[ISN] Restoring Sulfnbk.exe

From: InfoSec News (isnat_private)
Date: Wed May 30 2001 - 02:18:37 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, May 30, 2001 (fwd)"

    http://securityportal.com/articles/sulfnbk20010529.html
    
    [I'm posting this mainly because on another list I'm on, another
    security professional (not infosec) passed an alert from the IT
    manager for the UN offices in that part of the world and a fair 
    amount of people followed the instructions on its face value on 
    how to remove the virus and started deleting sulfnbk.exe, I have 
    to think this wasn't an isolated incident.  - WK]
    
    
    By Ken Dunham (malwarehelpat_private)
    May 29, 2001 
    
    If you've been fooled by the recent Sulfnbk.exe hoax you may want to
    restore the file that you deleted from your hard drive. Follow the
    instructions below to restore Sulfnbk.exe to your drive.
    
    Important Note: If Sulfnbk.exe arrives as an email attachment you
    should consider it infected until proven otherwise - Magistr has been
    spreading under this name via email.
    
    Instructions
    
    1. Locate Precopy1.cab on the Windows 98 CD in the Win98 directory or
       from a Windows 98 DMF floppy disk (disk 1).
    
    2. Use a program like WinZip to extract the CAB file contents to the
       hard drive. 
      
       Personally, I like to copy the file to my hard drive and then
       right-click and drag the file to a new location on the desktop to
       unzip it to a new directory, using WinZip. 
    
       Note: When unzipping this file you may encounter prompts to extract
       other CAB files linked to Precopy1.cab. Cancel out other extractions
       and ignore the warnings unless this entire process fails for some
       reason.
    
    3. Locate Sulfnbk.exe within the newly extracted set of archives. Move
       it to the C:\Windows\Command location of your computer. 
    
    If you are unable to obtain Sulfnbk.exe using the instructions above
    contact your local vendor or SecurityPortal staff at
    malwarehelpat_private for additional assistance.
    
    
    
    
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Wed May 30 2001 - 02:31:48 PDT