(4/11/2002) Proof that sometimes the cure is worse than the disease, this virus hoax actually instructs you to delete an integral part of Windows to protect yourself from infection.
SAMPLE CHAIN LETTER TEXT
Subject: IMPORTANT INFO RE VIRUS I FOUND ON MY COMPUTER
WHEN I RECEIVED THE FOLLOWING INFORMATION, I CHECKED MY COMPUTER (FOLLOWING THE DIRECTIONS BELOW) AND SURE ENOUGH, THERE IT WAS. SO PLEASE TAKE A MOMENT TO READ THE FOLLOWING. I AM VERY CAREFUL NOT TO OPEN ATTACHMENTS WITH AN .EXE, BUT SOMEHOW THIS SNUCK THROUGH BOTH MCAFEE AND NORTON (WHICH WOULD MAKE SENSE IF IT DOESN'T ACTIVATE ITSELF UNTIL JUNE 1).
Subj: Virus to destroy before it activates June 1 NOT A JOKE
Subject: IMPORTANT MESSAGE ABOUT A VIRUS ! PLEASE CHECK YOUR PC'S FOR IT!
Received the following from a friend. Please follow the directions to find and delete the file. I did find this virus on my hard drive.
Virus software can not detect it. It will not become active until June 1, 2001, at that point it will become active and will be too late. It wipes out all files and folders on the hard drive. This virus travels through e-mail and migrates to the c:\windows\command folder. To find it and delete it off your computer, do the following:
Go to the START button.
Go to FIND or SEARCH
Go to FILES & FOLDERS
Make sure the find box is searching the C drive.
Type in: SULFNBK.EXE
If it finds it, highlight it and press the Del key on your keyboard. Close the find dialog box. open the Recycle Bin. Find the file and delete it from the Recycle bin. You should be safe.
The bad part is: You need to contact everyone you have sent ANY e-mail to in the past few months. I do not know how long this has been on our computers.
DO NOT RELY ON YOUR ANTI-VIRUS SOFTWARE. McAFEE NOR NORTON CAN DETECT IT BECAUSE IT DOES NOT BECOME A VIRUS UNTIL JUNE 1ST. IT WILL BE TO LATE THEN. WHATEVER YOU DO, DO NOT OPEN THE FILE!!!
END CHAIN LETTER TEXT
OK, the first red flag should be the advisory not to trust your virus software to protect you from this threat because it is somehow "time-released." As a matter of fact Symantec has had an article about this hoax in its virus encyclopedia since April 17, 2001. This warning surfaced around May, 2001.
After the initial supposed threat passed, a new version of the warning surfaced that says the virus activates after a set period of time, instead of on a specific date, and contains numerous testimonials of people who found the file and were "saved" by the warning:
SAMPLE CHAIN LETTER TEXT
I found this on my computer and have deleted it. DALE
Subject: RE: virus--you may have this one
Did you have it? I was surprised to find that I did. I have Anti-virus software, but it didn't stop this one.
I have printed these instructions so I can see if I can do this! I will let you know how I come out! I know that there a lot of different viruses out and about! Mom
A virus is being transmitted through the ADDRESS BOOK of the recipients.
I had it--I followed the procedures (below) to find it, did find that I had received it ... and was able to clean it.
Chances are that you have it because it is crossing pathways. It transfers to who ever is in your address book, lays dormant for 14 days then kills your hard drive.
Here are the directions my friend sent to stop it. It is very easy to clean:
1. go to start-then to 'find or search'
2. in the 'search for files or folders' type in sulfnbk.exe -- This is the virus
3. In the 'look in' make sure you're searching Drive C
4. Hit 'search' button (or find)
5. If this file shows up (it's an ugly blackish icon that will have the name sulfnbk.exe) DON'T OPEN IT
6. Right click on the file -- go down to delete and left click
7. It will ask if you want to send it to the recycle bin...say yes
8. Go to your desktop (where all your icons are) and double click on the recycle bin
9. Right click on sulfnbk.exe and delete again or just empty the recycle bin
If you find this...send it to everyone in your address book, because that's how it's transferred.
You may get it again, so please check again for it, periodically!
END CHAIN LETTER TEXT
Later versions have translated the text into a variety of languages, and many offer up a different file name to search for (such as jdbgmgr.exe).
If you do a search on virtually any Windows system, you will find sulfnbk.exe. It is a program file that restores long file names. Deleting the file could cause your computer to do weird things, and will make your data harder to find. More importantly, deleting the file will not protect you from some time-activated virus.
Like any executable file on your computer, sulfnbk.exe could be infected with a virus. There is a virus that arrives as an attachment named sulfnbk.exe. However, the original warning above says the file will somehow "migrate" to the appropriate folder. This is highly unlikely. The bottom line is, you should only be concerned if you find the sulfnbk.exe file in any folder other than c:\windows\command.
It's also absurd to think that a virus can be undetectable if it hasn't been "activated." Actually, the activation date, and subsequent "dormancy period" change, are recent additions to the hoax, perhaps to lend more credence to the claim that it can't be detected. The antivirus gurus at Symantec, Computer Associates, McAfee and many others identify and create counter-measures for hundreds of new viruses each week. Why should we believe that an unidentified source would know something the experts don't?
Most virus warning e-mails are false, or contain incorrect and misleading information. They rarely offer helpful instructions for preventing/removing infection. As in the case above, the advice given does enough damage on its own. If you were one of the unfortunate many who deleted the file before learning the truth, Microsoft provides step-by-step instructions for restoring it.
Randomly forwarded e-mails provide no real protection from viruses. Anti-virus software is inexpensive, readily available and provides real piece of mind. Get some, keep it updated and never forward another virus warning. Break this Chain!