1. /
  2. Security Response/
  3. SULFNBK.EXE Warning

SULFNBK.EXE Warning

Discovered:
April 17, 2001
Updated:
February 13, 2007 11:47:08 AM
Type:
Hoax

The following hoax email was first reported in Brazil, and the original email was in Portuguese. Other language versions are in circulation. Currently, the English language versions are most common.


CAUTIONS:
  • This particular email message is a hoax. The file that is mentioned in the hoax, however, Sulfnbk.exe, is a Microsoft Windows 95/98/Me utility that is used to restore long file names, and like any .exe file, it can be infected by a virus that targets .exe files.

    NOTE: The Sulfnbk.exe file is not required to run Windows. It may be necessary if you need to restore long file names if the file names become corrupted. For additional information, read the Microsoft Knowledge Base article Description of Sulfnbk.exe and How to Replace the Program File (Q301316)
  • The virus/worm W32.Magistr.24876@mm can arrive as an attachment named Sulfnbk.exe. The Sulfnbk.exe file used by Windows is located by default in the C:\Windows\Command folder.

    NOTE: The C:\Windows\Command folder is the usual default location for this file. It is possible that if you have a custom installation, or a special configuration that was installed by the computer manufacturer, the file could be in a different location.

    If the file is located in any other folder (except as noted), or arrives as an attachment to a email message, then it is possible that the file is infected. In this case, if a scan with the latest virus definitions and with NAV set to scan all files does not detect the file as being infected, quarantine and submit the file to SARC for analysis by following the instructions in the document How to submit a file to SARC using Scan and Deliver.

  • If you have deleted the Sulfnbk.exe file from the C:\Windows\Command folder and want to know how to restore the file, see the How to restore the Sulfnbk.exe file section at the end of this document.

English versions

NOTE: Several versions are shown, with the most recent ones shown first. Many more have been reported. All have the same basic theme.

Version 1

NOTE: This version of the hoax attempts to add credibility by referring to the W32.Klez.gen@mm worm. While W32.Klez.gen@mm is a very real and wide-spread threat, this email message is, itself, a hoax.


Dear Friends,
We have been unwittingly just infected with a virus from someone's email.

THIS Klez Worm VIRUS SENDS ITSELF TO ALL THE ADDRESSES IN THE ADDRESS BOOK OF THE COMPUTER IT HAS ARRIVED AT. Take the time and remove it now. The instructions are easy and I got rid of it in a few minutes. Some versions of anti virus software including Norton and Inoculate T have not been able to detect it. It is said that the virus HIDES in the computer for 2 weeks and then DAMAGES THE DISC IRREPARABLY.

The virus is called sulfnbk.exe Many apologies for the trouble it is causing.
1. Go to "Start" and click on "Find"
2. In the box, "find files or folders" type in sulfnbk.exe (the name of the virus)
3. Make sure you are searching in the C-drive (check in the box marked "Search in")
4. Click on Find
5. If the file is found you will find an ugly black icon with the name sulfnbk.exe This file is a program. DO NOT OPEN IT !!!!!!
6. Click on the RIGHT button of the mouse, on the file name, and then click on DELETE with the LEFT BUTTON OF THE MOUSE.
7. You will be asked to send this file to the recycle bin or wastebasket---respond YES
8. Open the recycle bin and eliminate the file, manually or by emptying the entire recycle bin or wastebasket.
9. If you do find this virus in your computer, send this email to all the people in your address book because the virus is transmitted in this way. (Even if you don't find the virus, you should probably still send this email to all your addresses)
10. I thought this was a joke at first but it is not and we found the ugly icon when we followed the above directions. Good luck.

Version 2
Hello! I just got this letter from my friend and yes I had the virus as well please follow the directions to see if you have the virus and then follow the directions to get rid of it. Like my friend I am sorry that I passed it along as well.

Dear All: We received a virus on a message. I followed the instructions below and found that it had been spread to our computer. I followed the instructions and located the virus and was able to delete it. The bad news is that you probably have it, as you are in My Address book! More bad news is that my anti virus program did not detect this virus. The virus lies dormant for 14 days and then "kills" your hard drive.

Here is what to do. If you follow the instructions and then see that you have the virus, you need to send a similar e-mail to everyone in your address book.

Remove the virus by following these steps:
1. Go to "Start." Then to "Find" or "Search".
2. In the "Search for files or folders" type sulfnbk.exe -- this is the name of the virus.
3. In the "Look in" section, make sure you are searching Drive C.
4. Hit "Search" or "Find".
5. If your search finds this file, it will be an ugly blackish icon that will have the name sulfnbk.exe. DO NOT OPEN IT! If it does not show up on your first "Search", try a "New Search."
6. Right click on the file -- go down to "Delete" and left click.
7. You will be asked if you want to send the file to the Recycling Bin -- say "Yes".
8. Go to your Desktop (where all your icons are) and right click on the Recycle Bin and either manually delete the sulfnbk.exe program or empty
the entire bin.
9. If you found the virus on your system, send this or a similar e-mail to all in your address book because this is how it is transferred.

Sorry for the trouble and my apologies for having unwittingly "infected" you. You'll want to check for this virus again for the next couple days
until everyone in your address book has seen it and deleted it, otherwise, being in their address book, your PC will get infected all
over again so don't forget to check!


Version 3
This is very real, and I may have passed it on to you. Check it out as below right now. Your drive may crash!!
"I had a virus which apparently attaches itself to everyone in my address book. I deleted it successfully. you may have it as well. Follow these instructions to see if you have it. It transfers to whomever is in your address book. It lies dormant for 14 days, then kills your hard drive. If you've got it send these instructions to everyone in you address book. Otherwise, it may be sent back to you by somebody else.
1. go to start-then to "find or search" 2. in the "search for files or folders" type in sulfnbk.exe - this is the name of the virus. 3. in the "look in" make sure you're searching drive C
4. hit "search" button ))or find_
5. if this file shows up (it's an ugly blackish icon that will have the name sulfnbk.exe) DON'T OPEN IT
6. right click on the file - go down to delete and left click
7. It will ask if you want to send it to the recycle bin - yes
8. go to your desktop (where all your icons are) and double-click on the recycle bin
9. right click on sulfnbk.exe and delete again or just empty the recycle bin
IF YOU FIND THIS.....SEND IT TO EVERYONE IN YOUR ADDRESS BOOK, BECAUSE THAT'S HOW IT IS TRANSFERRED.

Version 4
Do you believe that a friend of mine sent me an alert and the procedure that we have to follow for the possible infection of SULFNBK.EXE. And I had checked, just to make sure. An then... the file was there, hidden even of McAfee and Norton, maybe waiting something to start work.
Well, see bellow the procedure that I followed step by step, and I found the file:

1. Start/Find Folders. Type the file name: SULFNBK.EXE
2. If it find, open Windows Explorer, browse into the folder where the file is and delete it. Do not click with left button on the file and do not open it.
3. Just delete it
4. Mine was on Windows/Command
5. The virus from the person who gave the alert was on Windows/Config

Yes, Norton and McAfee do not detect it.
We do not know if it makes some damage on the machine, but I think that anybody will not want to test it to know, will it?
Folks, this is not fun, I deleted it from my computer.
And my definitions are updated.
Do the same, ok?

Version 5
This one has additional text stating that the virus will activate on June 1st.

It was brought to my attention yesterday that a virus is in circulation via email. I looked for it and to my surprise I found it on mine. ..
Please follow the directions and remove it from yours TODAY!!!!!!!

No Virus software can detect it.  It will become active on June 1, 2001.
It might be too late by then. It wipes out all files and folders on
the hard drive. This virus travels thru E-mail and migrates to the
'C:\windows\command' folder. 

The bad part is: You need to contact everyone you have sent ANY
E-mail to in the past few months. Many major companies have found this virus on
their computers. Please help your friends !!!!!!!!

DO NOT RELY ON YOUR ANTI-VIRUS SOFTWARE. McAFEE and NORTON CANNOT
DETECT IT BECAUSE IT DOES NOT BECOME A VIRUS UNTIL JUNE 1ST.

WHATEVER YOU DO, DO NOT OPEN THE FILE!!!

Version 6

To Those in My Address Book:

Earlier this evening I received the email below from a friend halfway around the world informing me that he had contracted a computer virus which was designed to spread to his address book. Because I am in his address book, he forwarded instructions on this very destructive virus to me - and others. I followed the instructions and determined that I had also contracted the virus, which reportedly lies dormant for 14 days and then kills the host hard drive. One must assume that it has now been spread to everyone in my address book. I AM INFORMING YOU OF THIS IN A TIMELY MANNER.

Before following his instructions, I ran the virus scan from my security service, McAfee, and it did not pick up the virus from any of my files. BUT, when I followed the instructions below, I found the virus hiding out, deleted it to the Recycle Bin and the emptied the bin. I ran the procedure again and the virus file and icon are indeed gone.

IT IS STRONGLY RECOMMENDED THAT YOU FOLLOW THE PROCEDURES BELOW AND DETERMINE IF YOUR MACHINE HAS BEEN INVADED. IF SO, FOLLOW THE REMOVAL INSTRUCTIONS.

I sincerely am sorry to cause you this trouble and for being the conduit for the spreading of this virus, but it is very important that you take the appropriate actions to protect your hard drive.

My very best wishes and sincere apology, Jane

Remove the virus by following these steps:

1. Go to 'start' then to 'find' or 'search'.
2. In the 'search for files or folders' type sulfnbk.exe this is the name of the virus.
3. In the 'look in' section, make sure you are searching the C drive.
4. Hit 'search' or 'find'.
5. If your search finds this file, it will be an ugly blackish icon that will have the name sulfnbk.exe. DO NOT OPEN IT.
6. Right click on the file - go down to 'delete' and left click.
7. You will be asked if you want to send the file to the Recycling bin - say 'yes'.
8. Go to your desktop (where all your icons are) and right click on the recycle bin and either manually delete the sulfnbk.exe program or empty the entire bin.
9. If you found this virus on your system, send this to all in your address book because this is how it is transferred.
10. If it does not show up on your first 'search' try a 'new search'.

Sorry for the trouble and our apologies for unwittingly 'infecting' you.

P.S. We are supposedly protected by the latest update of Symantec Norton Antivirus

Chinese version



Danish version

Virusen er programmeret til at aktivere sig på et senere tidspunkt, derfor vil den ikke blive opdaget af et standard virusbeskyttende program, såsom Mcafee eller Norton. Ingen ved, hvor længe den har været i omløb - muligvis i flere måneder. Når den aktiverer sig vil den slette alle filer og dokumenter på jeres harddisk. Den spreder sig via e-mail og placerer sig i C.WINDOWS/COMMAND.

For at finde den og slette den skal I gøre følgende:
1. Klik på start
2. Vælg Søg efter
3. Vælg filer eller mapper
4. Gå til Søg alle filer og vælg lokale hardiske - i de fleste
tilfælde er det C:.
5. I feltet Navn skrives SULFNBK.EXE
6. Hvis filen findes, marker den, men ÅBN DEN IKKE !!!!!!!!!
7. Højreklik på filen og vælg SLET
8. Luk dialogboksen Søg alle filer
9. Tøm papirkurven

Så er I smittefri og computeren reddet. Den dårlige nyhed er, at man muligvis har smittet alle, som man har sendt mail til i mange måneder.
Derfor bør man kontakte alle personer i ens adressekartotek og straks sende dem denne meddelelse.
Og det har jeg også gjort
PS.: Og jeg havde altså også denne luskede virus

Dutch version

"het is mogelijk dat je computer besmet is met een virus dat erop geprogrammeerd is om actief te worden gemaakt. door de "activeer vertraging" die er in gebouwd zit , wordt het niet ontdekt door o.a. mcafee en norton .
niemand weet hoe lang het virus al circuleert. mogelijk al enkele maanden. als het virus geactiveerd wordt, verwijdert het alle bestanden en
mappen van de harde schijf.

het virus verbreidt zich via e-mail en infiltreert het dossier
"c:/windows/command".

er zal dus "grote schoonmaak" moeten worden uitgevoerd indien je het virus detecteerd op je computer en op de computers van diegenen waarmee je
de laatste tijd per e-mail in contact hebt gestaan, anders blijft het een eeuwig durende cirkel.

om het te vinden en te verwijderen:

- klik op start
- vervolgens op zoeken
- kies bestanden of mappen
- ga naar zoeken en kies lokale vaste schijven of "c"
- typ op de regel "naam" : SULFNBK.EXE
- als het bestand wordt gevonden selecteer het, doch open het niet
- klik op bewerken
- vervolgens op alles selecteren
- klik op bestand
- vervolgens op verwijderen.
- sluit het venster en leeg de prullebak.

na deze operatie zit je in principe goed. maar je hebt waarschijnlijk zelf mensen besmet aan wie je e-mails hebt verzonden. mocht je dus het virus hebben waarschuw ze dan , zodat ook zij hun schijven kunnen opschonen." ]

French version

Bonjour à tous, Hello everyone!

Ceci est une alerte au VIRUS assez sérieuse.
This is a serious VIRUS alert.

Comme je vous ai envoyé des courriels dans les 3 derniers mois, je
vous
invite à vérifier s'il n'y aurait pas un dossier intitulé
SULFNBK.EXE
quelques part dans votre ordinateur.

Since I have emailed you in the last couple of month I invite you to
read
the following text carefully. Please note that, against all odds, I
had it
exactly where it was mentionned it would be...

Prenez note que ce VIRUS ( SULFNBK.EXE )est indétectable et qu'il
doit être
activé le 1er JUIN donc, vérifier immédiatement, Ne l'ouvrez PAS et
jetter
le directement à la poubelle; VIDER LA POUBELLE PAR LA SUITE.

German version

Guten Abend zusammen, wir haben heute einen Virus gefangen, der sich vervielfältigt und an alle Adressen im Adressbuch weiterversendet.

Dieser Virus "schläft" angeblich 14 Tage lang und löscht dann die Festplatte.

Um festzustellen, ob Sie auch betroffen sind, gehen Sie bitte in die Funktion "Suchen" im Startmenü und geben im Fenster "Dateien/Ordner" den Name "SULFNBK.EXE" ein.

Sollten Sie auch betroffen sein, diese Datei bitte sofort löschen und den Papierkorb leeren. Auf keinen Fall öffnen! In diesem Fall bitte diese Notiz an das gesamte Adressbuch weiterleiten.

Wir bedanken uns für Ihre Mithilfe und verbleiben mit freundlichen Grüßen aus K`he

Indonesian
Orang ini cuma sekali kirim e-mail ke saya, itupun sudah lama banget. Tapi setelah dicoba ternyata betul, virus itu hidup dalam komputerku. Dia hidup di address book. Jadi buat para pengguna pop3 based e-mail (yang pake: outlook express) harap dicek. Buat yang nggak paham bahasa Jerman, ini terjemahannya (ehm.. ehm..)

Hello - mail berikut kami terima malam ini. Kami telah terinfeksi virus, walaupun kami telah meng-install program antivirus yang akurat. Jadi tolong cek harddisc Anda. Tentang cara dan nama dari sang virus lihat teks di bawah.
Salam
Pagelli Guitars
Claudia und Claudio

Ini adalah peringatan serius! Virus tsb menghuni address book Anda. Anda ada dalam Adress book saya, jadi kemungkinan virus itu juga ada dalam Harddisc anda. Saya menemukan virus itu di hardisk saya, itu sebabnya saya hendak memberitahu anda.

(Saya juga mengirimi ini karena Anda semua ada dalam Address Book saya. Dan ya! Saya menemukan virus itu! Jadi tidak ada salahnya menghabiskan waktu maksimum 3 menit untuk membunuh virus tersebut. Jika Anda menemukan virus ini di hard drive dan Anda menggunakan POP3 based email dengan Adress book, sebaiknya Anda juga mem-forward email ini ke teman-teman Anda. Karena virus ini masuk ke address book dan otomatis mengirim dirinya sendiri lewat address book --SARDO)

Untuk menemukannya dan menghapusnya cukup mudah:
Klik 'Start' dan pilih 'Search'.
Ketik "sulfnbk.exe".
Virus ini ada di Hard drive anda, maka pilih ':C' dan tekan 'Start Search'.
Jika virus itu ada di hardisc anda, klik kanan dengan mouse dan pilih DELETE. Jangan pernah menggunakan KLIK KIRI!!!
Kemudian pilih recycle bin dan kosongkan (EMPTY RECYCLE BIN).
dengan demikian virus sudah dimusnahkan. Semoga Anda dapat memahami petunjuk ini.


