[Ravensfort] Re:"sulfnbk.exe." Virus

Charley Atchley Charley at lcc.net
Sun Dec 23 17:59:37 PST 2001 

We went through this same virus hoax a few months ago. Just a refresher
about how to deal with a suspected virus.

A few facts:
1) There is no such thing as a virus that can not be detected by Norton's or
Macaffie's anti virus products, and can be found using the file finder.

2) The anti-virus warriors spend millions trying to be the first one to
detect a new virus.

3) All of the anti-virus programs will detect virus like activity before a
rogue program can "kill your hard drive."


So what do you do if you receive an e-mail that has an .exe file attached to
it.

1) If you do not know the person who sent it, I would delete it.

2) I would go to http://www.symantec.com/ and see if I can find the file by
name. They will usually have a rogue listed within 24 hours of it hitting
the net.

3) Scan the file before you run it.

4) If you get a virus alert, then go to http://www.symantec.com/ and see if
it is a hoax or not.

5) DO NOT FOLLOW AN EMAIL'S INSTRUCTIONS AND DELETE FILES.  Go to
http://www.symantec.com/ and find the fix for the virus. The fixes that you
download will repair the registry and other things.

6) DO NOT SEND THE WARNING TO EVERYONE ON YOUR LIST. You are helping
propagate the hoax when you do this.

This is called an Aggie virus by some people, because it does not do
anything, you do all of the damage yourself.

If you have been screwed by this e-mail, I put the fix from Norton's web
site for it below.


Charley Atchley

2+8=2*5=15-5=70/7=-8+18=3+7=5+5=12-2
You got to be very careful if you don't know where you're going, because you
might not get there. --Yogi Berra

--------------------------------------------------------
How to restore the Sulfnbk.exe file
--------------------------------------------------------
If you have deleted this file, restoration is optional. Sulfnbk.exe is a
Microsoft Windows utility that is used to restore long file names. It is not
needed for normal system operation. If you want to restore it, there is more
than one way to do this. See the information that follows.

NOTE: The instructions in this document are provided for your convenience.
The extraction of Windows files uses Microsoft programs and commands.
Symantec does not provide warranty support for or assistance with Microsoft
products. If you have any questions, please see your Windows documentation
or contact Microsoft.

Windows Me
If you are using Windows Me, you can restore the file using the System
Configuration Utility.
1. Click Start and then click Run.
2. Type msconfig and then press Enter.
3. Click Extract Files. The "Extract one file from installation disk" dialog
box appears.
4. In the "Specify the system file you would like to restore" box, type the
following, and then click Start:

c:\windows\command\sulfnbk.exe

NOTE: If you installed Windows to a different location, make the appropriate
substitution.

The Extract File dialog box appears.

5. Next to the "Restore from" box, click Browse, and browse to the location
of the Windows installation files. If they were copied to the hard drive,
this is, by default, C:\Windows\Options\Install. You can also insert the
Windows installation CD in the CD-ROM drive and browse to that location.
6. Click OK and follow the prompts.


Windows 98
If you are using Windows 98, you can restore the file using the System File
Checker.
1. Click Start and then click Run.
2. Type sfc and then press Enter.
3. Click "Extract one file from installation disk."
4. In the "Specify the system file you would like to restore" box, type the
following, and then click Start:

c:\windows\command\sulfnbk.exe

NOTE: If you installed Windows to a different location, make the appropriate
substitution.

The Extract File dialog box appears.

5. Next to the "Restore from" box click Browse, and browse to the location
of the Windows installation files. If they were copied to the hard drive,
this is, by default, C:\Windows\Options\Cabs. You can also insert the
Windows installation CD in the CD-ROM drive and browse to that location.
6. Click OK and follow the prompts.

Windows 95 (or alternative method for Windows 98/Me)
If you are using Windows 95, you need to use the extract command. This can
also be used on Windows 98/Me.

1. Click Start, point to Find or Search, and then click Files or Folders.
2. Make sure that "Look in" is set to (C:) and that Include subfolders is
checked.
3. In the "Named" or "Search for..." box, type:

precopy1

4. Click Find Now or Search Now. If it does not exist on the hard drive,
then insert the Windows installation CD and repeat the search on that drive.
5. When you find the file, write down the location of Precopy1, for example,
C:\Windows\Options\Cabs. This is your Source Path.
6. The general form of the Extract command is:

extract /a <Source Path>\precopy1.cab sulfnbk.exe /L c:\windows\command

NOTE: Make sure that you include the /a switch, as shown. Depending on your
version of Windows, the Sulfnbk,exe file can be in a .cab file other than
Precopy1.cab. By using the /a switch, the Extract program will look first in
the Precopy1.cab, and if the file is not found there, it will look in all
subsequent .cab files until it is found, and can be extracted.

So if the source path is C:\Windows\Options\Cabs, then the Extract command
becomes:

extract /a c:\windows\options\cabs\precopy1.cab sulfnbk.exe /L
c:\windows\command

NOTE: If you installed Windows to a different location, make the appropriate
substitution.

7. Click Start and then click Run.
8. Type the following, making the appropriate substitutions as previously
noted

extract /a <Source Path>\precopy1.cab sulfnbk.exe /L c:\windows\command

9. Click OK.

More information about the Ravensfort mailing list