Print

Print
Sophos hoaxes & scares description: SULFNBK
 
Sophos Anti-VirusSophos TrainingWhat the press sayWhat customers sayRequest further infoHow to buyProducts & updatesLatest virus identitiesBeta productsResearchSupport newsFAQsDocumentationSubmit support queryVirus analysesHoaxes & scaresViruses explainedArticlesWhite papersTop ten virusesEmail notificationsVirus info feedCompany profileContacting SophosSophos newsOur customersCareersPress contactsPress releasesPress resourcesImage galleryFind a partnerBecome a partnerPartners websiteSecurity partners
Sophos
+[Product info]
+[Downloads]
+[Support]
+[Virus info]
+[Company info]
+[Press office]
+[Partners]
 Virus info[Home][Search][Contact us]
Home Virus info Hoaxes & scares

SULFNBK

Aliases
FNBK
Type
Virus hoax
Description

SULFNBK.EXE is a program which comes with the Windows 95/98 operating system and can be used to backup and restore long filenames.

Although it is possible for the file to be infected by a virus, it has also been the subject of a hoax which has been distributed in several languages.

Some versions of the hoax describe the suspect file as being called FNBK.EXE rather than SULFNBK.EXE

Note: The W32/Magistr-A virus is known to infect the file SULFNBK.EXE (this is unconnected with the hoax) so Sophos recommends users delete the file if they ever receive it as an email attachment.

Details on how to restore this file if it has been mistakenly deleted are described on Microsoft's website.

Here is the text of the virus hoax in English, Spanish Portuguese and Dutch:

English version 1:

IT IS IMPORTANT THAT YOU LOOK INTO YOUR COMPUTERS AND CHECK IF YOU HAVE THE FOLLOWING VIRUS: sulfnbk.exe

IF ANYBODY HAS THIS VIRUS IN C:\, DELETE IMMEDIATELY BECAUSE IT ATTACKS ON NEXT DAY 25 OF THE MONTH MAY AND WILL DELETE ALL FILES ON YOUR PC.

THIS VIRUS CAME WITH E-MAIL AND IS INVISIBLE FOR VIRUS SCANNERS. PLEASE PASS THIS MESSAGE TO OTHER PEOPLE.

English version 2:

There is another English language version of this hoax which claims that a virus will activate on 1st June 2001. Here is the text:

It was brought to my attention yesterday that a virus is in circulation via email. I looked for it and to my surprise I found it on mine. .. please follow the directions and remove it from yours TODAY!!!!!!!

I do not know how long it has been on my computer, but no Virus software can detect it. It will become active on June 1, 2001. It might be too late by then. It wipes out all files and folders on the hard drive. This virus travels thru E-mail and migrates to the 'C:\windows\command'folder. To find it and get rid of it off of your computer,do the following.

Go to the "START" button.
Go to "FIND" or "SEARCH"
Go to "FILES & FOLDERS"
Make sure the find box is searching the "C:" drive.
Type in; SULFNBK.EXE
Begin search.
If it finds it, highlight it.
Go to 'File' and delete it.
Close the find Dialog box
Open the Recycle Bin
Find the file and delete it from the Recycle bin
You should be safe.

The bad part is: You need to contact everyone you have sent ANY E-mail to in the past few months. Many major companies have found this virus on their computers. Please help your friends !!!!!!!!

DO NOT RELY ON YOUR ANTI-VIRUS SOFTWARE. McAFEE and NORTON CANNOT DETECT IT BECAUSE IT DOES NOT BECOME A VIRUS UNTIL JUNE 1ST. WHATEVER YOU DO, DO NOT OPEN THE FILE!!!

Spanish version:

Este reenvio lo recibí de un amigo hoy y es verdad o busqué con estas instrucciones y lo encontré,lo tenía sin saberlo.

No lo detecta el Norton 2001 ni McAfee, los tengo nstalado y pasó igual Un virus está llegando a través de los mails de modo oculto.

Gracias a un aviso pude detectarlo (lo tenía sin saberlo) y eliminarlo.

Buscarlo del siguiente modo:
1) Ir a Inicio
2) Luego: Buscar
3) Archivo o carpeta
4) Tipear el archivo: sulfnbk.exe
5) Eliminar (NO ABRIRLO)
6) Eliminar de la papelera de reciclaje

Gracias a estas instruciones lo eliminé..
suerte..

Portugese version:

Gente, é sério. Não deletem antes de ler. Quem me passou essa mensagem foi um amigo e o vírus SULFNBK.EXE estava escondido nos nossos computadores.
Leiam com atenção, tá?
É verdade !!!!
Eu verifiquei e tinha o virus nos computadores aqui da empresa que possuem acesso à internet.
  Não é piadinha nem pegadinha (juro!)

 "Alerta Vermelho!

Pessoal, procedimentos que deveriam ser tomados para a possível detecção do maledeto SULFNBK.EXE. e eu fui conferir só por desencargo de consciência.
Pois é...O bichinho tava lá, escondidO até do Norton, talvez esperando algum gatilho prá começar a trabalhar......

Aí vão as orientaç es que eu segui à risca e que me levaram ao tal coisinha ruím:

1 - Iniciar/Localizar Pastas. Digite o nome do animal: SULFNBK.EXE
2 - Se for encontrado, abra o Windows Explorer, vá até a pasta onde ele foi encontrado e não abra o arquivo nem em caso de incêndio, ok?
3 - Apenas delete o cara de lá.
4 - O meu estava em Windows/Command.

Sim, o Norton não detectou.
Sim, o Viruscan da Mcafee não detectou.
Não sabemos se ele faz algum estrago na máquina, mas acho que ninguém aqui vai querer testar para saber!!!!
Eu nem imaginava que tivesse hóspedes no meu PC.
Meu Norton está atualizado e o Scandisk da MCafee também!

Dutch version:

FW: DANGEROUS VIRUS

Zoek het bestand sulfnbk.exe op je harde schijf.
Indien dit erop staat onmiddelijk verwijderen. Dit is een kwaadaardig virus
bedacht door een ex medewerker van Casema.
Het virus treedt in werking op 25 mei 2001 . Het is verstuurd als onzichtbaar
bestand naar de adres lijsten van de Casema en Wanadoo abonnees waardoor het
weer automatisch doorgestuurd werd.

Het wordt door geen enkele virusscanner herkend.

Treuzel niet, zoeken en verwijderen.Ook uit je prullebak.PLEASE PASS THIS
MESSAGE TO OTHER PEOPLE.

Danish version:

Emne: Virusadvarsel

Hejsa alle sammen...... det er med blødende øjne og grædende knæ, at jeg må fortælle jer, at jeg desværre har fået en virus, og at i måske også er blevet smittet.
Denne virus er programmeret til at aktivere sig på et senere tidspunkt, derfor vil den ikke blive opdaget at et standardvirusbeskyttende program, såsom Mcafee eller Norton.
Ingen ved hvor længe den har været i omløb - muligvis i flere måneder. Når den aktiverer sig vil den slette alle filer og dokumenter i jeres harddisk.
Den spreder sig via e - mail og placerer sig i C:\WINDOWS\COMMAND.

For at finde den og slette den - følg følgende instruktion :

  1. Klik på start
  2. Vælg søg efter
  3. Vælg filer eller mapper
  4. Gå til søg alle filer og vælg lokale harddisks - i de fleste tilfælde er det C.
  5. I feltet " Navn " - skriv SULFNBK.EXE Hvis filen ikke findes i punkt 5 betyder det at du/I heldig vis ikke er blevet smittet.
  6. Hvis filen findes, marker den, men ÅBN DEN IKKE!!!!!!!!!!
  7. For at markere uden at åbne, klik på " Edit" ( Rediger ) og derefter marker alt.
  8. I menuen " Filer " - klik på slet. Her siger den en advarsel mod at slette den, men gør det alligevel.
  9. Luk dialogboksen " søg alle filer "
  10. Tøm papirkurven.
Den gode nyhed er at nu er du smittefri. Den dårlige nyhed er at du muligvis har smittet alle som du har sendt mail til i mange måneder.
Derfor bør du kontakte alle personerne i dit adressekartotek og straks sende dem denne meddelelse.

Jeg håber ikke at virusen har nået at gøre nogen skade i jeres computer.......

Important

Many virus hoaxes:

  • falsely claim to describe an extremely dangerous virus
  • use pseudo-technical language to make impressive-sounding (but impossible) claims
  • falsely claim that the report was issued or confirmed by a well-known company
  • ask you to forward it to all your friends and colleagues

As usual, you are urged not to pass on warnings of this kind, as the continued re-forwarding of these hoaxes simply wastes time and email bandwidth.

It is possible that you may receive a hoax via email with a file attached. Obviously, such file attachments should be treated with caution as they may be virus infected. Sophos recommends deleting virus hoax emails, whether they contain file attachments or not.

Sophos suggests a policy to help prevent hoaxes from spreading in your company.

[TOP]


    S|O|P|H|O|S