Surviving the SULFNBK.EXE virus hoax
By Chan Lee Meng
The Star (1st June 2001) PETALING JAYA: A "virus warning" that has been circulating all over the world in recent weeks finally came home to roost Thursday morning, panicking thousands of home and corporate users in Malaysia. However, the "warning" about the so-called SULFNBK.EXE Windows-based virus was a hoax, and SULFNBK.EXE is actually a valid MS Windows file. The hoax e-mail exhorted users to immediately delete the file because it was supposedly an undetectable virus that was supposed to activate on June 1. And of course, users were supposed to forward the message to everyone they knew. Thousands of Malaysian users who received the "warning" on May 31 apparently heeded the message and went on to delete the file, an act which may affect how the computers function. Fortunately, the file involved is not really critical. It is a Windows utility that is used to restore long file names, and is not needed for normal system operation, according to Symantec Corp, an antivirus and utility software company. If you have deleted this file, restoration is optional, according to Symantec. Just follow the instructions in the "How to restore the Sulfnbk.exe file" section below. Gullibility virus In.Tech received dozens of e-mail messages and calls inquiring about the warning. Those who contacted us at least managed to verify that it was a hoax, but a lot more people simply believed the hoax message and deleted the file. That this hoax could have worked at all reflects the widespread reach of the Internet and how quickly information (or disinformation) can spread. Some users mistakenly assume that information they pick up from the Internet is somehow more accurate or more important than other sources. This hoax can also be regarded as a form of "social engineering," which in IT circles means tricking users into revealing passwords or performing steps that compromise a system's security. A large percentage of computer users are still fairly IT-illiterate, and they are fearful of computer viruses. To make matters worse, virus-scanning software or junk e-mail filters will not raise any alarms about the message because it doesn't actually contain a virus. The e-mail itself does not contain anything potentially harmful to computers. In addition, several people who fell for the hoax said it was because the message came from friends or colleagues. Don't let your guard down Still, security experts warn that such hoaxes will continue to be created and perpetuated, and in some cases could even be malicious. For instance, the hoax message could just have easily have asked users to delete a critical system file, such as one of the numerous DLL files that Windows depends on. Antivirus vendors also stress the need for scanning software and regular updates of the software. Needless to say, you should still be wary of opening any e-mail attachments, even if they appear to be from someone you know. LINKS Symantec security updates - Hoaxes www.symantec.com/avcenter/hoax.html Details various Internet-related hoaxes, including the SULFNBK.EXE "warning" Vmyths.com vmyths.com Debunks virus hoaxes and other computer myths. Hoaxbusters hoaxbusters.ciac.org Website run by the Computer Incident Advisory Centre (CIAC) which provides details Internet hoaxes. Includes a search engine, history of Internet hoaxes, and advice on how to spot a hoax. Restoring sulfnbk.exe antivirus.about.com/compute/antivirus/library/weekly/aa052601a.htm About.com page details how to restore the file if you've deleted it. How to restore the Sulfnbk.exe file If you have deleted this file, restoration is optional. Sulfnbk.exe is a Microsoft Windows utility that is used to restore long file names. It is not needed for normal system operation. If you want to restore it, there is more than one way to do this. See the information that follows: Windows Me You can restore the file using the System Configuration Utility. 1. Click Start and then click Run. 2. Type msconfig and then press Enter. 3. Click Extract Files. The "Extract one file from installation disk" dialogue box appears. 4. In the "Specify the system file you would like to restore" box, type the following, and then click Start: c:\windows\command\sulfnbk.exe NOTE: If you installed Windows to a different location, make the appropriate substitution. The Extract File dialogue box appears. 5. Next to the "Restore from" box, click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:\Windows\Options\Install. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location. 6. Click OK and follow the prompts. Windows 98 You can restore the file using the System File Checker. 1. Click Start and then click Run. 2. Type sfc and then press Enter. 3. Click "Extract one file from installation disk." 4. In the "Specify the system file you would like to restore" box, type the following, and then click Start: c:\windows\command\sulfnbk.exe NOTE: If you installed Windows to a different location, make the appropriate substitution. The Extract File dialog box appears. 5. Next to the "Restore from" box click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:\Windows\Options\Cabs. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location. 6. Click OK and follow the prompts. Source - Symantec Corp |
