Be sure the information you get in an email is valid before you do
something to your computer or forward the message to all of your friends.
If you have any doubts, err on the side of caution. "Be safe not sorry."
The "sulfnbk.exe virus" is a hoax:
Usually an email that gets mailed in chain letter fashion describing
some devastating highly unlikely type of virus. You can usually spot a hoax
because there's no file attachment, no reference to a third party who can
validate the claim and the general 'tone' of the message.
This particular email message is a hoax. The file that is mentioned in
the hoax, however, Sulfnbk.exe, is a Microsoft Windows utility that is
used to restore long file names, and like any .exe file, it can be
infected by a virus that targets .exe files.
The virus/worm
W32.Magistr.24876@mm can arrive as an
attachment named Sulfnbk.exe. The Sulfnbk.exe file used by Windows is
located in the C:\Windows\Command folder. If the file is located in any
other folder, or arrives as an attachment to a email message, then it is
possible that the file is infected. In this case, if a scan with the
latest virus definitions and with NAV set to scan all files does not
detect the file as being infected, quarantine and submit the file to SARC
for analysis by following the instructions in the document
How to submit a file to SARC using Scan and Deliver.
If you have deleted the Sulfnbk.exe file from the C:\Windows\Command
folder and want to know how to restore the file, see the How to restore
the Sulfnbk.exe file section below.
Examples
Version 1
Dear So-and-so:
This is very real, and I may have passed it on to you. Check it out as below
right now. Your drive may crash!!
"I had a virus which apparently attaches itself to everyone in my address
book. I deleted it successfully. you may have it as well. Follow these
instructions to see if you have it. It transfers to whomever is in your
address book. It lies dormant for 14 days, then kills your hard drive. If
you've got it send these instructions to everyone in you address book.
Otherwise, it may be sent back to you by somebody else.
1. go to start-then to "find or search" 2. in the "search for files or
folders" type in sulfnbk.exe - this is the name of the virus. 3. in the
"look in" make sure you're searching drive C
4. hit "search" button ))or find_
5. if this file shows up (it's an ugly blackish icon that will have the name
sulfnbk.exe) DON'T OPEN IT
6. right click on the file - go down to delete and left click
7. It will ask if you want to send it to the recycle bin - yes
8. go to your desktop (where all your icons are) and double-click on the
recycle bin
9. right click on sulfnbk.exe and delete again or just empty the recycle bin
IF YOU FIND THIS.....SEND IT TO EVERYONE IN YOUR ADDRESS BOOK, BECAUSE
THAT'S HOW IT IS TRANSFERRED.
Version 2
Dear
So-and-so:
Do you believe that a friend of mine sent me an alert and the procedure that
we have to follow for the possible infection of SULFNBK.EXE. And I had
checked, just to make sure. An then... the file was there, hidden even of
McAfee and Norton, maybe waiting something to start work.
Well, see bellow the procedure that I followed step by step, and I found the
file:
1. Start/Find Folders. Type the file name: SULFNBK.EXE
2. If it find, open Windows Explorer, browse into the folder where the file
is and delete it. Do not click with left button on the file and do not open
it.
3. Just delete it
4. Mine was on Windows/Command
5. The virus from the person who gave the alert was on Windows/Config
Yes, Norton and McAfee do not detect it.
We do not know if it makes some damage on the machine, but I think that
anybody will not want to test it to know, will it?
Folks, this is not fun, I deleted it from my computer.
And my definitions are updated.
Do the same, ok?
How to restore the Sulfnbk.exe
file
If you have deleted this file, restoration is optional. Sulfnbk.exe is a
Microsoft Windows utility that is used to restore long file names. It is not
needed for normal system operation. If you want to restore it, there is more
than one way to do this. See the information that follows.
NOTE: The instructions in this document are provided for your
convenience. The extraction of Windows files uses Microsoft programs and
commands. Symantec does not provide warranty support for or assistance with
Microsoft products. If you have any questions, please see your Windows
documentation or contact Microsoft.
Windows Me
If you are using Windows Me, you can restore the file using the System
Configuration Utility.
1. Click Start and then click Run.
2. Type msconfig and then press Enter.
3. Click Extract Files. The "Extract one file from installation disk"
dialog box appears.
4. In the "Specify the system file you would like to restore" box, type
the following, and then click Start:
c:\windows\command\sulfnbk.exe
NOTE: If you installed Windows to a different location, make the
appropriate substitution.
The Extract File dialog box appears.
5. Next to the "Restore from" box, click Browse, and browse to the
location of the Windows installation files. If they were copied to the
hard drive, this is, by default, C:\Windows\Options\Install. You can also
insert the Windows installation CD in the CD-ROM drive and browse to that
location.
6. Click OK and follow the prompts.
Windows 98
If you are using Windows 98, you can restore the file using the System File
Checker.
1. Click Start and then click Run.
2. Type sfc and then press Enter.
3. Click "Extract one file from installation disk."
4. In the "Specify the system file you would like to restore" box, type
the following, and then click Start:
c:\windows\command\sulfnbk.exe
NOTE: If you installed Windows to a different location, make the
appropriate substitution.
The Extract File dialog box appears.
5. Next to the "Restore from" box click Browse, and browse to the location
of the Windows installation files. If they were copied to the hard drive,
this is, by default, C:\Windows\Options\Cabs. You can also insert the
Windows installation CD in the CD-ROM drive and browse to that location.
6. Click OK and follow the prompts.
Windows 95 (or alternative method for Windows 98/Me)
If you are using Windows 95, you need to use the extract command. This can
also be used on Windows 98/Me.
1. Click Start, point to Find or Search, and then click Files or
Folders.
2. Make sure that "Look in" is set to (C:) and that Include subfolders is
checked.
3. In the "Named" or "Search for..." box, type:
precopy1
4. Click Find Now or Search Now. If it does not exist on the hard drive,
then insert the Windows installation CD and repeat the search on that
drive.
5. When you find the file, write down the location of Precopy1, for
example, C:\Windows\Options\Cabs. This is your Source Path.
6. The general form of the Extract command is:
NOTE: Make sure that you include the /a switch, as shown.
Depending on your version of Windows, the Sulfnbk,exe file can be in a
.cab file other than Precopy1.cab. By using the /a switch, the Extract
program will look first in the Precopy1.cab, and if the file is not found
there, it will look in all subsequent .cab files until it is found, and
can be extracted.
So if the source path is C:\Windows\Options\Cabs, then the Extract command
becomes:
Researched by Pacific Web Sites. All information on
this page is believed to be true, however, Pacific Web Sites can not assume
any liability for its accuracy and will not be liable for any suffering
caused by its contents.
