This is a hoax. For more info, plus how to restore the file if you fell for
it:
[http://www.symantec.com/avcenter/venc/data/sulfnbk.exe.warning.html]
Reported on: April 17, 2001
Last Updated on: December 13, 2001 at 04:37:44 PM PST
Symantec Security Response encourages you to ignore
any messages regarding this hoax. It is
harmless and is intended only to cause unwarranted
concern.
Type: Hoax
Description:
The following hoax email was first reported in Brazil.
The original email is in Portuguese; it is followed
by several other versions.
CAUTIONS:
This particular email message is a hoax. The file
that is mentioned in the hoax, however,
Sulfnbk.exe, is a Microsoft Windows utility that
is used to restore long file names, and like
any .exe file, it can be infected by a virus that
targets .exe files.
The virus/worm W32.Magistr.24876@mm can arrive as
an attachment named Sulfnbk.exe.
The Sulfnbk.exe file used by Windows is located
in the C:\Windows\Command folder. If the file
is located in any other folder, or arrives as an
attachment to a email message, then it is
possible that the file is infected. In this case,
if a scan with the latest virus definitions and with
NAV set to scan all files does not detect the
file as being infected, quarantine and submit the
file to SARC for analysis by following the
instructions in the document How to submit a file to
SARC using Scan and Deliver.
If you have deleted the Sulfnbk.exe file from the
C:\Windows\Command folder and want to
know how to restore the file, see the How to
restore the Sulfnbk.exe file section at the end
of this document.
Original Portuguese version
Vocês acreditam que uma amiga da lista enviou um
alerta e os procedimentos que deveriam ser
tomados para a possível detecção do maledeto
SULFNBK.EXE. e eu fui conferir só por desencargo
de consciência. Pois é...O bichinho tava lá,
escondidinho até da McAfee e do Norton, talvez
esperando algum gatilho prá começar a trabalhar, né?
Aí vão, moçada, as orientações que eu segui à risca e
que me levaram ao tal coisinha ruím:
1 - Iniciar/Localizar Pastas. Digite o nome do
"mardito": SULFNBK.EXE
2 - Se for encontrado, abra o Windows Explorer, vá até
a pasta onde ele se encontra alojado e
delete-o de lá ou do próprio ambiente do Localizar; -
Não click com o botão esquerdo sobre ele e não
abra o arquivo nem em caso de incêndio, ok?
3 - Apenas delete o bichinho.
4 - O meu estava em Windows/Command.
5 - O vírus da pessoa que passou o aviso estava em
Windows/Config.
Sim, o Norton e nem o McAfee não detectou.
Não sabemos se ele faz algum estrago na máquina, mas
acho que ninguém aqui vai querer testar
para saber, né?
Gente, sem brincadeiras, já tirei o meu daqui....
E nem imaginava que tivesse hóspedes no PC.
Minha vacina está super-atualizada!!!
Façam o mesmo, ok?
Danish version
Virusen er programmeret til at aktivere sig på et
senere tidspunkt, derfor vil den ikke blive opdaget af
et standard virusbeskyttende program, såsom Mcafee
eller Norton. Ingen ved, hvor længe den har
været i omløb - muligvis i flere måneder. Når den
aktiverer sig vil den slette alle filer og dokumenter på
jeres harddisk. Den spreder sig via e-mail og placerer
sig i C.WINDOWS/COMMAND.
For at finde den og slette den skal I gøre følgende:
1. Klik på start
2. Vælg Søg efter
3. Vælg filer eller mapper
4. Gå til Søg alle filer og vælg lokale hardiske - i
de fleste
tilfælde er det C:.
5. I feltet Navn skrives SULFNBK.EXE
6. Hvis filen findes, marker den, men ÅBN DEN IKKE
!!!!!!!!!
7. Højreklik på filen og vælg SLET
8. Luk dialogboksen Søg alle filer
9. Tøm papirkurven
Så er I smittefri og computeren reddet. Den dårlige
nyhed er, at man muligvis har smittet alle, som
man har sendt mail til i mange måneder.
Derfor bør man kontakte alle personer i ens
adressekartotek og straks sende dem denne
meddelelse.
Og det har jeg også gjort
PS.: Og jeg havde altså også denne luskede virus
Dutch
"het is mogelijk dat je computer besmet is met een
virus dat erop geprogrammeerd is om actief te
worden gemaakt. door de "activeer vertraging" die er
in gebouwd zit , wordt het niet ontdekt door o.a.
mcafee en norton .
niemand weet hoe lang het virus al circuleert.
mogelijk al enkele maanden. als het virus geactiveerd
wordt, verwijdert het alle bestanden en
mappen van de harde schijf.
het virus verbreidt zich via e-mail en infiltreert het
dossier
"c:/windows/command".
er zal dus "grote schoonmaak" moeten worden uitgevoerd
indien je het virus detecteerd op je
computer en op de computers van diegenen waarmee je
de laatste tijd per e-mail in contact hebt gestaan,
anders blijft het een eeuwig durende cirkel.
om het te vinden en te verwijderen:
- klik op start
- vervolgens op zoeken
- kies bestanden of mappen
- ga naar zoeken en kies lokale vaste schijven of "c"
- typ op de regel "naam" : SULFNBK.EXE
- als het bestand wordt gevonden selecteer het, doch
open het niet
- klik op bewerken
- vervolgens op alles selecteren
- klik op bestand
- vervolgens op verwijderen.
- sluit het venster en leeg de prullebak.
na deze operatie zit je in principe goed. maar je hebt
waarschijnlijk zelf mensen besmet aan wie je
e-mails hebt verzonden. mocht je dus het virus hebben
waarschuw ze dan , zodat ook zij hun
schijven kunnen opschonen." ]
English versions
Version 1
Do you believe that a friend of mine sent me an alert
and the procedure that we have to follow for the
possible infection of SULFNBK.EXE. And I had checked,
just to make sure. An then... the file was
there, hidden even of McAfee and Norton, maybe waiting
something to start work.
Well, see bellow the procedure that I followed step by
step, and I found the file:
1. Start/Find Folders. Type the file name: SULFNBK.EXE
2. If it find, open Windows Explorer, browse into the
folder where the file is and delete it. Do not click
with left button on the file and do not open it.
3. Just delete it
4. Mine was on Windows/Command
5. The virus from the person who gave the alert was on
Windows/Config
Yes, Norton and McAfee do not detect it.
We do not know if it makes some damage on the machine,
but I think that anybody will not want to
test it to know, will it?
Folks, this is not fun, I deleted it from my computer.
And my definitions are updated.
Do the same, ok?
Version 2
This one has additional text stating that the virus
will activate on June 1st.
It was brought to my attention yesterday that a virus
is in circulation via email. I looked for it and to
my surprise I found it on mine. ..
Please follow the directions and remove it from yours
TODAY!!!!!!!
No Virus software can detect it. It will become
active on June 1, 2001.
It might be too late by then. It wipes out all files
and folders on
the hard drive. This virus travels thru E-mail and
migrates to the
'C:\windows\command' folder.
The bad part is: You need to contact everyone you have
sent ANY
E-mail to in the past few months. Many major companies
have found this virus on
their computers. Please help your friends !!!!!!!!
DO NOT RELY ON YOUR ANTI-VIRUS SOFTWARE. McAFEE and
NORTON CANNOT
DETECT IT BECAUSE IT DOES NOT BECOME A VIRUS UNTIL
JUNE 1ST.
WHATEVER YOU DO, DO NOT OPEN THE FILE!!!
French
Bonjour à tous, Hello everyone!
Ceci est une alerte au VIRUS assez sérieuse.
This is a serious VIRUS alert.
Comme je vous ai envoyé des courriels dans les 3
derniers mois, je
vous
invite à vérifier s'il n'y aurait pas un dossier
intitulé
SULFNBK.EXE
quelques part dans votre ordinateur.
Since I have emailed you in the last couple of month I
invite you to
read
the following text carefully. Please note that,
against all odds, I
had it
exactly where it was mentionned it would be...
Prenez note que ce VIRUS ( SULFNBK.EXE )est
indétectable et qu'il
doit être
activé le 1er JUIN donc, vérifier immédiatement, Ne
l'ouvrez PAS et
jetter
le directement à la poubelle; VIDER LA POUBELLE PAR LA
SUITE.
How to restore the Sulfnbk.exe file
If you have deleted this file, restoration is
optional. Sulfnbk.exe is a Microsoft Windows utility that is
used to restore long file names. It is not needed for
normal system operation. If you want to restore it,
there is more than one way to do this. See the
information that follows.
NOTE: The instructions in this document are provided
for your convenience. The extraction of
Windows files uses Microsoft programs and commands.
Symantec does not provide warranty
support for or assistance with Microsoft products. If
you have any questions, please see your
Windows documentation or contact Microsoft.
Windows Me
If you are using Windows Me, you can restore the file
using the System Configuration Utility.
1. Click Start and then click Run.
2. Type msconfig and then press Enter.
3. Click Extract Files. The "Extract one file
from installation disk" dialog box appears.
4. In the "Specify the system file you would like
to restore" box, type the following, and then
click Start:
c:\windows\command\sulfnbk.exe
NOTE: If you installed Windows to a different
location, make the appropriate substitution.
The Extract File dialog box appears.
5. Next to the "Restore from" box, click Browse,
and browse to the location of the Windows
installation files. If they were copied to the
hard drive, this is, by default,
C:\Windows\Options\Install. You can also insert
the Windows installation CD in the CD-ROM
drive and browse to that location.
6. Click OK and follow the prompts.
Windows 98
If you are using Windows 98, you can restore the file
using the System File Checker.
1. Click Start and then click Run.
2. Type sfc and then press Enter.
3. Click "Extract one file from installation
disk."
4. In the "Specify the system file you would like
to restore" box, type the following, and then
click Start:
c:\windows\command\sulfnbk.exe
NOTE: If you installed Windows to a different
location, make the appropriate substitution.
The Extract File dialog box appears.
5. Next to the "Restore from" box click Browse,
and browse to the location of the Windows
installation files. If they were copied to the
hard drive, this is, by default,
C:\Windows\Options\Cabs. You can also insert the
Windows installation CD in the CD-ROM
drive and browse to that location.
6. Click OK and follow the prompts.
Windows 95 (or alternative method for Windows 98/Me)
If you are using Windows 95, you need to use the
extract command. This can also be used on
Windows 98/Me.
1. Click Start, point to Find or Search, and then
click Files or Folders.
2. Make sure that "Look in" is set to (C:) and
that Include subfolders is checked.
3. In the "Named" or "Search for..." box, type:
precopy1
4. Click Find Now or Search Now. If it does not
exist on the hard drive, then insert the
Windows installation CD and repeat the search on
that drive.
5. When you find the file, write down the
location of Precopy1, for example,
C:\Windows\Options\Cabs. This is your Source
Path.
6. The general form of the Extract command is:
extract <Source Path>\precopy1.cab sulfnbk.exe /L
c:\windows\command
So if the source path is C:\Windows\Options\Cabs,
then the Extract command becomes:
extract c:\windows\options\cabs\precopy1.cab
sulfnbk.exe /L c:\windows\command
NOTE: If you installed Windows to a different
location, make the appropriate substitution.
7. Click Start and then click Run.
8. Type the following, making the appropriate
substitutions as previously noted
extract <Source Path>\precopy1.cab sulfnbk.exe /L
c:\windows\command
9. Click OK.
For more information on how to use the Microsoft
Extract command, see the Microsoft Knowledge
Base document, How to Extract Original Compressed
Windows Files, Article ID: Q129605
Write-up by: Patrick Martin
|
