********* SULFNBK.EXE -------HOAX according to Norton Anti-Virus, click on
link to read about it *********
This particular email message is a hoax. The file that is mentioned in the
hoax, however, Sulfnbk.exe, is a Microsoft Windows utility that is used to
restore long file names, and like any .exe file, it can be infected by a
virus that targets .exe files.
The virus/worm W32.Magistr.24876@mm can arrive as an attachment named
Sulfnbk.exe. The Sulfnbk.exe file used by Windows is located in the
C:\Windows\Command folder. If the file is located in any other folder, or
arrives as an attachment to a email message, then it is possible that the
file is infected. In this case, if a scan with the latest virus definitions
and with NAV set to scan all files does not detect the file as being
infected, quarantine and submit the file to SARC for analysis by following
the instructions in the document How to submit a file to SARC using Scan and
If you have deleted the Sulfnbk.exe file from the C:\Windows\Command folder
and want to know how to restore the file, you should contact your computer
manufacturer or Microsoft for assistance. As an alternative, If you are
running Windows 98 or Windows Me, see the document How to extract files in
Safe Mode under Windows 98 or Windows Millennium.
NOTE: The instructions in this document are provided for your convenience.
The extraction of Windows files uses Microsoft programs and commands.
Symantec does not provide warranty support for or assistance with Microsoft
A new version of this hoax has additional text stating the virus will
activate on June 1st:
It was brought to my attention yesterday that a virus is in circulation via
email. I looked for it and to my surprise I found it on mine. ..
Please follow the directions and remove it from yours TODAY!!!!!!!
No Virus software can detect it. It will become active on June 1, 2001.
It might be too late by then. It wipes out all files and folders on
the hard drive. This virus travels thru E-mail and migrates to the
The bad part is: You need to contact everyone you have sent ANY
E-mail to in the past few months. Many major companies have found this virus
their computers. Please help your friends !!!!!!!!
DO NOT RELY ON YOUR ANTI-VIRUS SOFTWARE. McAFEE and NORTON CANNOT
DETECT IT BECAUSE IT DOES NOT BECOME A VIRUS UNTIL JUNE 1ST.
WHATEVER YOU DO, DO NOT OPEN THE FILE!!!
Please ignore any messages regarding this hoax and do not pass on messages.
Passing on messages about the hoax only serves to further propagate it.
McAFee says HOAX
AVERT HOAX Notice!!
McAfee AVERT Labs would like to inform you of a new email HOAX.
This email message is just a HOAX. Although, the SULFNBK.EXE file may become
infected by a number of valid viruses, the details of this message are not
based on actual events.
We are advising users who receive the email to delete it and DO NOT pass it
on as this is how an email HOAX propagates.
Williston "Bill" L. Warren, IV - S.E.
Structural Engineering SOLutions
Newport Beach, California
----- Original Message -----
From: Charles Greenlaw <cgreenlaw(--nospam--at)speedlink.com>
To: Lee Adler <lee(--nospam--at)seaoc.org>
Cc: <jgs(--nospam--at)eqe.com>; <bill4w(--nospam--at)sesol.com>; <blcochran(--nospam--at)aol.com>; <rawn1(--nospam--at)gte.net>;
<sperlof(--nospam--at)earthlink.net>; <jack.bruce(--nospam--at)dgs.ca.gov>; <mmorden(--nospam--at)bjase.com>;
<rlhess(--nospam--at)hesseng.com>; <dnovak(--nospam--at)aslce.com>; <hblla(--nospam--at)earthlink.net>;
<johnmartin(--nospam--at)johnmartin.com>; <ephhirsch(--nospam--at)aol.com>; <earl424563(--nospam--at)aol.com>;
<femcclure(--nospam--at)aol.com>; <messinger(--nospam--at)aol.com>; <cambianco(--nospam--at)msn.com>;
Sent: Wednesday, May 30, 2001 07:57
Subject: Urgent virus alert
> You have received e-mail from me in recent weeks, and may be at risk from
> virus that reportedly spreads unnoticed by e-mail.
> An e-mail correspondent of mine just sent me a warning from a colleague of
> his that there is a destructive, ".exe" file -type virus they have spread
> one another via e-mail. I was advised to see if the file was in my rig,
> given instructions on how to delete it if it was there.
> Like Chicken Little, I did check; IT WAS THERE, and I followed what the
> instructions said to delete it. It had an icon that looked like Chinese
> writing. It may be in your rig, too.
> Below is the message that came in, stripped to its essence. It suggests
> this has been circulation for several months. I don't know if it affects
> Mac users. I don't even have a second source of info on this. But one
> I notified earlier has reported back the presence of the subject .exe
> If it is there, and if the claims about it are true, it needs to be
> per instructions at once, as it reportedly activates on June 1.
> Charles Greenlaw SE
> [copied-in alert:]
> Subject: VIRUS - I had this one & probably sent it to you.
> I just got this from a friend and I found this in my computer! Please
> follow the instructions below ... sorry for passing it on to you!
> URGENT. A VIRUS could be in your computer files now, dormant but
> will become active on June 1. No Virus
> software can detect it. It will become active on June 1, 2001. It might
> too late by then. It wipes out all files and folders on the hard drive.
> virus travels thru E-mail and migrates to the 'C:\windows\command' folder.
> FOLLOW DIRECTIONS BELOW TO CHECK
> IF YOU HAVE IT AND TO REMOVE IT NOW.
> To find it and get rid of it off of your computer, do the following. Go to
> the "START" button.
> Go to "FIND" or "SEARCH"
> Go to "FILES & FOLDERS"
> Make sure the find box is searching the "C:" drive.
> Type in; SULFNBK.EXE
> Begin search.
> If it finds it, highlight it.
> Go to 'File' and delete it.
> Close the find Dialog box
> Open the Recycle Bin
> Find the file and delete it from the Recycle bin
> You should be safe.
> The bad part is: You need to contact everyone you have
> sent ANY E-mail to in the past few months. Many major companies have found
> this virus on their computers.
* This email was sent to you via Structural Engineers
* Association of Southern California (SEAOSC) server. To
* subscribe (no fee) or UnSubscribe, please go to:
* Questions to seaint-ad(--nospam--at)seaint.org. Remember, any email you
* send to the list is public domain and may be re-posted
* without your permission. Make sure you visit our web
* site at: http://www.seaint.org