Magistr.A virus [Archive]

Sledge

6th July 2001, 02:11

Looks like another hoax virus warning.This from Symantec web page:http://www.symantec.com/avcenter/venc/data/sulfnbk.exe.warning.html

This particular email message is a hoax. The file that is mentioned in the hoax, however, Sulfnbk.exe, is a Microsoft Windows utility that is used to restore long file names, and like any .exe file, it can be infected by a virus that targets .exe files.
The virus/worm W32.Magistr.24876@<hidden> can arrive as an attachment named Sulfnbk.exe. The Sulfnbk.exe file used by Windows is located in the C:\Windows\Command folder. If the file is located in any other folder, or arrives as an attachment to a email message, then it is possible that the file is infected. In this case, if a scan with the latest virus definitions and with NAV set to scan all files does not detect the file as being infected, quarantine and submit the file to SARC for analysis by following the instructions in the document How to submit a file to SARC using Scan and Deliver.
If you have deleted the Sulfnbk.exe file from the C:\Windows\Command folder and want to know how to restore the file, see the How to restore the Sulfnbk.exe file section at the end of this document
SULFNBK.EXE Warning
Reported on: April 17, 2001
Last Updated on: June 28, 2001 at 09:44:22 PM PDT

Printer-friendly version

Category: Hoax

Technical description:

The following hoax email was first reported in Brazil. The original email is in Portuguese; it is followed by two English English versions and a French version.

CAUTIONS:

This particular email message is a hoax. The file that is mentioned in the hoax, however, Sulfnbk.exe, is a Microsoft Windows utility that is used to restore long file names, and like any .exe file, it can be infected by a virus that targets .exe files.
The virus/worm W32.Magistr.24876@<hidden> can arrive as an attachment named Sulfnbk.exe. The Sulfnbk.exe file used by Windows is located in the C:\Windows\Command folder. If the file is located in any other folder, or arrives as an attachment to a email message, then it is possible that the file is infected. In this case, if a scan with the latest virus definitions and with NAV set to scan all files does not detect the file as being infected, quarantine and submit the file to SARC for analysis by following the instructions in the document How to submit a file to SARC using Scan and Deliver.
If you have deleted the Sulfnbk.exe file from the C:\Windows\Command folder and want to know how to restore the file, see the How to restore the Sulfnbk.exe file section at the end of this document.

Original Portuguese version:

Vocês acreditam que uma amiga da lista enviou um alerta e os procedimentos que deveriam ser tomados para a poss'vel detecção do maledeto SULFNBK.EXE. e eu fui conferir só por desencargo de consciência. Pois é...O bichinho tava lá, escondidinho até da McAfee e do Norton, talvez esperando algum gatilho prá começar a trabalhar, né?
A' vão, moçada, as orientações que eu segui à risca e que me levaram ao tal coisinha ru'm:

1 - Iniciar/Localizar Pastas. Digite o nome do "mardito": SULFNBK.EXE
2 - Se for encontrado, abra o Windows Explorer, vá até a pasta onde ele se encontra alojado e delete-o de lá ou do próprio ambiente do Localizar; - Não click com o botão esquerdo sobre ele e não abra o arquivo nem em caso de incêndio, ok?
3 - Apenas delete o bichinho.
4 - O meu estava em Windows/Command.
5 - O v'rus da pessoa que passou o aviso estava em Windows/Config.

Sim, o Norton e nem o McAfee não detectou.
Não sabemos se ele faz algum estrago na máquina, mas acho que ninguém aqui vai querer testar para saber, né?
Gente, sem brincadeiras, já tirei o meu daqui....
E nem imaginava que tivesse hóspedes no PC.
Minha vacina está super-atualizada!!!
Façam o mesmo, ok?

Translated English version:

Do you believe that a friend of mine sent me an alert and the procedure that we have to follow for the possible infection of SULFNBK.EXE. And I had checked, just to make sure. An then... the file was there, hidden even of McAfee and Norton, maybe waiting something to start work.
Well, see bellow the procedure that I followed step by step, and I found the file:

1. Start/Find Folders. Type the file name: SULFNBK.EXE
2. If it find, open Windows Explorer, browse into the folder where the file is and delete it. Do not click with left button on the file and do not open it.
3. Just delete it
4. Mine was on Windows/Command
5. The virus from the person who gave the alert was on Windows/Config

Yes, Norton and McAfee do not detect it.
We do not know if it makes some damage on the machine, but I think that anybody will not want to test it to know, will it?
Folks, this is not fun, I deleted it from my computer.
And my definitions are updated.
Do the same, ok?

A new version of this hoax has additional text stating that the virus will activate on June 1st:

It was brought to my attention yesterday that a virus is in circulation via email. I looked for it and to my surprise I found it on mine. ..
Please follow the directions and remove it from yours TODAY!!!!!!!

No Virus software can detect it. It will become active on June 1, 2001.
It might be too late by then. It wipes out all files and folders on
the hard drive. This virus travels thru E-mail and migrates to the
'C:\windows\command' folder.

The bad part is: You need to contact everyone you have sent ANY
E-mail to in the past few months. Many major companies have found this virus on
their computers. Please help your friends !!!!!!!!

DO NOT RELY ON YOUR ANTI-VIRUS SOFTWARE. McAFEE and NORTON CANNOT
DETECT IT BECAUSE IT DOES NOT BECOME A VIRUS UNTIL JUNE 1ST.

WHATEVER YOU DO, DO NOT OPEN THE FILE!!!

The French version:

Bonjour à tous, Hello everyone!

Ceci est une alerte au VIRUS assez sérieuse.
This is a serious VIRUS alert.

Comme je vous ai envoyé des courriels dans les 3 derniers mois, je
vous
invite à vérifier s'il n'y aurait pas un dossier intitulé
SULFNBK.EXE
quelques part dans votre ordinateur.

Since I have emailed you in the last couple of month I invite you to
read
the following text carefully. Please note that, against all odds, I
had it
exactly where it was mentionned it would be...

Prenez note que ce VIRUS ( SULFNBK.EXE )est indétectable et qu'il
doit être
activé le 1er JUIN donc, vérifier immédiatement, Ne l'ouvrez PAS et
jetter
le directement à la poubelle; VIDER LA POUBELLE PAR LA SUITE.

How to restore the Sulfnbk.exe file
If you have deleted this file, restoration is optional. Sulfnbk.exe is a Microsoft Windows utility that is used to restore long file names. It is not needed for normal system operation. If you want to restore it, there is more than one way to do this. See the information that follows.

NOTE: The instructions in this document are provided for your convenience. The extraction of Windows files uses Microsoft programs and commands. Symantec does not provide warranty support for or assistance with Microsoft products. If you have any questions, please see your Windows documentation or contact Microsoft.

Windows Me
If you are using Windows Me, you can restore the file using the System Configuration Utility.
1. Click Start and then click Run.
2. Type msconfig and then press Enter.
3. Click Extract Files. The "Extract one file from installation disk" dialog box appears.
4. In the "Specify the system file you would like to restore" box, type the following, and then click Start:

c:\windows\command\sulfnbk.exe

NOTE: If you installed Windows to a different location, make the appropriate substitution.

The Extract File dialog box appears.

5. Next to the "Restore from" box, click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:\Windows\Options\Install. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.
6. Click OK and follow the prompts.

Windows 98
If you are using Windows 98, you can restore the file using the System File Checker.
1. Click Start and then click Run.
2. Type sfc and then press Enter.
3. Click "Extract one file from installation disk."
4. In the "Specify the system file you would like to restore" box, type the following, and then click Start:

c:\windows\command\sulfnbk.exe

NOTE: If you installed Windows to a different location, make the appropriate substitution.

The Extract File dialog box appears.

5. Next to the "Restore from" box click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:\Windows\Options\Cabs. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.
6. Click OK and follow the prompts.