that is used to restore long file names, and like any .exe file, it can be infected by a virus that targets .exe files.
NOTE: The Sulfnbk.exe file is not required to run Windows. It may be necessary if you need to restore long file names if the file names become corrupted. For additional information, read the Microsoft Knowledge Base article Description of Sulfnbk.exe and How to Replace the Program File (Q301316)
The virus/worm W32.Magistr.24876@mm can arrive as an attachment named Sulfnbk.exe. The Sulfnbk.exe file used by Windows is located by default in the C:\Windows\Command folder.
NOTE: The C:\Windows\Command folder is the usual default location for this file. It is possible that if you have a custom installation, or a special configuration that was installed by the computer manufacturer, the file could be in a different location.
If the file is located in any other folder (except as noted), or arrives as an attachment to a email message, then it is possible that the file is infected. In this case, if a scan with the latest virus definitions and with NAV set to scan all files does not detect the file as being infected, quarantine and submit the file to SARC for analysis by following the instructions in the document How to submit a file to SARC using Scan and Deliver.
If you have deleted the Sulfnbk.exe file from the C:\Windows\Command folder and want to know how to restore the file, see the How to restore the Sulfnbk.exe file section at the end of this document.
English versions
NOTE: Several versions are shown, with the most recent ones shown first. Many more have been reported. All have the same basic theme.
Version 1
Hello! I just got this letter from my friend and yes I had the virus as well please follow the directions to see if you have the virus and then follow the directions to get rid of it. Like my friend I am sorry that I passed it along as well.
Dear All: We received a virus on a message. I followed the instructions below and found that it had been spread to our computer. I followed the instructions and located the virus and was able to delete it. The bad news is that you probably have it, as you are in My Address book! More bad news is that my anti virus program did not detect this virus. The virus lies dormant for 14 days and then "kills" your hard drive.
Here is what to do. If you follow the instructions and then see that you have the virus, you need to send a similar e-mail to everyone in your address book.
Remove the virus by following these steps:
1. Go to "Start." Then to "Find" or "Search".
2. In the "Search for files or folders" type sulfnbk.exe -- this is the name of the virus.
3. In the "Look in" section, make sure you are searching Drive C.
4. Hit "Search" or "Find".
5. If your search finds this file, it will be an ugly blackish icon that will have the name sulfnbk.exe. DO NOT OPEN IT! If it does not show up on your first "Search", try a "New Search."
6. Right click on the file -- go down to "Delete" and left click.
7. You will be asked if you want to send the file to the Recycling Bin -- say "Yes".
8. Go to your Desktop (where all your icons are) and right click on the Recycle Bin and either manually delete the sulfnbk.exe program or empty
the entire bin.
9. If you found the virus on your system, send this or a similar e-mail to all in your address book because this is how it is transferred.
Sorry for the trouble and my apologies for having unwittingly "infected" you. You'll want to check for this virus again for the next couple days
until everyone in your address book has seen it and deleted it, otherwise, being in their address book, your PC will get infected all
over again so don't forget to check!
Version 2
This is very real, and I may have passed it on to you. Check it out as below right now. Your drive may crash!!
"I had a virus which apparently attaches itself to everyone in my address book. I deleted it successfully. you may have it as well. Follow these instructions to see if you have it. It transfers to whomever is in your address book. It lies dormant for 14 days, then kills your hard drive. If you've got it send these instructions to everyone in you address book. Otherwise, it may be sent back to you by somebody else.
1. go to start-then to "find or search" 2. in the "search for files or folders" type in sulfnbk.exe - this is the name of the virus. 3. in the "look in" make sure you're searching drive C
4. hit "search" button ))or find_
5. if this file shows up (it's an ugly blackish icon that will have the name sulfnbk.exe) DON'T OPEN IT
6. right click on the file - go down to delete and left click
7. It will ask if you want to send it to the recycle bin - yes
8. go to your desktop (where all your icons are) and double-click on the recycle bin
9. right click on sulfnbk.exe and delete again or just empty the recycle bin
IF YOU FIND THIS.....SEND IT TO EVERYONE IN YOUR ADDRESS BOOK, BECAUSE THAT'S HOW IT IS TRANSFERRED.
Version 3
Do you believe that a friend of mine sent me an alert and the procedure that we have to follow for the possible infection of SULFNBK.EXE. And I had checked, just to make sure. An then... the file was there, hidden even of McAfee and Norton, maybe waiting something to start work.
Well, see bellow the procedure that I followed step by step, and I found the file:
1. Start/Find Folders. Type the file name: SULFNBK.EXE
2. If it find, open Windows Explorer, browse into the folder where the file is and delete it. Do not click with left button on the file and do not open it.
3. Just delete it
4. Mine was on Windows/Command
5. The virus from the person who gave the alert was on Windows/Config
Yes, Norton and McAfee do not detect it.
We do not know if it makes some damage on the machine, but I think that anybody will not want to test it to know, will it?
Folks, this is not fun, I deleted it from my computer.
And my definitions are updated.
Do the same, ok?
Version 4
This one has additional text stating that the virus will activate on June 1st.
It was brought to my attention yesterday that a virus is in circulation via email. I looked for it and to my surprise I found it on mine. ..
Please follow the directions and remove it from yours TODAY!!!!!!!
No Virus software can detect it. It will become active on June 1, 2001.
It might be too late by then. It wipes out all files and folders on
the hard drive. This virus travels thru E-mail and migrates to the
'C:\windows\command' folder.
The bad part is: You need to contact everyone you have sent ANY
E-mail to in the past few months. Many major companies have found this virus on
their computers. Please help your friends !!!!!!!!
DO NOT RELY ON YOUR ANTI-VIRUS SOFTWARE. McAFEE and NORTON CANNOT
DETECT IT BECAUSE IT DOES NOT BECOME A VIRUS UNTIL JUNE 1ST.
WHATEVER YOU DO, DO NOT OPEN THE FILE!!!
Version 5
To Those in My Address Book:
Earlier this evening I received the email below from a friend halfway around the world informing me that he had contracted a computer virus which was designed to spread to his address book. Because I am in his address book, he forwarded instructions on this very destructive virus to me - and others. I followed the instructions and determined that I had also contracted the virus, which reportedly lies dormant for 14 days and then kills the host hard drive. One must assume that it has now been spread to everyone in my address book. I AM INFORMING YOU OF THIS IN A TIMELY MANNER.
Before following his instructions, I ran the virus scan from my security service, McAfee, and it did not pick up the virus from any of my files. BUT, when I followed the instructions below, I found the virus hiding out, deleted it to the Recycle Bin and the emptied the bin. I ran the procedure again and the virus file and icon are indeed gone.
IT IS STRONGLY RECOMMENDED THAT YOU FOLLOW THE PROCEDURES BELOW AND DETERMINE IF YOUR MACHINE HAS BEEN INVADED. IF SO, FOLLOW THE REMOVAL INSTRUCTIONS.
I sincerely am sorry to cause you this trouble and for being the conduit for the spreading of this virus, but it is very important that you take the appropriate actions to protect your hard drive.
My very best wishes and sincere apology, Jane
Remove the virus by following these steps:
1. Go to 'start' then to 'find' or 'search'.
2. In the 'search for files or folders' type sulfnbk.exe this is the name of the virus.
3. In the 'look in' section, make sure you are searching the C drive.
4. Hit 'search' or 'find'.
5. If your search finds this file, it will be an ugly blackish icon that will have the name sulfnbk.exe. DO NOT OPEN IT.
6. Right click on the file - go down to 'delete' and left click.
7. You will be asked if you want to send the file to the Recycling bin - say 'yes'.
8. Go to your desktop (where all your icons are) and right click on the recycle bin and either manually delete the sulfnbk.exe program or empty the entire bin.
9. If you found this virus on your system, send this to all in your address book because this is how it is transferred.
10. If it does not show up on your first 'search' try a 'new search'.
Sorry for the trouble and our apologies for unwittingly 'infecting' you.
P.S. We are supposedly protected by the latest update of Symantec Norton Antivirus
French
Bonjour à tous, Hello everyone!
Ceci est une alerte au VIRUS assez sérieuse.
This is a serious VIRUS alert.
Comme je vous ai envoyé des courriels dans les 3 derniers mois, je
vous
invite à vérifier s'il n'y aurait pas un dossier intitulé
SULFNBK.EXE
quelques part dans votre ordinateur.
Since I have emailed you in the last couple of month I invite you to
read
the following text carefully. Please note that, against all odds, I
had it
exactly where it was mentionned it would be...
Prenez note que ce VIRUS ( SULFNBK.EXE )est indétectable et qu'il
doit être
activé le 1er JUIN donc, vérifier immédiatement, Ne l'ouvrez PAS et
jetter
le directement à la poubelle; VIDER LA POUBELLE PAR LA SUITE.
==^================================================================ This email was sent to: archive@jab.org EASY UNSUBSCRIBE click here: http://topica.com/u/?a84x2u.a9WB2D Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
