ARIZARD-L ArchivesArchiver > ARIZARD > 2001-05 > 0991116486
From: "Ron Harper" <>
Subject: Re: [ARIZARD-L] Off Subject SULFNBK VIRUS
Date: Tue, 29 May 2001 01:08:06 -0500
I have Windows 98 and found SULFNBK.EXE in my C:\WINDOWS\COMMAND file. I had
it moved to the Recycle Bin and thought I would continue reading the List
before deleting. I believe it is a good thing I did. So I put it back where
it came from.
Was putting it back the right thing to do? Appears to me it was. Anyone know
Sandra, I think you saved my bacon! (or at least a file I might need)
----- Original Message -----
From: Sandra <>
Sent: Monday, May 28, 2001 5:13 PM
Subject: [ARIZARD-L] Off Subject SULFNBK VIRUS
> I found this article on the SULFNBK.FILE.
> So is this a hoax or how do you know if the SUFNBK.EXE FILE is infected?
> Kind confusing information! Anyone with any more information on this?
> Hoaxes. Many people believe them. Others aren't so sure but forward them
> anyway "just in case". No matter how you slice them, hoaxes are a problem
> and now they've taken a new tack. Originating in Brazil, a new hoax
> the file SULFNBK.EXE is in fact a virus and urges users to search their
> system for the presence of the file. The hoax warns, even "Norton did not
> discover it". Perhaps this is because the file is not infected.
> A word of caution. Any executable file has the potential to be infected.
> Worse, viruses like Magistr can pick certain files at random, infect it,
> send it off via email to others. So the potential also exists for the file
> SULFNBK.EXE to be plucked by Magistr. Of course, any portable executable
> EXE) file up to 132K in length could just as easily be sent, so there's no
> special distinction to the SULFNBK.EXE file.
> Just what is SULFNBK.EXE? It's a utility shipped as part of the Windows 98
> operating system that allows users to restore long file names. Thus,
> using the Windows 98 operating system would find this file on their
> If the hoax were received by these users, and believed, many might delete
> the file thinking their antivirus software had somehow failed to detect
> virus. In fact, it wouldn't be the first time signature-based scanners
> failed to detect a new virus, making the entire hoax even easier to
> If you aren't confused yet, you should be. Hoaxes survive simply by
> confusion. They provide just enough real sounding information to guarantee
> pretty high degree of faith. The more believable, the more users willing
> pass it along. Hence hoaxes are very much like a manually driven virus,
> relying on the user to deliberately pass along the "infection". In the
> of the SULFNBK.EXE warning there's a double whammy: as users pass it
> it clogs email servers and drains resources; and those who delete it may
> need the file at some point. Worse, this could be a stepping stone to a
> trend in hoax writing - targeting necessary system files, warning of dire
> consequences and instructing users to immediately delete them. If the
> files were targeted, users following the warning's instructions could find
> themselves worse off than if a "real" virus had hit. In other words,
> may soon be featuring malicious payloads deliberately executed by the
> gullible and unsuspecting user.
> Common sense provides the best cure. If you aren't sure, don't forward it.
> Forget the "just in case" excuse - it's downright dangerous. Unless the
> warning comes from a known and reputable source, send it to the Recycle
> and not to your friends and co-workers.
> Special thanks to Giordani Rodrigues, editor of InfoGuerra.com for
> details regarding this hoax. His article, in Portuguese, can be found at: