I have received a couple of emails recently warning me about "virus files" and advising me to search for them on my hard disk and delete these files. The latest came to our company email and advised us to search for SULFNBK.EXE and delete it.

As always (smug http://www.pprune.org/ubb/NonCGI/tongue.gif ) I checked McAfee, as the file had certain attributes (yes, it was on my hard drive) that suggested it was a valid file, I went to:-
http://vil.mcafee.com/sendMail.asp?VIRUS_ID=hoax99084&NEW=YES&
and found this was another hoax.

I have mailed the guy who sent the warning and told him that I appreciate him thinking of us but that he was actually doing the job of a virus (an "Irish" one - with apologies to Celtic Emerald :) ) by advising us to delete part of the Windows installation!

Before you delete files - check with McAfee or elsewhere as this type of "do-it-yourself virus" is becoming popular!

------------------
What goes around . . .
. . often lands better!

Virus-Hoax Advisory
*************************************************
Kaspersky Labs has been receiving many messages from users about a new
alarming and dangerous virus hiding in a SULFNBK.EXE file. It is necessary
to convince users that this type of virus does not actually exist, and we
classify this as a virus hoax.

Warnings about the pseudo-virus began spreading towards the end of last
week, causing a real scare amongst users. As indicated in the message's
text concerning the "virus," it contains a SULFNBK.EXE file that is
programmed to activate the destructive payload on June 1. As is typical
when a virus hoax is making the rounds, it is reported that not one
anti-virus program is able to detect this "virus"; therefore, the only
means of ridding a computer of this threat is to erase the
SULFNBK.EXE virus-carrying file.
Contrary to this report, the SULFNBK.EXE file is absolutely safe, and
moreover is a part of the operating system included in the Windows
delivery.
The program is a Windows application used for backup files with long
file names. By deleting this file, a user causes a change in the system
function as a whole, causing several operations on the computer to be
rendered inoperable.
In addition to this, as reported by SecurityPortal.com - the popular
information center for problems regarding information safety - its experts
have been able to receive the original SULFNBK.EXE file and establish
the reason for this hoax appearance. It turned out that this file on the
user's computer, who initiated the hoax, was really infected with the
Magistr virus, currently found in the virus list of the most widespread viruses


"What we see now is the sincere wishes of users to warn their friends
and colleagues about the possibility of a dangerous virus. However, this
event confirms the famous saying, 'the road to hell is paved with good
intentions.' The attempt to warn the world about an actual dangerous
virus could cause other users to trigger a computer failure with their own
hands," commented Denis Zenkin, Head of Corporate
Communications for Kaspersky Lab.


----------------------------------------------------------------
Metropolitan Network BBS Inc. AntiViral Toolkit Pro CH
WWW: http://www.metro.ch/ http://www.avp.ch/
Email: [email protected] [email protected] * [email protected]
----------------------------------------------------------------

It's amazing how the same things crop up in different guises!

Viruses (virii?) usually want to do one or more of 3 things:
1) Cause damage to your system
2) Gather information
3) Cause damage to other systems

First of all we had code to do all this, then the clever guys realised they also cause havoc by disseminatibg the virus hoax e-mails

Think about it. You get a plausible sounding e-mail that warns you about a virus, and exhorts you to forward the e-mail to all your contacts. If you do so, it's a bit like a chain letter building up. It may not damage your machine, but if enough people forward it on then the mail system becomes clogged up. Also, after the mail has been forwarded quite a few times, it builds up quite a long list of e-mail addresses - great for someone down stream who gets it and can them use the information to start spamming you.

Now the clever guys are realisinh they can also achieve the same results with the opposite - that is an e-mail elling you that something isn't a visrus, but is safe. What a hoax!

So, beware. Don't blindly forward mails, and if you do forward something do everyone a favour and strip off all the previous recipients addresses