Italian version

Ciao a tutti. Una mia amica mi ha mandato questa mail. Fate quello che dice. Io ho trovato il file col virus e l'ho eliminato. Spero che non lo abbiate già ricevuto, ma comunque è sempre meglio controllare!

Paola

Buon giorno a tutti. Sono spiacentissima, ma un amico mi ha appena avvisata del fatto che mi aveva passato un virus che si chiama SULFNBK.EXE, che infatti ho trovato nel mio computer, e che si autotrasmette a tutti gli indirizzi della rubrica del computer in cui si insinua. Dato che voi siete sul mio indirizzario, è robabile che anche voi abbiate ricevuto il virus. Vi mando le istruzioni per eliminarlo, perché alcune versioni di antivirus (compresa la mia) non lo trovano. Il virus se ne sta nascosto nel computer per due settimane, e poi danneggia irreparabilmente l'hard drive.
Saluti Annalisa Oliva.

ISTRUZIONI PER L'ELIMINAZIONE DEL VIRUS

1. Andate su "Start", e cliccate su "Trova"
2. Nella casella "Cerca files o folders" scrivete sulfnbk.exe, il nome del virus
3. Assicuratevi che state cercando nel Drive C (verificate nella sezione "Cerca in")
4. Cliccate su "Trova"
5. Se il file viene trovato, apparirà una brutta icona nera col nome di sulfnbk.exe. E' un file di programma. NON APRITELO! Se non appare, provate lo stesso procedimento una seconda volta.
6. Cliccate col pulsante destro del mouse sul file -andate su "elimina" e cliccate col pulsante sinistro.
7. Vi verrà chiesto se volete mandare il file al cestino - rispondete "Sì"
8. Andate al Desktop (dove ci sono tutte le icone), aprite il cestino ed eliminate il file, manualmente o svutando tutto il cestino
9. Se trovate il virus nel vostro computer, mandate questo e-mail a tutte le persone del vostro indirizzario, perché il virus si trasmette in questo modo.


Norwegian version

VIKTIG INFORMASJON:

Du er oppført i min adressebok og det betyr at du automatisk kan ha fått VIRUS på din PC. Dette aktiveres 14 dg etter at du har sjekket din postboks og ødelegger driveren til harddisken. FOR Å FJERNE VIRUSET GÅR DU FRAM PÅ FØLGENDE MÅTE:

1) KLIKK PÅ STARTMENYEN.

2)KLIKK PÅ SØK OG DERETTER SØK ETTER FILER ELLER MAPPER.

3)SKRIV "sulfnbk.exe" PÅ NAVNELINJEN OG VELG "min datamaskin" PÅ LINJEN "søk i".

4)HVIS FILEN FINNES-svart ikon: MÅ DEN IKKE ÅPNES, MEN SLETTES. HØYREKLIKK PÅ IKONET OG VELG SLETT. GÅ DERETTER I PAPIRKURVEN OG SLETT FILEN OGSÅ DER.

DERSOM DU FINNER VIRUSET PÅ DIN MASKIN, MÅ DU SENDE DENNE E-POSTEN VIDERE TIL DEM DU HAR I DIN ADRESSE-BOK!



Håper det ordner seg...

Portuguese version

Vocês acreditam que uma amiga da lista enviou um alerta e os procedimentos que deveriam ser tomados para a possível detecção do maledeto SULFNBK.EXE. e eu fui conferir só por desencargo de consciência. Pois é...O bichinho tava lá, escondidinho até da McAfee e do Norton, talvez esperando algum gatilho prá começar a trabalhar, né?
Aí vão, moçada, as orientações que eu segui à risca e que me levaram ao tal coisinha ruím:
 
1 - Iniciar/Localizar Pastas. Digite o nome do "mardito": SULFNBK.EXE
2 - Se for encontrado, abra o Windows Explorer, vá até a pasta onde ele se encontra alojado e delete-o de lá ou do próprio ambiente do Localizar; - Não click com o botão esquerdo sobre ele e não abra o arquivo nem em caso de incêndio, ok?
3 - Apenas delete o bichinho.
4 - O meu estava em Windows/Command.
5 - O vírus da pessoa que passou o aviso estava em Windows/Config.

Sim, o Norton e nem o McAfee não detectou.
Não sabemos se ele faz algum estrago na máquina, mas acho que ninguém aqui vai querer testar para saber, né?
Gente, sem brincadeiras, já tirei o meu daqui....
E nem imaginava que tivesse hóspedes no PC.
Minha vacina está super-atualizada!!!
Façam o mesmo, ok?


Spanish

HOLA A TODOS,:

HE TENIDO ESTE VIRUS Y PUESTO QUE ESTAS EN MI LIBRETA DE DIRECCIONES PUEDES TENERLO TÚ TAMBIÉN. EL VIRUS ERMANECE
DORMIDO DURANTE 14 DÍAS LUEGO DESTRUYE EL DISCO DURO.

SI LO TIENES, ENVÍA ESTE E-MAIL A TODO EL MUNDO DE TU LIBRETA DE DIRECCIONES:

INSTRUCCIONES PARA ELIMINAR EL VIRUS

1. VE A "INICIO" LUEGO A "BUSCAR"
2. EN LA "LA BUSQUEDA DE ARCHIVOS O CARPETAS" TECLEA sulfnbk.exe ESTE ES EL NOMBRE DEL VIRUS.
3. EN EL "BUSCAR" ASEGÚRATE QUE ESTAS BUSCANDO EN LA UNIDAD DE "C"
4. PULSA EL BOTON DE "BUSQUEDA"
5. SI APARECE DICHO ARCHIVO (ES UN ICONO FEO NEGRUZCO CON NOMBRE (sulfnbk.exe) NO LO ABRAS.
6. HAZ CLIC SOBRE EL ARCHIVO CON EL BOTÓN DERECHO - VE A BORARRA Y HAZ CLIC CON EL IZQUIERDO.
7. TE PEDIRÁ QUE SI QUIERES MANDARLO A LA PAPELERA DE RECICLAJE, DI QUE SI.
8. VE A TU ESCRITORIO (DONDE TIENES TODOS TUS ICONOS) Y HAZ DOBLE CLIC EN LA PAPELERA DE RECICLAJE.
9. HAZ CLIC EN EL ARCHIVO CON EL BOTÓN DERECHO EN sulfnbk.exe Y BORRALO ENTERO DE NUEVO O VACIA LA PAPELA POR COMPLETO.

SI ENCONTRARAS ESTE ARCHIVO EN TU "C", ENVÍA ESTE E-MAIL A TODAS LAS DIRECCIONES DE TU LIBRETA, PORQUE ES ASÍ COMOSE PROPAGA.

RECUERDA QUE SE ACTIVA EN 14 DÍAS DESPUÉS Y QUE DESTRUYE TU
DISCO DURO.


Swedish
Hej
Ber om ursäkt ifall att du fått samma mail flera gånger från mig. Har förmodligen förklaringen här.
Jag har fått ett mail från en vän till mig. Han meddelade mig att han fått ett virus i sin dator. Eftersom jag fanns i hans adressbok så hade viruset spridits även till min dator. Jag följde hans instruktioner och kunde lyfta ur och ta bort viruset innan det blev aktivt. Tyvärr finns risken att viruset finns i din dator eftersom du finns i min adressbok. Nu är det tydligen så att nya antivirusprogram inte upptäcker detta virus. Det här viruset ligger tydligen vilande i 14 dagar innan det aktiveras och utplånar innehållet i hårddisken.

De här instruktionerna fick jag.
1. Start-knappen, Gå till "sök"
2. "Filer eller mappar", skriv in "sulfnbk.exe" - det är namnet på viruset.
Observera att du måste söka genom [c:]
3. Tryck på "sök nu"
4. Om du hittar viruset, en ful svart ikon som heter sulfnbk.exe, ÖPPNA DEN INTE! Om den inte dyker upp på "sök" prova då för säkerhets skull "Ny sökning"
5. Högerklicka på ikonen- gå ner på "ta bort" och vänsterklicka.
6. Du kommer att få en fråga om du vill skicka filen till papperskorgen säg "ja".
7. Gå till papperskorgen och endera ta bort manuellt eller "töm" papperskorgen.
ÖPPNA DEN INTE!

Om du hittar viruset i din dator, sänd det här eller ett liknande mail till alla som finns i din adressbok för att det är via din adressbok som viruset sprids.

Bästa hälsningar


How to restore the Sulfnbk.exe file
If you have deleted this file, restoration is optional. Sulfnbk.exe is a Microsoft Windows utility that is used to restore long file names. It is not needed for normal system operation. If you want to restore it, there is more than one way to do this. See the information that follows.

NOTES:
  • The C:\Windows\Command folder is the usual default location for this file. It is possible that if you have a custom installation, or a special configuration that was installed by the computer manufacturer, the file could be in a different location.
  • The Sulfnbk.exe file is not required to run Windows. It may be necessary if you need to restore long file names if the file names become corrupted. For additional information, read the Microsoft Knowledge Base article Description of Sulfnbk.exe and How to Replace the Program File (Q301316)
  • The instructions in this document are provided for your convenience. The extraction of Windows files uses Microsoft programs and commands. Symantec does not provide warranty support for or assistance with Microsoft products. If you have any questions, please see your Windows documentation or contact Microsoft.

Windows Me
If you are using Windows Me, you can restore the file using the System Configuration Utility.
  1. Click Start and then click Run.
  2. Type msconfig and then press Enter.
  3. Click Extract Files. The "Extract one file from installation disk" dialog box appears.
  4. In the "Specify the system file you would like to restore" box, type the following, and then click Start:

    c:\windows\command\sulfnbk.exe

    NOTE: If you installed Windows to a different location, make the appropriate substitution.

    The Extract File dialog box appears.
  5. Next to the "Restore from" box, click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:\Windows\Options\Install. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.
  6. Click OK and follow the prompts.


Windows 98
If you are using Windows 98, you can restore the file using the System File Checker.
  1. Click Start and then click Run.
  2. Type sfc and then press Enter.
  3. Click "Extract one file from installation disk."
  4. In the "Specify the system file you would like to restore" box, type the following, and then click Start:

    c:\windows\command\sulfnbk.exe

    NOTE: If you installed Windows to a different location, make the appropriate substitution.

    The Extract File dialog box appears.
  5. Next to the "Restore from" box click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:\Windows\Options\Cabs. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.
  6. Click OK and follow the prompts.

Windows 95 (or alternative method for Windows 98/Me)
If you are using Windows 95, you need to use the extract command. This can also be used on Windows 98/Me.
  1. Click Start, point to Find or Search, and then click Files or Folders.
  2. Make sure that "Look in" is set to (C:) and that Include subfolders is checked.
  3. In the "Named" or "Search for..." box, type:

    precopy1
  4. Click Find Now or Search Now. If it does not exist on the hard drive, then insert the Windows installation CD and repeat the search on that drive.
  5. When you find the file, write down the location of Precopy1, for example, C:\Windows\Options\Cabs. This is your Source Path.
  6. The general form of the Extract command is:

    extract /a <Source Path>\precopy1.cab sulfnbk.exe /L c:\windows\command

    NOTE: Make sure that you include the /a switch, as shown. Depending on your version of Windows, the Sulfnbk,exe file can be in a .cab file other than Precopy1.cab. By using the /a switch, the Extract program will look first in the Precopy1.cab, and if the file is not found there, it will look in all subsequent .cab files until it is found, and can be extracted.

    So if the source path is C:\Windows\Options\Cabs, then the Extract command becomes:

    extract /a c:\windows\options\cabs\precopy1.cab sulfnbk.exe /L c:\windows\command

    NOTE: If you installed Windows to a different location, make the appropriate substitution.
  7. Click Start and then click Run.
  8. Type the following, making the appropriate substitutions as previously noted

    extract /a <Source Path>\precopy1.cab sulfnbk.exe /L c:\windows\command
  9. Click OK.

For more information on how to use the Microsoft Extract command, see the Microsoft Knowledge Base document, How to Extract Original Compressed Windows Files, Article ID: Q129605

Please ignore any messages regarding this hoax and do not pass on messages. Passing on messages about the hoax only serves to further propagate it.
Writeup By: Patrick Martin
Summary| Technical Details

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver