|Reported on: April 17,
|Last Updated on: May 29, 2001 at
06:22:42 AM PDT|
The following hoax email has been reported in Brazil. The original
email is in Portuguese; it is followed by an English translation.
- This particular email message is a hoax. The file that is mentioned
in the hoax, however, Sulfnbk.exe, is a Microsoft Windows utility that
is used to restore long file names, and like any .exe file, it can be
infected by a virus that targets .exe files.
- The virus/worm W32.Magistr.24876@mm can arrive as an
attachment named Sulfnbk.exe. The Sulfnbk.exe file used by Windows is
located in the C:\Windows\Command folder. If the file is located in any
other folder, or arrives as an attachment to a email message, then it is
possible that the file is infected. In this case, if a scan with the
latest virus definitions and with NAV set to scan all files does not
detect the file as being infected, quarantine and submit the file to
SARC for analysis by following the instructions in the document How to submit a file to SARC using Scan and
- If you have deleted the Sulfnbk.exe file from the C:\Windows\Command
folder and want to know how to restore the file, you should contact your
computer manufacturer or Microsoft for assistance. As an alternative, If
you are running Windows 98 or Windows Me, see the document How to extract files in Safe Mode under Windows 98 or
NOTE: The instructions in this document are provided for
your convenience. The extraction of Windows files uses Microsoft
programs and commands. Symantec does not provide warranty support for
or assistance with Microsoft products.
Original Portuguese version:
Vocês acreditam que uma
amiga da lista enviou um alerta e os procedimentos que deveriam ser
tomados para a possível detecção do maledeto SULFNBK.EXE. e eu fui
conferir só por desencargo de consciência. Pois é...O bichinho tava lá,
escondidinho até da McAfee e do Norton, talvez esperando algum gatilho prá
começar a trabalhar, né?
Aí vão, moçada, as orientações que eu segui à
risca e que me levaram ao tal coisinha ruím:
Iniciar/Localizar Pastas. Digite o nome do "mardito": SULFNBK.EXE
Se for encontrado, abra o Windows Explorer, vá até a pasta onde ele se
encontra alojado e delete-o de lá ou do próprio ambiente do Localizar; -
Não click com o botão esquerdo sobre ele e não abra o arquivo nem em caso
de incêndio, ok?
3 - Apenas delete o bichinho.
4 - O meu estava em
5 - O vírus da pessoa que passou o aviso estava em
Sim, o Norton e nem o McAfee não detectou.
sabemos se ele faz algum estrago na máquina, mas acho que ninguém aqui vai
querer testar para saber, né?
Gente, sem brincadeiras, já tirei o meu
E nem imaginava que tivesse hóspedes no PC.
Façam o mesmo, ok?
Do you believe that a friend of mine sent me
an alert and the procedure that we have to follow for the possible
infection of SULFNBK.EXE. And I had checked, just to make sure. An then...
the file was there, hidden even of McAfee and Norton, maybe waiting
something to start work.
Well, see bellow the procedure that I followed
step by step, and I found the file:
1. Start/Find Folders. Type the
file name: SULFNBK.EXE
2. If it find, open Windows Explorer, browse
into the folder where the file is and delete it. Do not click with left
button on the file and do not open it.
3. Just delete it
4. Mine was
5. The virus from the person who gave the alert was
Yes, Norton and McAfee do not detect it.
not know if it makes some damage on the machine, but I think that anybody
will not want to test it to know, will it?
Folks, this is not fun, I
deleted it from my computer.
And my definitions are updated.
A new version of this hoax has additional text stating
the virus will activate on June 1st:
It was brought to my
attention yesterday that a virus is
in circulation via email. I looked for it and to my
surprise I found it on mine. ..
Please follow the directions and
remove it from yours TODAY!!!!!!!
No Virus software can detect
it. It will become active on June 1, 2001.
It might be
too late by then. It wipes out all files and folders
the hard drive. This virus travels thru E-mail and
migrates to the
part is: You need to contact everyone you have sent
E-mail to in the past few months. Many major
companies have found this virus on
their computers. Please help
your friends !!!!!!!!
DO NOT RELY ON YOUR ANTI-VIRUS SOFTWARE.
McAFEE and NORTON CANNOT
DETECT IT BECAUSE IT DOES NOT BECOME A VIRUS
UNTIL JUNE 1ST.
WHATEVER YOU DO, DO NOT OPEN THE FILE!!!
ignore any messages regarding this hoax and do not pass on messages.
Passing on messages about the hoax only serves to further propagate
Write-up by: Patrick Martin