----- Original Message -----
From: "Glen Iris Technical Support" <support@vet.com.au>
To: <awfock@optushome.com.au>
Sent: Wednesday, December 19, 2001 9:12 AM
Subject: vet technical issue : ref No.200112182158370905
> ****PLEASE NOTE: Further queries on this issue may be answered by a
> different technician.****
> ****It is therefore very important that you include the full history of
this
> issue when replying so that we can provide an informed answer to your
query
> quickly.****
>
>
>
> Thanks for your email. This is a hoax a known hoax and should be ignored.
> SULFNBK.EXE
> As well as portraying all the standard hoax features (warns of a dire
> 'danger' then suggests that the receiver should send it onto all of their
> friends to minimize the damage that the 'virus' may cause) this E-mail
hoax
> advises the user to delete the file SULFNBK.EXE which it states is a
virus.
> For greater impact and added realism this hoax mentions that the
information
> contained within has been garnered from a competitor's anti-virus site.
>
> Two things should be noted about the file SULFNBK.EXE.
>
> First it is a standard utility program included with some versions of
> Windows and normally installed in the 'Command' subdirectory of the
Windows
> installation directory. It has a somewhat odd icon that often leads users
to
> be suspicious of it and this is not helped by the fact that the EXE file
> does not have an extended 'properties sheet' if right-clicked in Explorer
> and its 'Properties' viewed.
>
> Second because of its location and size and being a PE-style EXE
SULFNBK.EXE
> is commonly included as an attachment in email messages sent by the
> Win32.Magistr virus. Thus if you receive a copy of SULFNBK.EXE as an email
> attachment that could well be an infected copy of the file and an
indication
> that the sender is infected with Win32.Magitsr.
>
>
> Please don't hesitate in contacting me if you have any other queries
> regarding this issue.
> Regards,
>
> Fergus McAlpin
> support@vet.com.au
> Systems Engineer - Vet Technical Support
> http://www.vet.com.au
> Computer Associates International
> http://www.ca.com
>
> **** IMPORTANT INFORMATION ****
> It is very important to update your antivirus product often to detect new
> viruses written every day.
>
> The full version/engine is updated around once a month and is available
from
> http://www.vet.com.au/html/software/full.html
>
> The Virus Update is updated almost every day and is available from
> http://www.vet.com.au/html/software/update.html
>
>
>
> From: Andrew Fock [awfock@optushome.com.au]
> Sent: Tuesday, December 18, 2001 10:44 PM
> To: Glen Iris Technical Support
> Subject: Fw: serious virus
>
> I received this e-mail from several sources today. Is it a hoax? the file
> mentioned does exist on my computer but the latest scan says that I am
> clean.
>
> thanks
>
>
>
> Andrew Fock
>
> ----- Original Message -----
> From: "James Earl" <jeehummocks@datafast.net.au>
> To: "J.Michael Moore" <jimmoore@smartchat.net.au>;
<mg-mmm@autox.team.net>;
> <jamesearliv@hotmail.com>; "Andrew Fock" <awfock@optushome.com.au>;
"Taylor
> Family" <t.family@bigpond.com>; <Emgeeguy@aol.com>; "James Earl"
> <jeehummocks@datafast.net.au>; "isabella florence earl"
> <isabellaearl@hotmail.com>; "chloe constance earl"
<chloeearl@hotmail.com>;
> "david counsell" <d.counsell@vet.unimelb.edu.au>; "Pip Bucknell"
> <mgwizard@caloundra.net>; "Adam Berryman" <berra@jlta.com.au>; "AGS"
> <ajsloan@bigpond.net.au>; "accounts" <accounts@datafast.net.au>
> Sent: Tuesday, December 18, 2001 6:58 PM
> Subject: Fw: serious virus
>
>
> >
> >
> >
> >
> > > Return-Path: <rnortier@iserv.net>
> > > Received: from rly-xe02.mx.aol.com (rly-xe02.mail.aol.com
> > > [172.20.105.194]) by air-xe01.mail.aol.com (v82.22) with ESMTP id
> > > MAILINXE16-1215122153; Sat, 15 Dec 2001 12:21:53 -0500
> > > Received: from mail3.iserv.net (mail3.iserv.net [204.177.184.153]) by
> > > rly-xe02.mx.aol.com (v82.22) with ESMTP id
MAILRELAYINXE21-1215122138;
> > > Sat, 15 Dec 2001 12:21:38 -0500
> > > Received: from rob (tnt2-28-189.iserv.net [204.157.28.189]) by
> > > mail3.iserv.net (8.11.3/8.11.3) with SMTP id fBFHLJJ21864; Sat, 15
Dec
> > > 2001 12:21:19 -0500
> > > X-Envelope-To: JoeCurto@aol.com
> > > Message-ID: <006c01c1858e$8ea4cda0$bd1c9dcc@rob>
> > > Reply-To: "Robb Nortier" <rnortier@iserv.net>
> > > From: "Robb Nortier" <rnortier@iserv.net>
> > > To: "Gordon Wright" <newlodge@katel.net.au>, "Musson, Carl"
> > > <musson@arts.usf.edu>, <MGT1724@cs.com>, "Mary LeQuire"
> > > <marylequire@hotmail.com>, "Mario Bonafede"
> > > <MarioBonafede@atceramics.com>, "Jenni Marcel"
<Marcel.Jenni@win.ch>,
> > > "Leclerc, Lawrence" <LLeclerc@ndcourts.com>, "Kurt Lorenz"
> > > <klorenz@jps.net>, "Karen Wing" <KarenW@hermes.iserv.net>, "John
> > > Watson" <jrw4256@aol.com>, "Joann Meyer" <jrmeyer@remc8.k12.mi.us>,
> > > "Joseph Schartle \(MED, GEMS-IT\)" <Joseph.Schartle@med.ge.com>,
"John
> > > Libbert" <Jorolibb@aol.com>, <jorjsullivan@msn.com>, "Jon Reinbold"
> > > <jonreinbold@home.com>, "Jonathan Porter"
> > > <Jonathan.Porter@netdecisions.co.uk>, "John H Twist"
> > > <johntwist@universitymotorsltd.com>, "Paramo"
> > > <john@paramotools.co.uk>, <JoeCurto@aol.com>, "JIMMY WELSH"
> > > <jnwelsh@juno.com>, "jansen/bancso" <jmh.bancso@chello.nl>
> > > Subject: serious virus
> > > Date: Sat, 15 Dec 2001 12:32:59 -0500
> > > Organization: British Tool
> > > MIME-Version: 1.0
> > > X-Priority: 3
> > > X-MSMail-Priority: Normal
> > > X-Mailer: Microsoft Outlook Express 5.50.4807.1700
> > > X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
> > > X-Converted-To-Plain-Text: from multipart/alternative by demime 0.97c
> > > X-Converted-To-Plain-Text: Alternative section used was text/plain
> > >
> > > Dear Friends and e-Mail Correspondents,
> > >
> > > This is a serious e-mail. I received an e-mail from a
> > > work associate warning of a virus that was passed on
> > > to him. His PC was infected and since I was in his address
> > > book it had probably been spread to my computer. I
> > > followed the instructions and located the virus. By
> > > following the instructions, I was able to delete the
> > > virus. The bad news is that you probably have it, as
> > > you are in MY address book! More bad news is that
> > > my anti-virus program did not detect this virus.
> > >
> > > This virus lies dormant for 14 days and then kills
> > > your hard drive. Here is what to do. If you follow
> > > the instructions and then see that you have the virus,
> > > you need to send a similar e-mail to everyone in your
> > > address book.
> > >
> > > Remove the virus by following these steps:
> > >
> > > 1. Go to "Start." Then to "Find" or "Search"
> > > (depending on your computer.)
> > > 2. In the "Search for files or folders" type
> > > sulfnbk.exe -- this is the name of the virus. OR sul*.exe
> > > 3. In the "Look in" section, make sure you are
> > > searching Drive C.
> > > 4. Hit "Search" or "Find."
> > > 5. If your search finds this file, it will be an ugly
> > > blackish icon that will have the name sulfnbk.exe.
> > > DO NOT OPEN IT! If it does not show up on your
> > > first "Search," try a "New Search."
> > > 6. Right click on the file -- go down to "Delete" and
> > > left click.
> > > 7. You will be asked if you want to send the file to
> > > the Recycling Bin--say "Yes."
> > > 8. Go to your Desktop (where all your icons are) and
> > > right click on the Recycle Bin and either manually delete
> > > the sulfnbk.exe program or empty the entire bin.
> > > 9. If you found the virus on your system, send this
> > > or a similar e-mail to all in your address book
> > > because this is how it is transferred.
> > >
> > > Sorry for the trouble and my apologies for having unwittingly
> > > "infected" you, should it have been passed on to you.
> > > British Cars Web: http://www.team.net/sol
> > > MMM list subscription info: http://www.team.net/cgi-bin/majorcool
British Cars Web: http://www.team.net/sol
MMM list subscription info: http://www.team.net/cgi-bin/majorcool
|