Two New Malicious E-Mails: One Stings, the Other Doesn't - Page 3

By Jim Freund | Posted Dec 14, 2001
Page 3 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Sometimes the e-mail message will have an attachment that will claim to clean the infected file, or perhaps replace it. In all likelihood, that will be a Trojan, and should be picked up by most anti-virus programs. It should be noted that the Magistr virus can choose the SULFNBK.EXE file as its victim, infect it and send it out. So it's safe to say that under no circumstances should the executable be run.

Restoration
If you or one of your users has deleted SULFNBK.EXE, don't panic. This is a relatively obscure utility used by Windows to restore long filenames, and is not essential to the OS. However, it's always better to be safe, so if you can, take the time to restore the file.

On Windows 98:

  1. Go to Start | Run
  2. Type SFC and hit enter.
  3. Click on "Extract one file from installation disk"
  4. In the "Specify the system file you would like to restore" box, type C:\WINDOWS\COMMAND\SULFNBK.EXE and then click on "Start"
  5. On the next screen, you'll see a "Restore from" box. Type in the path to your Windows CAB files (usually C:\WINDOWS\OPTIONS\CABS). If you can't find the CAB files on your computer, insert your Windows 98 CD and then type *\Win98, replacing * with the drive letter for your CD-ROM drive.
  6. Click the OK button.

On Windows ME:

  1. Go to Start | Run.
  2. Type MSCONFIG and hit enter.
  3. Click on the "Extract File ..." button.
  4. In the "Specify the system file you would like to restore" field, type C:\WINDOWS\COMMAND\SULFNBK.EXE then click on "Start"
  5. On the next screen, you'll see a "Restore from" box. Type in the path to your Windows CAB files (usually C:\WINDOWS\OPTIONS\CABS). If you can't find the CAB files on your computer, insert your Windows ME CD and then type *\WinME, replacing * with the drive letter for your CD-ROM drive. For example, if your CD-ROM is your D drive, you would type D:\WinME
  6. Click the OK button.

And remember to remind your users that it is never wise to pass along unverified information -- it's no better than a chain letter. In the case of mass-mailers, they may not be held as accountable for passing along a virus that struck their copy of Outlook, but in this instance they are the ones who told associates to delete part of their Operating System. Their associates will be much less forgiving under those circumstances.

--
Jim Freund is the Managing Editor of CrossNodes.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter