hwg-basics archives Jun 2001 new search results previous next

SULFNBK "Virus" (OT)

by ErthWlkr(at)aol.com

 Date:  Mon, 4 Jun 2001 06:58:26 EDT
 To:  hwg-basics(at)hwg.org
  todo: View Thread, Original 
Hi Folks:

Since the email last week about this virus, I've been reading more and more 
about it.  This morning, one of the email newsletters I received offered a 
fix:
******************************************************************************

***
How To Restore SULFNBK.EXE; And Hoax Follow-Up

The SULFNBK hoax caught a lot of people off-guard; many, many readers
succumbed to the hoax and deleted their (perfectly good) copy of
SULFNBK.EXE.

Worse, some malicious hackers immediately took advantage of the hoax to
spread a *real* virus/Trojan under the guise of offering a "free
replacement copy" of SULFNBK.EXE. I can't believe that some people fell
for this, especially after falling for the original hoax, but some did.

I won't be surprised at all if other miscreants also try to use
SULFNBK.EXE for evil intent, as some people now will blow off any
warnings involving it.

So the main lesson here is: Always, always. always keep your antivirus
tools up to date; with that--- and some common sense--- you can avoid
essentially all virus-related problems. (BTW, there are even good, FREE
antivirus tools, such as InoculateIT Personal, at
http://antivirus.cai.com/ . There's simply no excuse to go without virus
protection.)

But if you deleted SULFNBK or simply don't know if the copy you have has
been tampered with, here's the correct way to restore the pristine,
unaltered original file(s).

(BTW: This same procedure will let you restore ANY Windows system file!)
In Windows98, most system files---including the original copy of
SULFNBK.EXE--- are found in compressed CAB ("cabinet") Files on the
original Windows Setup CD or floppies. If your copy of Windows came on
CD,  you'll find SULFNBK.EXE inside the PRECOPY1.CAB is the CAB file. If
you have Win98 on floppies, SULFNBK.EXE is inside PRECOPY2.CAB on Disk 2.

Some utilities--- such as WinZip ( http://www.winzip.com ) let you treat
CAB files exactly the same as ZIP files. WinZip can open the CAB files
to let you see what's inside, mark any file for extraction, and then
extract it to the location you designate.

If you don't have WinZip or a similar easy-to-use extraction tool, you
can use the command-line EXTRACT.EXE which ships with Windows. It's
normally found in the \Windows\Command folder.

To use EXTRACT, first, open a DOS box: Click to Start/Run and type the
word COMMAND on the run line. Hit OK, and a DOS ("Command') box will
open.

Next, get your Windows CD or floppies. In the following example, we'll
assume you have a CD and that your CD drive is D:. Adjust the commands
as needed for other drives or locations.

In the DOS box, type

cd \windows\command

This gets you into the correct folder, usually C:\Windows\Command. Next,
type:

extract d:precopy1.cab sulfnbk.exe

and hit enter. (Answer "Y" if asked.) That's it--- your brand-new copy
of SULFNBK.EXE is now in Windows\Command, as it should be.

If you want to know more of what EXTRACT can do, just type EXTRACT /? in
the DOS box.
*******************************************************

- Jeff K.

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA