A trusted mate tells me that a virus that hides on your hard drive, remains dormant and will payload in effectively 12 days time. I searched my hard drive and found 'sulfnbk.exe' which is the virus. It had got through my constantly updated protection. You techies will know more than I (ex-hw!). I found the virus by using simple file search then it is simply a case of deleting the thing. It's icon looks like a horrible black splot and if i'm informed right under no circumstances must it be opened. If you find it, i'm told that all persons in your address book will also have to clear it out.
Has anyone else heard of it?
Share This Page:
Possible nasty virus
-
Rotary Booty
- Member
- Posts: 1772
- Joined: Sun 06 Jan, 2002 12:00 am
- Location: Pudsey, Leeds, West Yorkshire
Hi guys, i found this on the symantec site and thought it might allay your concerns as it's from the horses mouth.
© 1995-2001 Symantec Corporation.
All rights reserved.
Legal Notices
Privacy Policy
SULFNBK.EXE Warning
Reported on: April 17, 2001
Last Updated on: December 26, 2001 at 10:45:22 AM PST
Symantec Security Response encourages you to ignore any messages regarding this hoax. It is harmless and is intended only to cause unwarranted concern.
Type: Hoax
Description:
The following hoax email was first reported in Brazil, and the original email was in Portuguese. Other language versions are in circulation. Currently, the English language versions are most common.
CAUTIONS:
This particular email message is a hoax. The file that is mentioned in the hoax, however, Sulfnbk.exe, is a Microsoft Windows 95/98/Me utility that is used to restore long file names, and like any .exe file, it can be infected by a virus that targets .exe files.
NOTE: The Sulfnbk.exe file is not required to run Windows. It may be necessary if you need to restore long file names if the file names become corrupted. For additional information, read the Microsoft Knowledge Base article Description of Sulfnbk.exe and How to Replace the Program File (Q301316)
The virus/worm W32.Magistr.24876@mm can arrive as an attachment named Sulfnbk.exe. The Sulfnbk.exe file used by Windows is located by default in the C:WindowsCommand folder.
NOTE: The C:WindowsCommand folder is the usual default location for this file. It is possible that if you have a custom installation, or a special configuration that was installed by the computer manufacturer, the file could be in a different location.
If the file is located in any other folder (except as noted), or arrives as an attachment to a email message, then it is possible that the file is infected. In this case, if a scan with the latest virus definitions and with NAV set to scan all files does not detect the file as being infected, quarantine and submit the file to SARC for analysis by following the instructions in the document How to submit a file to SARC using Scan and Deliver.
If you have deleted the Sulfnbk.exe file from the C:WindowsCommand folder and want to know how to restore the file, see the How to restore the Sulfnbk.exe file section at the end of this document.
The warning comes in a series of stark and doom laden warnings, but if you did delete it and want it back, see below
How to restore the Sulfnbk.exe file
If you have deleted this file, restoration is optional. Sulfnbk.exe is a Microsoft Windows utility that is used to restore long file names. It is not needed for normal system operation. If you want to restore it, there is more than one way to do this. See the information that follows.
NOTES:
The C:WindowsCommand folder is the usual default location for this file. It is possible that if you have a custom installation, or a special configuration that was installed by the computer manufacturer, the file could be in a different location.
The Sulfnbk.exe file is not required to run Windows. It may be necessary if you need to restore long file names if the file names become corrupted. For additional information, read the Microsoft Knowledge Base article Description of Sulfnbk.exe and How to Replace the Program File (Q301316)
The instructions in this document are provided for your convenience. The extraction of Windows files uses Microsoft programs and commands. Symantec does not provide warranty support for or assistance with Microsoft products. If you have any questions, please see your Windows documentation or contact Microsoft.
Windows Me
If you are using Windows Me, you can restore the file using the System Configuration Utility.
1. Click Start and then click Run.
2. Type msconfig and then press Enter.
3. Click Extract Files. The "Extract one file from installation disk" dialog box appears.
4. In the "Specify the system file you would like to restore" box, type the following, and then click Start:
c:windowscommandsulfnbk.exe
NOTE: If you installed Windows to a different location, make the appropriate substitution.
The Extract File dialog box appears.
5. Next to the "Restore from" box, click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:WindowsOptionsInstall. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.
6. Click OK and follow the prompts.
Windows 98
If you are using Windows 98, you can restore the file using the System File Checker.
1. Click Start and then click Run.
2. Type sfc and then press Enter.
3. Click "Extract one file from installation disk."
4. In the "Specify the system file you would like to restore" box, type the following, and then click Start:
c:windowscommandsulfnbk.exe
NOTE: If you installed Windows to a different location, make the appropriate substitution.
The Extract File dialog box appears.
5. Next to the "Restore from" box click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:WindowsOptionsCabs. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.
6. Click OK and follow the prompts.
Windows 95 (or alternative method for Windows 98/Me)
If you are using Windows 95, you need to use the extract command. This can also be used on Windows 98/Me.
1. Click Start, point to Find or Search, and then click Files or Folders.
2. Make sure that "Look in" is set to (C:) and that Include subfolders is checked.
3. In the "Named" or "Search for..." box, type:
precopy1
4. Click Find Now or Search Now. If it does not exist on the hard drive, then insert the Windows installation CD and repeat the search on that drive.
5. When you find the file, write down the location of Precopy1, for example, C:WindowsOptionsCabs. This is your Source Path.
6. The general form of the Extract command is:
extract /a <Source Path>precopy1.cab sulfnbk.exe /L c:windowscommand
NOTE: Make sure that you include the /a switch, as shown. Depending on your version of Windows, the Sulfnbk,exe file can be in a .cab file other than Precopy1.cab. By using the /a switch, the Extract program will look first in the Precopy1.cab, and if the file is not found there, it will look in all subsequent .cab files until it is found, and can be extracted.
So if the source path is C:WindowsOptionsCabs, then the Extract command becomes:
extract /a c:windowsoptionscabsprecopy1.cab sulfnbk.exe /L c:windowscommand
NOTE: If you installed Windows to a different location, make the appropriate substitution.
7. Click Start and then click Run.
8. Type the following, making the appropriate substitutions as previously noted
extract /a <Source Path>precopy1.cab sulfnbk.exe /L c:windowscommand
9. Click OK.
For more information on how to use the Microsoft Extract command, see the Microsoft Knowledge Base document, How to Extract Original Compressed Windows Files, Article ID: Q129605
Write-up by: Patrick Martin
<font size=-1>[ This Message was edited by: campbell on 2002-01-19 19:10 ]</font>
© 1995-2001 Symantec Corporation.
All rights reserved.
Legal Notices
Privacy Policy
SULFNBK.EXE Warning
Reported on: April 17, 2001
Last Updated on: December 26, 2001 at 10:45:22 AM PST
Symantec Security Response encourages you to ignore any messages regarding this hoax. It is harmless and is intended only to cause unwarranted concern.
Type: Hoax
Description:
The following hoax email was first reported in Brazil, and the original email was in Portuguese. Other language versions are in circulation. Currently, the English language versions are most common.
CAUTIONS:
This particular email message is a hoax. The file that is mentioned in the hoax, however, Sulfnbk.exe, is a Microsoft Windows 95/98/Me utility that is used to restore long file names, and like any .exe file, it can be infected by a virus that targets .exe files.
NOTE: The Sulfnbk.exe file is not required to run Windows. It may be necessary if you need to restore long file names if the file names become corrupted. For additional information, read the Microsoft Knowledge Base article Description of Sulfnbk.exe and How to Replace the Program File (Q301316)
The virus/worm W32.Magistr.24876@mm can arrive as an attachment named Sulfnbk.exe. The Sulfnbk.exe file used by Windows is located by default in the C:WindowsCommand folder.
NOTE: The C:WindowsCommand folder is the usual default location for this file. It is possible that if you have a custom installation, or a special configuration that was installed by the computer manufacturer, the file could be in a different location.
If the file is located in any other folder (except as noted), or arrives as an attachment to a email message, then it is possible that the file is infected. In this case, if a scan with the latest virus definitions and with NAV set to scan all files does not detect the file as being infected, quarantine and submit the file to SARC for analysis by following the instructions in the document How to submit a file to SARC using Scan and Deliver.
If you have deleted the Sulfnbk.exe file from the C:WindowsCommand folder and want to know how to restore the file, see the How to restore the Sulfnbk.exe file section at the end of this document.
The warning comes in a series of stark and doom laden warnings, but if you did delete it and want it back, see below
How to restore the Sulfnbk.exe file
If you have deleted this file, restoration is optional. Sulfnbk.exe is a Microsoft Windows utility that is used to restore long file names. It is not needed for normal system operation. If you want to restore it, there is more than one way to do this. See the information that follows.
NOTES:
The C:WindowsCommand folder is the usual default location for this file. It is possible that if you have a custom installation, or a special configuration that was installed by the computer manufacturer, the file could be in a different location.
The Sulfnbk.exe file is not required to run Windows. It may be necessary if you need to restore long file names if the file names become corrupted. For additional information, read the Microsoft Knowledge Base article Description of Sulfnbk.exe and How to Replace the Program File (Q301316)
The instructions in this document are provided for your convenience. The extraction of Windows files uses Microsoft programs and commands. Symantec does not provide warranty support for or assistance with Microsoft products. If you have any questions, please see your Windows documentation or contact Microsoft.
Windows Me
If you are using Windows Me, you can restore the file using the System Configuration Utility.
1. Click Start and then click Run.
2. Type msconfig and then press Enter.
3. Click Extract Files. The "Extract one file from installation disk" dialog box appears.
4. In the "Specify the system file you would like to restore" box, type the following, and then click Start:
c:windowscommandsulfnbk.exe
NOTE: If you installed Windows to a different location, make the appropriate substitution.
The Extract File dialog box appears.
5. Next to the "Restore from" box, click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:WindowsOptionsInstall. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.
6. Click OK and follow the prompts.
Windows 98
If you are using Windows 98, you can restore the file using the System File Checker.
1. Click Start and then click Run.
2. Type sfc and then press Enter.
3. Click "Extract one file from installation disk."
4. In the "Specify the system file you would like to restore" box, type the following, and then click Start:
c:windowscommandsulfnbk.exe
NOTE: If you installed Windows to a different location, make the appropriate substitution.
The Extract File dialog box appears.
5. Next to the "Restore from" box click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:WindowsOptionsCabs. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.
6. Click OK and follow the prompts.
Windows 95 (or alternative method for Windows 98/Me)
If you are using Windows 95, you need to use the extract command. This can also be used on Windows 98/Me.
1. Click Start, point to Find or Search, and then click Files or Folders.
2. Make sure that "Look in" is set to (C:) and that Include subfolders is checked.
3. In the "Named" or "Search for..." box, type:
precopy1
4. Click Find Now or Search Now. If it does not exist on the hard drive, then insert the Windows installation CD and repeat the search on that drive.
5. When you find the file, write down the location of Precopy1, for example, C:WindowsOptionsCabs. This is your Source Path.
6. The general form of the Extract command is:
extract /a <Source Path>precopy1.cab sulfnbk.exe /L c:windowscommand
NOTE: Make sure that you include the /a switch, as shown. Depending on your version of Windows, the Sulfnbk,exe file can be in a .cab file other than Precopy1.cab. By using the /a switch, the Extract program will look first in the Precopy1.cab, and if the file is not found there, it will look in all subsequent .cab files until it is found, and can be extracted.
So if the source path is C:WindowsOptionsCabs, then the Extract command becomes:
extract /a c:windowsoptionscabsprecopy1.cab sulfnbk.exe /L c:windowscommand
NOTE: If you installed Windows to a different location, make the appropriate substitution.
7. Click Start and then click Run.
8. Type the following, making the appropriate substitutions as previously noted
extract /a <Source Path>precopy1.cab sulfnbk.exe /L c:windowscommand
9. Click OK.
For more information on how to use the Microsoft Extract command, see the Microsoft Knowledge Base document, How to Extract Original Compressed Windows Files, Article ID: Q129605
Write-up by: Patrick Martin
<font size=-1>[ This Message was edited by: campbell on 2002-01-19 19:10 ]</font>
